Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

constant alerts from antimalware program and stolen passwords


  • This topic is locked This topic is locked
31 replies to this topic

#1 avendesora

avendesora

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 14 May 2012 - 12:55 PM

Hi all,

My computer got infected after I did a stupid thing as clicking on a link from a torrent file and suddenly all my accounts started showing unusual activity and my hotmail account is now blocked because of the endless spam mails sended out to all my contacts. I tried everything ever since, scanned with various tools to no avail. Even reformatting my computer didn't help. I get alerts like this one constantly, all from different IPs: 2012/05/11 14:38:32 +0300 ELIF Samsung IP-BLOCK 94.75.253.183 (Type: outgoing, Port: 49565, Process: chrome.exe)

I don't know what to do. Please help, my DDS and HijackThis logs are below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Samsung at 20:09:22 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.6056.4401 [GMT 3:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Görüntüyü &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sayfayı &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9EC7C8D2-A55C-4114-A920-ECD3CF61B2F9} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9EC7C8D2-A55C-4114-A920-ECD3CF61B2F9}\14254594 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EC7C8D2-A55C-4114-A920-ECD3CF61B2F9}\2545C483637387D2144435C4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A3898230-03F3-4F7D-B22F-6935F404A29C} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\2at8m3ci.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-9 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-11 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-5-9 138232]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-5-9 2009704]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-10 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Ekran İçin Ses;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 129976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-14 06:55:39 -------- d-----w- C:\Users\Samsung\AppData\Local\NPE
2012-05-14 06:55:06 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-14 06:54:55 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 06:54:55 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-11 10:02:53 -------- d-----w- C:\Users\Samsung\AppData\Roaming\Malwarebytes
2012-05-11 10:02:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-11 10:02:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-11 10:02:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-11 06:32:05 -------- d-s---w- C:\ComboFix
2012-05-10 21:42:15 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-10 21:42:15 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-10 14:20:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-10 14:20:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-10 14:20:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-05-10 14:08:32 -------- d-----w- C:\Windows\System32\SPReview
2012-05-10 14:07:39 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-10 13:53:07 3584 ----a-w- C:\Windows\System32\drivers\tr-TR\tsusbflt.sys.mui
2012-05-10 13:53:07 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\rdpwd.sys.mui
2012-05-10 13:53:00 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\vwifibus.sys.mui
2012-05-10 13:51:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll
2012-05-10 13:50:59 78848 ----a-w- C:\Windows\SysWow64\iasacct.dll
2012-05-10 13:49:58 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-05-10 13:48:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-05-10 13:48:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-05-10 13:48:31 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-05-10 13:39:34 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-05-10 13:39:34 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-05-10 13:39:23 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-05-10 13:10:25 -------- d-----w- C:\Program Files (x86)\TRADOS
2012-05-10 12:44:05 -------- d-----w- C:\Program Files (x86)\MSECache
2012-05-10 12:35:45 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-10 12:35:45 -------- d-----w- C:\Windows\System32\Wat
2012-05-10 12:34:32 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-10 12:34:31 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-10 12:34:31 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-10 11:35:09 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-10 11:35:08 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-10 11:35:08 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-10 11:35:08 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-10 11:35:08 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-10 11:35:08 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-10 11:35:08 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-10 11:32:09 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-05-10 11:32:09 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-05-10 11:30:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 11:30:32 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 11:30:29 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 11:30:28 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 11:30:08 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 11:30:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 11:28:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-05-10 11:27:55 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-05-10 11:26:52 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-10 11:26:51 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-05-10 11:26:45 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 11:26:39 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-05-10 11:26:39 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-05-10 11:26:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-10 11:26:06 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-10 11:25:48 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 11:25:47 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-05-10 11:21:57 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2012-05-10 11:21:56 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:21:56 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 11:21:56 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:21:54 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 11:21:54 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 11:13:28 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-10 11:13:28 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-10 11:13:26 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-10 11:13:26 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-10 10:41:30 -------- d-----w- C:\ProgramData\boost_interprocess
2012-05-10 10:40:48 -------- d-----r- C:\Program Files (x86)\Skype
2012-05-10 10:03:52 -------- d-----w- C:\Users\Samsung\AppData\Local\ApplicationHistory
2012-05-09 20:28:15 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtsp64.sys
2012-05-09 20:28:15 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307000.009\symds64.sys
2012-05-09 20:28:15 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symnets.sys
2012-05-09 20:28:15 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtspx64.sys
2012-05-09 20:28:15 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ironx64.sys
2012-05-09 20:28:15 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys
2012-05-09 20:28:15 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symefa64.sys
2012-05-09 20:27:46 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307000.009
2012-05-09 18:45:01 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-05-09 18:45:01 497664 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2012-05-09 18:44:59 -------- d-----w- C:\Program Files (x86)\AC3Filter
2012-05-09 18:40:59 -------- d-----w- C:\Users\Samsung\AppData\Local\CrashDumps
2012-05-09 18:35:57 -------- d-----w- C:\Program Files (x86)\GNU
2012-05-09 16:05:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-09 16:05:07 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-09 16:05:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-09 16:05:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-09 16:04:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-09 15:52:29 -------- d-----w- C:\Users\Samsung\AppData\Local\Power2Go
2012-05-09 15:37:32 -------- d-----w- C:\2114c43bf619d33ab751
2012-05-09 15:24:54 -------- d-----w- C:\Windows\CheckSur
2012-05-09 15:22:45 345600 ----a-w- C:\Windows\SetLCDStretchMode.exe
2012-05-09 15:22:39 407040 ----a-w- C:\Windows\HotfixChecker.exe
2012-05-09 15:06:19 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-09 14:58:47 -------- d-----w- C:\Users\Samsung\AppData\Local\Microsoft Games
2012-05-09 14:44:23 14392507 ----a-w- C:\Windows\Samsung Astro Orbit I.scr
2012-05-09 14:44:07 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-05-09 14:44:06 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-05-09 14:44:06 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-05-09 14:44:06 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-05-09 14:44:06 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-05-09 14:44:05 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-05-09 14:44:04 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-05-09 14:43:00 -------- d-----w- C:\ProgramData\SAMSUNG
2012-05-09 14:35:59 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-05-09 14:35:59 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-05-09 14:35:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-05-09 14:35:59 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-05-09 14:35:59 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-05-09 14:35:57 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-05-09 14:35:57 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-05-09 14:34:29 -------- d-----w- C:\ProgramData\Symantec
2012-05-09 14:34:29 -------- d-----w- C:\Program Files (x86)\Symantec
2012-05-09 14:29:57 -------- d-----w- C:\Program Files\SAMSUNG
2012-05-09 14:28:45 13824 ----a-w- C:\Windows\System32\drivers\SABI.sys
2012-05-09 14:27:45 -------- d-----w- C:\Program Files (x86)\Samsung
2012-05-09 14:20:53 -------- d-----w- C:\Users\Samsung\AppData\Local\Cyberlink
2012-05-09 14:15:34 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2012-05-09 14:14:24 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-05-09 14:14:23 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-09 14:14:23 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-09 14:13:34 -------- d-----w- C:\Users\Samsung\AppData\Local\Broadcom
2012-05-09 14:07:43 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2012-05-09 14:07:42 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-05-09 14:07:42 348712 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-05-09 14:07:42 21416 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-05-09 14:07:42 138280 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-05-09 14:07:42 106536 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-05-09 14:06:57 -------- d-----w- C:\Program Files\WIDCOMM
2012-05-09 14:06:30 -------- d-----w- C:\Program Files\Elantech
2012-05-09 14:01:52 -------- d-----w- C:\Users\Samsung\AppData\Local\SRS Labs
2012-05-09 14:01:48 -------- d-----w- C:\Program Files\SRS Labs
2012-05-09 14:00:32 -------- d-----w- C:\Windows\System32\SRSLabs
2012-05-09 14:00:28 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-05-09 14:00:28 -------- d-----w- C:\Program Files\Realtek
2012-05-09 13:33:24 -------- d-----w- C:\Users\Samsung\AppData\Local\Diagnostics
2012-05-09 13:25:43 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-09 13:25:43 -------- d-----w- C:\Program Files\Symantec
2012-05-09 13:25:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-09 13:25:01 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-05-09 13:24:58 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-05-09 13:24:55 -------- d-----w- C:\ProgramData\Norton
2012-05-09 13:23:59 -------- d-----w- C:\ProgramData\NortonInstaller
2012-05-09 13:23:59 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-05-09 12:19:49 -------- d-----w- C:\Users\Samsung\Tracing
2012-05-09 12:16:37 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-05-09 12:11:56 -------- d-----w- C:\Windows\PCHEALTH
2012-05-09 12:09:03 -------- d-----w- C:\Users\Samsung\AppData\Local\Microsoft Help
2012-05-09 11:52:47 -------- d-----w- C:\ProgramData\GRETECH
2012-05-09 11:52:30 -------- d-----w- C:\Program Files (x86)\GRETECH
2012-05-09 11:51:42 8917360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2CE2558D-174F-4568-AF09-6A3E832E1909}\mpengine.dll
2012-05-09 11:51:41 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-09 11:51:41 -------- d-----w- C:\Program Files\CCleaner
2012-05-09 11:49:13 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-05-09 11:49:13 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-05-09 11:48:40 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-05-09 11:48:39 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-05-09 11:47:38 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-05-09 11:46:18 -------- d-----w- C:\EXA
2012-05-09 11:41:44 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-09 11:39:58 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-09 11:39:58 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 11:37:50 -------- d-----w- C:\Users\Samsung\AppData\Local\Google
2012-05-09 11:34:08 -------- d-----w- C:\Users\Samsung\AppData\Roaming\Intel Corporation
2012-05-09 11:34:02 -------- d-----w- C:\Windows\Panther
2012-05-09 11:33:19 -------- d-----w- C:\Windows\System32\OEM
2012-05-09 11:32:41 -------- d-----w- C:\Program Files (x86)\Cisco
2012-05-09 11:29:13 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-05-09 11:27:55 439320 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-05-09 11:26:17 -------- d-----w- C:\Windows\SysWow64\NV
2012-05-09 11:26:17 -------- d-----w- C:\Windows\System32\NV
2012-05-09 11:18:43 -------- d-----w- C:\Program Files\Common Files\Intel
2012-05-09 11:18:43 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-05-09 11:07:54 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-05-09 11:07:46 -------- d-----w- C:\Intel
2012-05-09 11:06:55 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-05-09 11:06:55 533096 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-05-09 11:06:55 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-05-09 11:06:40 -------- d-----w- C:\Program Files (x86)\Realtek
2012-05-09 10:46:05 -------- d-----w- C:\Users\Samsung\AppData\Local\VirtualStore
2012-05-08 13:28:10 4633992 ----a-w- C:\Windows\System32\ETDUI.cpl
2012-05-08 13:28:04 118664 ----a-w- C:\Windows\System32\drivers\ETD.sys
.
==================== Find3M ====================
.
2012-05-10 15:04:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-10 15:04:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 20:10:47,71 ===============


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:09, on 14.05.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Samsung\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Görüntüyü &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sayfayı &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bluetooth'a Gönder - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: &Bluetooth Aygıtına Gönder... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET Durum Hizmeti (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7812 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 15 May 2012 - 05:09 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 avendesora

avendesora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2012 - 02:16 PM

Hi Gringo, thank you so much for your help! Here are the logs from Security Check and Combofix. Btw, I normally use Norton Internet Security but I had to uninstall it in order to run Combofix. It kept giving the alert that Norton is still running even though I disabled auto protection, security wall and all background activities.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````

ComboFix 12-05-15.04 - Samsung 15.05.2012 21:55:32.1.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.6056.4910 [GMT 3:00]
Running from: c:\users\Samsung\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 18:59 . 2012-05-15 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-15 17:37 . 2012-04-18 00:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B117DD0-DA4F-4BA7-ACBE-9B6C3BA9AACA}\mpengine.dll
2012-05-14 06:55 . 2012-05-14 06:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-11 10:02 . 2012-05-11 10:02 -------- d-----w- c:\programdata\Malwarebytes
2012-05-11 10:02 . 2012-05-11 10:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 10:02 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 21:42 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-10 21:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-10 14:20 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-10 14:20 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-10 14:20 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-05-10 14:08 . 2012-05-10 14:08 -------- d-----w- c:\windows\system32\SPReview
2012-05-10 14:07 . 2012-05-10 14:07 -------- d-----w- c:\windows\system32\EventProviders
2012-05-10 13:53 . 2010-11-20 13:43 3584 ----a-w- c:\windows\system32\drivers\tr-TR\tsusbflt.sys.mui
2012-05-10 13:53 . 2010-11-20 13:41 2560 ----a-w- c:\windows\system32\drivers\tr-TR\rdpwd.sys.mui
2012-05-10 13:53 . 2010-11-20 13:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\vwifibus.sys.mui
2012-05-10 13:51 . 2010-11-20 13:27 235008 ----a-w- c:\windows\system32\winsta.dll
2012-05-10 13:50 . 2010-11-20 13:27 243712 ----a-w- c:\windows\system32\taskbarcpl.dll
2012-05-10 13:49 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-05-10 13:48 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-05-10 13:48 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-05-10 13:48 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-05-10 13:39 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-05-10 13:39 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-05-10 13:39 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-05-10 13:10 . 2012-05-10 13:10 -------- d-----w- c:\program files (x86)\TRADOS
2012-05-10 12:44 . 2012-05-10 12:44 -------- d-----w- c:\program files (x86)\MSECache
2012-05-10 12:35 . 2012-05-10 12:35 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-10 12:35 . 2012-05-10 12:35 -------- d-----w- c:\windows\system32\Wat
2012-05-10 12:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-10 12:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 12:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 11:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 11:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 11:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 11:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 11:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-10 11:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-10 11:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-10 11:32 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-10 11:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-05-10 11:30 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 11:30 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 11:30 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 11:30 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 11:30 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 11:30 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 11:28 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-10 11:27 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-05-10 11:26 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-10 11:26 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-10 11:26 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 11:26 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-10 11:26 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-10 11:26 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-10 11:26 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-10 11:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 11:25 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-05-10 11:21 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-05-10 11:21 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 11:21 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:21 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 11:21 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 11:13 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-10 11:13 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-10 11:13 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-10 11:13 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-10 10:41 . 2012-05-10 15:25 -------- d-----w- c:\programdata\boost_interprocess
2012-05-10 10:40 . 2012-05-10 10:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-10 10:40 . 2012-05-10 10:41 -------- d-----r- c:\program files (x86)\Skype
2012-05-09 18:45 . 2009-08-11 18:22 580096 ----a-w- c:\windows\system32\ac3filter64.acm
2012-05-09 18:45 . 2009-08-11 18:18 497664 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-05-09 18:44 . 2012-05-09 18:45 -------- d-----w- c:\program files (x86)\AC3Filter
2012-05-09 18:35 . 2012-05-09 18:35 -------- d-----w- c:\program files (x86)\GNU
2012-05-09 18:31 . 2012-05-09 18:31 -------- d-----w- c:\users\Public\CyberLink
2012-05-09 16:05 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-09 16:05 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 16:05 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-09 16:05 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-09 16:04 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-09 15:37 . 2012-05-09 15:37 -------- d-----w- C:\2114c43bf619d33ab751
2012-05-09 15:24 . 2012-05-09 15:24 -------- d-----w- c:\windows\CheckSur
2012-05-09 15:22 . 2011-08-09 16:31 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-05-09 15:22 . 2011-08-09 16:32 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-05-09 15:06 . 2012-05-15 18:47 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-09 14:44 . 2010-11-30 16:44 14392507 ----a-w- c:\windows\Samsung Astro Orbit I.scr
2012-05-09 14:43 . 2012-05-09 18:53 -------- d-----w- c:\programdata\SAMSUNG
2012-05-09 14:41 . 2012-05-09 14:41 -------- d-----w- c:\program files\Intel
2012-05-09 14:39 . 2012-05-10 10:41 -------- d-----w- c:\programdata\Skype
2012-05-09 14:34 . 2012-05-09 14:34 -------- d-----w- c:\programdata\Symantec
2012-05-09 14:29 . 2012-05-09 14:43 -------- d-----w- c:\program files\SAMSUNG
2012-05-09 14:28 . 2010-07-01 07:46 13824 ----a-w- c:\windows\system32\drivers\SABI.sys
2012-05-09 14:27 . 2012-05-09 14:49 -------- d-----w- c:\program files (x86)\Samsung
2012-05-09 14:15 . 2012-05-09 14:15 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2012-05-09 14:14 . 2012-05-09 14:14 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-05-09 14:14 . 2012-05-09 14:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-09 14:14 . 2012-05-09 14:14 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-09 14:14 . 2012-05-09 14:46 -------- d-----w- c:\program files (x86)\CyberLink
2012-05-09 14:14 . 2012-05-09 18:31 -------- d-----w- c:\programdata\CyberLink
2012-05-09 14:07 . 2011-08-09 16:34 22056 ----a-w- c:\windows\system32\btwcoins.dll
2012-05-09 14:07 . 2011-08-09 16:34 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-05-09 14:07 . 2011-08-09 16:34 21416 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-05-09 14:07 . 2011-08-09 16:34 138280 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-05-09 14:07 . 2011-08-09 16:34 348712 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-05-09 14:07 . 2011-08-09 16:34 106536 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-05-09 14:06 . 2012-05-09 14:06 -------- d-----w- c:\program files\WIDCOMM
2012-05-09 14:06 . 2012-05-09 14:06 -------- d-----w- c:\program files\Elantech
2012-05-09 14:01 . 2012-05-09 14:01 -------- d-----w- c:\program files\SRS Labs
2012-05-09 14:00 . 2012-05-09 14:00 -------- d-----w- c:\windows\system32\SRSLabs
2012-05-09 14:00 . 2012-05-09 14:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-05-09 14:00 . 2012-05-09 14:00 -------- d-----w- c:\program files\Realtek
2012-05-09 13:24 . 2012-05-14 06:55 -------- d-----w- c:\programdata\Norton
2012-05-09 12:18 . 2012-05-10 12:30 -------- d-----w- c:\program files (x86)\Windows Live
2012-05-09 12:16 . 2012-05-09 12:16 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-05-09 12:11 . 2012-05-10 12:57 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-05-09 12:11 . 2012-05-09 12:11 -------- d-----w- c:\windows\PCHEALTH
2012-05-09 12:09 . 2012-05-10 11:42 -------- d-----w- c:\programdata\Microsoft Help
2012-05-09 11:52 . 2012-05-09 11:52 -------- d-----w- c:\programdata\GRETECH
2012-05-09 11:52 . 2012-05-09 11:52 -------- d-----w- c:\program files (x86)\GRETECH
2012-05-09 11:51 . 2012-05-09 11:51 -------- d-----w- c:\program files\CCleaner
2012-05-09 11:51 . 2012-02-23 07:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-09 11:49 . 2009-09-04 14:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-05-09 11:49 . 2006-09-28 13:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-05-09 11:48 . 2012-05-09 11:48 -------- d-----w- c:\program files (x86)\Winamp Detect
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 15:04 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-10 15:04 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 IntcDAud;Intel® Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-07 150016]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 11613288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Görüntüyü &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sayfayı &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\2at8m3ci.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-15 22:02:01
ComboFix-quarantined-files.txt 2012-05-15 19:02
.
Pre-Run: 344.750.247.936 bayt boş
Post-Run: 344.130.445.312 bayt boş
.
- - End Of File - - C67380EAB75FCE9FD4A2121DC301CB14

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 15 May 2012 - 06:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 avendesora

avendesora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 May 2012 - 03:04 AM

Hello, thank you for the fast reply! Here are the reports from TDSSKiller and aswMBR:

10:36:50.0288 4164 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:36:52.0301 4164 ============================================================
10:36:52.0301 4164 Current date / time: 2012/05/16 10:36:52.0301
10:36:52.0301 4164 SystemInfo:
10:36:52.0301 4164
10:36:52.0301 4164 OS Version: 6.1.7601 ServicePack: 1.0
10:36:52.0301 4164 Product type: Workstation
10:36:52.0301 4164 ComputerName: ELIF
10:36:52.0301 4164 UserName: Samsung
10:36:52.0301 4164 Windows directory: C:\Windows
10:36:52.0301 4164 System windows directory: C:\Windows
10:36:52.0301 4164 Running under WOW64
10:36:52.0301 4164 Processor architecture: Intel x64
10:36:52.0301 4164 Number of processors: 8
10:36:52.0301 4164 Page size: 0x1000
10:36:52.0301 4164 Boot type: Normal boot
10:36:52.0301 4164 ============================================================
10:36:53.0424 4164 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:36:53.0424 4164 ============================================================
10:36:53.0424 4164 \Device\Harddisk0\DR0:
10:36:53.0424 4164 MBR partitions:
10:36:53.0424 4164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:36:53.0424 4164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2C2A3000
10:36:53.0424 4164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C2D5800, BlocksNum 0x2B26F800
10:36:53.0424 4164 ============================================================
10:36:53.0455 4164 C: <-> \Device\Harddisk0\DR0\Partition1
10:36:53.0502 4164 D: <-> \Device\Harddisk0\DR0\Partition2
10:36:53.0502 4164 ============================================================
10:36:53.0502 4164 Initialize success
10:36:53.0502 4164 ============================================================
10:37:26.0621 2116 ============================================================
10:37:26.0621 2116 Scan started
10:37:26.0621 2116 Mode: Manual;
10:37:26.0621 2116 ============================================================
10:37:27.0978 2116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:37:27.0978 2116 1394ohci - ok
10:37:28.0103 2116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:37:28.0118 2116 ACPI - ok
10:37:28.0134 2116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:37:28.0165 2116 AcpiPmi - ok
10:37:28.0274 2116 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:37:28.0274 2116 AdobeARMservice - ok
10:37:28.0368 2116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:37:28.0384 2116 adp94xx - ok
10:37:28.0430 2116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:37:28.0430 2116 adpahci - ok
10:37:28.0462 2116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:37:28.0462 2116 adpu320 - ok
10:37:28.0493 2116 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:37:28.0493 2116 AeLookupSvc - ok
10:37:28.0571 2116 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:37:28.0586 2116 AFD - ok
10:37:28.0633 2116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:37:28.0633 2116 agp440 - ok
10:37:28.0664 2116 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:37:28.0664 2116 ALG - ok
10:37:28.0711 2116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:37:28.0711 2116 aliide - ok
10:37:28.0727 2116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:37:28.0727 2116 amdide - ok
10:37:28.0758 2116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:37:28.0758 2116 AmdK8 - ok
10:37:28.0774 2116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:37:28.0774 2116 AmdPPM - ok
10:37:28.0805 2116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:37:28.0805 2116 amdsata - ok
10:37:28.0852 2116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:37:28.0867 2116 amdsbs - ok
10:37:28.0898 2116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:37:28.0898 2116 amdxata - ok
10:37:28.0945 2116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:37:28.0945 2116 AppID - ok
10:37:28.0976 2116 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:37:28.0976 2116 AppIDSvc - ok
10:37:29.0023 2116 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:37:29.0023 2116 Appinfo - ok
10:37:29.0101 2116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:37:29.0101 2116 arc - ok
10:37:29.0117 2116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:37:29.0132 2116 arcsas - ok
10:37:29.0195 2116 aspnet_state - ok
10:37:29.0226 2116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:37:29.0226 2116 AsyncMac - ok
10:37:29.0273 2116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:37:29.0273 2116 atapi - ok
10:37:29.0382 2116 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:37:29.0398 2116 AudioEndpointBuilder - ok
10:37:29.0413 2116 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:37:29.0429 2116 AudioSrv - ok
10:37:29.0476 2116 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:37:29.0491 2116 AxInstSV - ok
10:37:29.0554 2116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:37:29.0569 2116 b06bdrv - ok
10:37:29.0632 2116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:37:29.0632 2116 b57nd60a - ok
10:37:29.0694 2116 BCM42RLY (46a9662a946e90dbec70cf503d3b81b9) C:\Windows\system32\drivers\BCM42RLY.sys
10:37:29.0694 2116 BCM42RLY - ok
10:37:30.0193 2116 BCM43XX (43ad3d3e7674833fca9a7c4e7180ad54) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:37:30.0256 2116 BCM43XX - ok
10:37:30.0412 2116 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:37:30.0412 2116 BDESVC - ok
10:37:30.0474 2116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:37:30.0474 2116 Beep - ok
10:37:30.0583 2116 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:37:30.0599 2116 BFE - ok
10:37:31.0020 2116 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
10:37:31.0036 2116 BHDrvx64 - ok
10:37:31.0410 2116 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:37:31.0441 2116 BITS - ok
10:37:31.0519 2116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:37:31.0519 2116 blbdrive - ok
10:37:31.0644 2116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:37:31.0660 2116 bowser - ok
10:37:31.0722 2116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:37:31.0722 2116 BrFiltLo - ok
10:37:31.0738 2116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:37:31.0738 2116 BrFiltUp - ok
10:37:31.0769 2116 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:37:31.0784 2116 BridgeMP - ok
10:37:31.0847 2116 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:37:31.0847 2116 Browser - ok
10:37:31.0940 2116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:37:31.0940 2116 Brserid - ok
10:37:32.0018 2116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:37:32.0018 2116 BrSerWdm - ok
10:37:32.0065 2116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:37:32.0065 2116 BrUsbMdm - ok
10:37:32.0081 2116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:37:32.0081 2116 BrUsbSer - ok
10:37:32.0159 2116 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:37:32.0174 2116 BthEnum - ok
10:37:32.0206 2116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:37:32.0206 2116 BTHMODEM - ok
10:37:32.0299 2116 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:37:32.0299 2116 BthPan - ok
10:37:32.0440 2116 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:37:32.0455 2116 BTHPORT - ok
10:37:32.0564 2116 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:37:32.0564 2116 bthserv - ok
10:37:32.0627 2116 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:37:32.0627 2116 BTHUSB - ok
10:37:32.0767 2116 BTWAMPFL (72cc5dcc4e67e7927f94801166cfdcda) C:\Windows\system32\DRIVERS\btwampfl.sys
10:37:32.0783 2116 BTWAMPFL - ok
10:37:32.0814 2116 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\Windows\system32\drivers\btwaudio.sys
10:37:32.0814 2116 btwaudio - ok
10:37:32.0939 2116 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
10:37:32.0939 2116 btwavdt - ok
10:37:33.0376 2116 btwdins (f0af04a96ca48b869284b5dc4cdb8cbb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:37:33.0391 2116 btwdins - ok
10:37:33.0438 2116 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:37:33.0438 2116 btwl2cap - ok
10:37:33.0500 2116 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
10:37:33.0500 2116 btwrchid - ok
10:37:33.0594 2116 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys
10:37:33.0610 2116 ccSet_NIS - ok
10:37:33.0656 2116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:37:33.0656 2116 cdfs - ok
10:37:33.0734 2116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:37:33.0734 2116 cdrom - ok
10:37:33.0781 2116 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:37:33.0781 2116 CertPropSvc - ok
10:37:33.0828 2116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:37:33.0828 2116 circlass - ok
10:37:33.0906 2116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:37:33.0906 2116 CLFS - ok
10:37:33.0984 2116 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:37:34.0000 2116 clr_optimization_v2.0.50727_32 - ok
10:37:34.0062 2116 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:37:34.0062 2116 clr_optimization_v2.0.50727_64 - ok
10:37:34.0140 2116 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:37:34.0187 2116 clr_optimization_v4.0.30319_32 - ok
10:37:34.0249 2116 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:37:34.0249 2116 clr_optimization_v4.0.30319_64 - ok
10:37:34.0312 2116 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:37:34.0312 2116 clwvd - ok
10:37:34.0358 2116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:37:34.0358 2116 CmBatt - ok
10:37:34.0390 2116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:37:34.0390 2116 cmdide - ok
10:37:34.0483 2116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:37:34.0483 2116 CNG - ok
10:37:34.0530 2116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:37:34.0530 2116 Compbatt - ok
10:37:34.0577 2116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:37:34.0577 2116 CompositeBus - ok
10:37:34.0592 2116 COMSysApp - ok
10:37:34.0624 2116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:37:34.0624 2116 crcdisk - ok
10:37:34.0686 2116 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:37:34.0702 2116 CryptSvc - ok
10:37:34.0780 2116 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:37:34.0795 2116 DcomLaunch - ok
10:37:34.0858 2116 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:37:34.0873 2116 defragsvc - ok
10:37:34.0904 2116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:37:34.0904 2116 DfsC - ok
10:37:34.0982 2116 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:37:34.0998 2116 Dhcp - ok
10:37:35.0045 2116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:37:35.0045 2116 discache - ok
10:37:35.0076 2116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:37:35.0076 2116 Disk - ok
10:37:35.0138 2116 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:37:35.0154 2116 Dnscache - ok
10:37:35.0201 2116 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:37:35.0216 2116 dot3svc - ok
10:37:35.0248 2116 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:37:35.0263 2116 DPS - ok
10:37:35.0279 2116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:37:35.0279 2116 drmkaud - ok
10:37:35.0419 2116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:37:35.0435 2116 DXGKrnl - ok
10:37:35.0466 2116 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:37:35.0482 2116 EapHost - ok
10:37:35.0809 2116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:37:35.0903 2116 ebdrv - ok
10:37:36.0028 2116 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:37:36.0043 2116 eeCtrl - ok
10:37:36.0184 2116 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:37:36.0184 2116 EFS - ok
10:37:36.0277 2116 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:37:36.0293 2116 ehRecvr - ok
10:37:36.0340 2116 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:37:36.0340 2116 ehSched - ok
10:37:36.0449 2116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:37:36.0449 2116 elxstor - ok
10:37:36.0636 2116 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:37:36.0636 2116 EraserUtilRebootDrv - ok
10:37:36.0714 2116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:37:36.0714 2116 ErrDev - ok
10:37:36.0886 2116 ETD (ace57d5012b00971cce04c61cfeefae6) C:\Windows\system32\DRIVERS\ETD.sys
10:37:36.0901 2116 ETD - ok
10:37:36.0964 2116 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:37:36.0979 2116 EventSystem - ok
10:37:37.0011 2116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:37:37.0026 2116 exfat - ok
10:37:37.0057 2116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:37:37.0073 2116 fastfat - ok
10:37:37.0167 2116 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:37:37.0182 2116 Fax - ok
10:37:37.0213 2116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:37:37.0213 2116 fdc - ok
10:37:37.0245 2116 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:37:37.0260 2116 fdPHost - ok
10:37:37.0260 2116 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:37:37.0276 2116 FDResPub - ok
10:37:37.0307 2116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:37:37.0307 2116 FileInfo - ok
10:37:37.0323 2116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:37:37.0323 2116 Filetrace - ok
10:37:37.0354 2116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:37:37.0369 2116 flpydisk - ok
10:37:37.0432 2116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:37:37.0447 2116 FltMgr - ok
10:37:37.0572 2116 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:37:37.0588 2116 FontCache - ok
10:37:37.0666 2116 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:37:37.0666 2116 FontCache3.0.0.0 - ok
10:37:37.0728 2116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:37:37.0728 2116 FsDepends - ok
10:37:37.0759 2116 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:37:37.0775 2116 Fs_Rec - ok
10:37:37.0837 2116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:37:37.0837 2116 fvevol - ok
10:37:37.0884 2116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:37:37.0884 2116 gagp30kx - ok
10:37:38.0009 2116 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:37:38.0025 2116 gpsvc - ok
10:37:38.0056 2116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:37:38.0056 2116 hcw85cir - ok
10:37:38.0149 2116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:37:38.0149 2116 HdAudAddService - ok
10:37:38.0196 2116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:37:38.0196 2116 HDAudBus - ok
10:37:38.0212 2116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:37:38.0212 2116 HidBatt - ok
10:37:38.0243 2116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:37:38.0243 2116 HidBth - ok
10:37:38.0259 2116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:37:38.0259 2116 HidIr - ok
10:37:38.0290 2116 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:37:38.0290 2116 hidserv - ok
10:37:38.0337 2116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:37:38.0337 2116 HidUsb - ok
10:37:38.0383 2116 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:37:38.0399 2116 hkmsvc - ok
10:37:38.0430 2116 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:37:38.0446 2116 HomeGroupListener - ok
10:37:38.0493 2116 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:37:38.0508 2116 HomeGroupProvider - ok
10:37:38.0524 2116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:37:38.0539 2116 HpSAMD - ok
10:37:38.0649 2116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:37:38.0664 2116 HTTP - ok
10:37:38.0695 2116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:37:38.0695 2116 hwpolicy - ok
10:37:38.0742 2116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:37:38.0742 2116 i8042prt - ok
10:37:38.0820 2116 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\Windows\system32\DRIVERS\iaStor.sys
10:37:38.0836 2116 iaStor - ok
10:37:38.0992 2116 IAStorDataMgrSvc (f5c0317af600f8c0d7e4202eb04232b1) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:37:38.0992 2116 IAStorDataMgrSvc - ok
10:37:39.0085 2116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:37:39.0085 2116 iaStorV - ok
10:37:39.0163 2116 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:37:39.0163 2116 IDriverT - ok
10:37:39.0413 2116 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:37:39.0460 2116 idsvc - ok
10:37:39.0990 2116 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120512.001\IDSvia64.sys
10:37:40.0006 2116 IDSVia64 - ok
10:37:42.0845 2116 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:37:43.0173 2116 igfx - ok
10:37:43.0407 2116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:37:43.0422 2116 iirsp - ok
10:37:43.0547 2116 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:37:43.0594 2116 IKEEXT - ok
10:37:44.0124 2116 IntcAzAudAddService (b54138716ec5945bae6914ad8da086c0) C:\Windows\system32\drivers\RTKVHD64.sys
10:37:44.0155 2116 IntcAzAudAddService - ok
10:37:44.0467 2116 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:37:44.0483 2116 IntcDAud - ok
10:37:44.0530 2116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:37:44.0545 2116 intelide - ok
10:37:44.0577 2116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:37:44.0577 2116 intelppm - ok
10:37:44.0623 2116 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:37:44.0639 2116 IPBusEnum - ok
10:37:44.0670 2116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:37:44.0670 2116 IpFilterDriver - ok
10:37:44.0764 2116 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:37:44.0779 2116 iphlpsvc - ok
10:37:44.0873 2116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:37:44.0904 2116 IPMIDRV - ok
10:37:44.0998 2116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:37:44.0998 2116 IPNAT - ok
10:37:45.0029 2116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:37:45.0029 2116 IRENUM - ok
10:37:45.0076 2116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:37:45.0091 2116 isapnp - ok
10:37:45.0154 2116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:37:45.0169 2116 iScsiPrt - ok
10:37:45.0216 2116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:37:45.0216 2116 kbdclass - ok
10:37:45.0247 2116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:37:45.0279 2116 kbdhid - ok
10:37:45.0325 2116 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:37:45.0325 2116 KeyIso - ok
10:37:45.0388 2116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:37:45.0388 2116 KSecDD - ok
10:37:45.0466 2116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:37:45.0481 2116 KSecPkg - ok
10:37:45.0513 2116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:37:45.0513 2116 ksthunk - ok
10:37:45.0575 2116 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:37:45.0591 2116 KtmRm - ok
10:37:45.0653 2116 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:37:45.0653 2116 LanmanServer - ok
10:37:45.0684 2116 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:37:45.0700 2116 LanmanWorkstation - ok
10:37:45.0731 2116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:37:45.0731 2116 lltdio - ok
10:37:45.0840 2116 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:37:45.0856 2116 lltdsvc - ok
10:37:45.0903 2116 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:37:45.0903 2116 lmhosts - ok
10:37:45.0996 2116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:37:46.0012 2116 LSI_FC - ok
10:37:46.0027 2116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:37:46.0027 2116 LSI_SAS - ok
10:37:46.0059 2116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:37:46.0059 2116 LSI_SAS2 - ok
10:37:46.0074 2116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:37:46.0090 2116 LSI_SCSI - ok
10:37:46.0105 2116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:37:46.0105 2116 luafv - ok
10:37:46.0137 2116 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:37:46.0137 2116 MBAMProtector - ok
10:37:46.0355 2116 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:37:46.0371 2116 MBAMService - ok
10:37:46.0417 2116 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:37:46.0417 2116 Mcx2Svc - ok
10:37:46.0449 2116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:37:46.0449 2116 megasas - ok
10:37:46.0495 2116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:37:46.0495 2116 MegaSR - ok
10:37:46.0527 2116 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:37:46.0542 2116 MEIx64 - ok
10:37:46.0573 2116 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:37:46.0573 2116 MMCSS - ok
10:37:46.0605 2116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:37:46.0605 2116 Modem - ok
10:37:46.0636 2116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:37:46.0636 2116 monitor - ok
10:37:46.0667 2116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:37:46.0683 2116 mouclass - ok
10:37:46.0714 2116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:37:46.0714 2116 mouhid - ok
10:37:46.0761 2116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:37:46.0761 2116 mountmgr - ok
10:37:46.0839 2116 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:37:46.0839 2116 MozillaMaintenance - ok
10:37:46.0932 2116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:37:46.0948 2116 mpio - ok
10:37:46.0979 2116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:37:46.0979 2116 mpsdrv - ok
10:37:47.0119 2116 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:37:47.0151 2116 MpsSvc - ok
10:37:47.0229 2116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:37:47.0229 2116 MRxDAV - ok
10:37:47.0353 2116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:47.0369 2116 mrxsmb - ok
10:37:47.0463 2116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:47.0463 2116 mrxsmb10 - ok
10:37:47.0541 2116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:47.0541 2116 mrxsmb20 - ok
10:37:47.0556 2116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:37:47.0572 2116 msahci - ok
10:37:47.0650 2116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:37:47.0650 2116 msdsm - ok
10:37:47.0743 2116 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:37:47.0759 2116 MSDTC - ok
10:37:47.0821 2116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:37:47.0821 2116 Msfs - ok
10:37:47.0884 2116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:37:47.0884 2116 mshidkmdf - ok
10:37:47.0915 2116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:37:47.0931 2116 msisadrv - ok
10:37:48.0009 2116 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:37:48.0040 2116 MSiSCSI - ok
10:37:48.0055 2116 msiserver - ok
10:37:48.0087 2116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:37:48.0087 2116 MSKSSRV - ok
10:37:48.0102 2116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:48.0102 2116 MSPCLOCK - ok
10:37:48.0102 2116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:37:48.0102 2116 MSPQM - ok
10:37:48.0211 2116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:37:48.0227 2116 MsRPC - ok
10:37:48.0258 2116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:37:48.0274 2116 mssmbios - ok
10:37:48.0289 2116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:37:48.0289 2116 MSTEE - ok
10:37:48.0305 2116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:37:48.0305 2116 MTConfig - ok
10:37:48.0336 2116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:37:48.0336 2116 Mup - ok
10:37:48.0555 2116 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:37:48.0570 2116 napagent - ok
10:37:48.0711 2116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:37:48.0726 2116 NativeWifiP - ok
10:37:49.0023 2116 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120515.004\ENG64.SYS
10:37:49.0023 2116 NAVENG - ok
10:37:49.0615 2116 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120515.004\EX64.SYS
10:37:49.0647 2116 NAVEX15 - ok
10:37:50.0161 2116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:37:50.0193 2116 NDIS - ok
10:37:50.0224 2116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:37:50.0239 2116 NdisCap - ok
10:37:50.0255 2116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:50.0255 2116 NdisTapi - ok
10:37:50.0286 2116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:50.0286 2116 Ndisuio - ok
10:37:50.0364 2116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:50.0364 2116 NdisWan - ok
10:37:50.0395 2116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:37:50.0395 2116 NDProxy - ok
10:37:50.0427 2116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:37:50.0427 2116 NetBIOS - ok
10:37:50.0551 2116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:37:50.0567 2116 NetBT - ok
10:37:50.0629 2116 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:37:50.0629 2116 Netlogon - ok
10:37:50.0739 2116 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:37:50.0754 2116 Netman - ok
10:37:50.0848 2116 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:37:50.0863 2116 netprofm - ok
10:37:51.0019 2116 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:37:51.0035 2116 NetTcpPortSharing - ok
10:37:51.0129 2116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:37:51.0144 2116 nfrd960 - ok
10:37:51.0456 2116 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
10:37:51.0456 2116 NIS - ok
10:37:51.0534 2116 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:37:51.0550 2116 NlaSvc - ok
10:37:51.0597 2116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:37:51.0612 2116 Npfs - ok
10:37:51.0643 2116 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:37:51.0643 2116 nsi - ok
10:37:51.0643 2116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:37:51.0659 2116 nsiproxy - ok
10:37:52.0018 2116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:37:52.0080 2116 Ntfs - ok
10:37:52.0361 2116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:37:52.0361 2116 Null - ok
10:37:52.0439 2116 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:37:52.0455 2116 nusb3hub - ok
10:37:52.0657 2116 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:37:52.0673 2116 nusb3xhc - ok
10:37:56.0589 2116 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:37:56.0776 2116 nvlddmkm - ok
10:37:57.0197 2116 nvpciflt (680c5baf7d0190b1485068fc4ba75f1c) C:\Windows\system32\DRIVERS\nvpciflt.sys
10:37:57.0213 2116 nvpciflt - ok
10:37:57.0259 2116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:37:57.0275 2116 nvraid - ok
10:37:57.0369 2116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:37:57.0384 2116 nvstor - ok
10:37:57.0837 2116 NVSvc (147b0d17255fd796f990cc6f745605c5) C:\Windows\system32\nvvsvc.exe
10:37:57.0883 2116 NVSvc - ok
10:37:58.0648 2116 nvUpdatusService (812bf9531c827e1d8029843cddb2b5d6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:37:58.0710 2116 nvUpdatusService - ok
10:37:59.0053 2116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:37:59.0069 2116 nv_agp - ok
10:37:59.0209 2116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:37:59.0256 2116 ohci1394 - ok
10:37:59.0521 2116 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:37:59.0537 2116 ose - ok
10:37:59.0631 2116 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:37:59.0646 2116 p2pimsvc - ok
10:37:59.0740 2116 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:37:59.0771 2116 p2psvc - ok
10:37:59.0927 2116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:37:59.0943 2116 Parport - ok
10:37:59.0974 2116 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:37:59.0974 2116 partmgr - ok
10:38:00.0005 2116 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:38:00.0005 2116 PcaSvc - ok
10:38:00.0099 2116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:38:00.0099 2116 pci - ok
10:38:00.0161 2116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:38:00.0177 2116 pciide - ok
10:38:00.0270 2116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:38:00.0270 2116 pcmcia - ok
10:38:00.0301 2116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:38:00.0301 2116 pcw - ok
10:38:00.0504 2116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:38:00.0520 2116 PEAUTH - ok
10:38:00.0660 2116 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:38:00.0660 2116 PerfHost - ok
10:38:01.0081 2116 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:38:01.0144 2116 pla - ok
10:38:01.0284 2116 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:38:01.0315 2116 PlugPlay - ok
10:38:01.0347 2116 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:38:01.0347 2116 PNRPAutoReg - ok
10:38:01.0425 2116 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:38:01.0425 2116 PNRPsvc - ok
10:38:01.0596 2116 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:38:01.0612 2116 PolicyAgent - ok
10:38:01.0690 2116 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:38:01.0690 2116 Power - ok
10:38:01.0830 2116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:38:01.0846 2116 PptpMiniport - ok
10:38:01.0877 2116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:38:01.0893 2116 Processor - ok
10:38:01.0939 2116 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:38:01.0939 2116 ProfSvc - ok
10:38:01.0971 2116 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:38:01.0971 2116 ProtectedStorage - ok
10:38:02.0049 2116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:38:02.0064 2116 Psched - ok
10:38:02.0704 2116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:38:02.0751 2116 ql2300 - ok
10:38:03.0281 2116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:38:03.0281 2116 ql40xx - ok
10:38:03.0359 2116 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:38:03.0375 2116 QWAVE - ok
10:38:03.0421 2116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:38:03.0421 2116 QWAVEdrv - ok
10:38:03.0437 2116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:38:03.0453 2116 RasAcd - ok
10:38:03.0484 2116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:38:03.0484 2116 RasAgileVpn - ok
10:38:03.0515 2116 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:38:03.0531 2116 RasAuto - ok
10:38:03.0577 2116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:38:03.0593 2116 Rasl2tp - ok
10:38:03.0702 2116 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:38:03.0718 2116 RasMan - ok
10:38:03.0827 2116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:38:03.0827 2116 RasPppoe - ok
10:38:03.0858 2116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:38:03.0858 2116 RasSstp - ok
10:38:03.0952 2116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:38:03.0967 2116 rdbss - ok
10:38:03.0999 2116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:38:04.0014 2116 rdpbus - ok
10:38:04.0030 2116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:38:04.0030 2116 RDPCDD - ok
10:38:04.0045 2116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:38:04.0045 2116 RDPENCDD - ok
10:38:04.0077 2116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:38:04.0077 2116 RDPREFMP - ok
10:38:04.0186 2116 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:38:04.0201 2116 RDPWD - ok
10:38:04.0373 2116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:38:04.0389 2116 rdyboost - ok
10:38:04.0451 2116 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:38:04.0451 2116 RemoteAccess - ok
10:38:04.0529 2116 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:38:04.0545 2116 RemoteRegistry - ok
10:38:04.0591 2116 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:38:04.0591 2116 RFCOMM - ok
10:38:04.0810 2116 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:38:04.0825 2116 RichVideo - ok
10:38:04.0872 2116 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:38:04.0872 2116 RpcEptMapper - ok
10:38:04.0903 2116 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:38:04.0903 2116 RpcLocator - ok
10:38:05.0137 2116 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
10:38:05.0137 2116 RpcSs - ok
10:38:05.0184 2116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:38:05.0184 2116 rspndr - ok
10:38:05.0371 2116 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:38:05.0387 2116 RTL8167 - ok
10:38:05.0449 2116 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
10:38:05.0465 2116 SABI - ok
10:38:05.0496 2116 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:38:05.0496 2116 SamSs - ok
10:38:05.0605 2116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:38:05.0605 2116 sbp2port - ok
10:38:05.0652 2116 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:38:05.0668 2116 SCardSvr - ok
10:38:05.0699 2116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:38:05.0699 2116 scfilter - ok
10:38:05.0980 2116 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:38:06.0011 2116 Schedule - ok
10:38:06.0073 2116 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:38:06.0073 2116 SCPolicySvc - ok
10:38:06.0183 2116 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:38:06.0198 2116 SDRSVC - ok
10:38:06.0292 2116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:38:06.0292 2116 secdrv - ok
10:38:06.0354 2116 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:38:06.0354 2116 seclogon - ok
10:38:06.0417 2116 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:38:06.0417 2116 SENS - ok
10:38:06.0479 2116 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:38:06.0479 2116 SensrSvc - ok
10:38:06.0510 2116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:38:06.0510 2116 Serenum - ok
10:38:06.0573 2116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:38:06.0573 2116 Serial - ok
10:38:06.0604 2116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:38:06.0604 2116 sermouse - ok
10:38:06.0744 2116 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:38:06.0760 2116 SessionEnv - ok
10:38:06.0791 2116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:38:06.0807 2116 sffdisk - ok
10:38:06.0807 2116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:38:06.0807 2116 sffp_mmc - ok
10:38:06.0822 2116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:38:06.0822 2116 sffp_sd - ok
10:38:06.0869 2116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:38:06.0869 2116 sfloppy - ok
10:38:06.0947 2116 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:38:06.0947 2116 SharedAccess - ok
10:38:07.0181 2116 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:38:07.0197 2116 ShellHWDetection - ok
10:38:07.0259 2116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:38:07.0259 2116 SiSRaid2 - ok
10:38:07.0290 2116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:38:07.0290 2116 SiSRaid4 - ok
10:38:08.0866 2116 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:38:08.0959 2116 Skype C2C Service - ok
10:38:09.0131 2116 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:38:09.0131 2116 SkypeUpdate - ok
10:38:09.0490 2116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:38:09.0505 2116 Smb - ok
10:38:09.0552 2116 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:38:09.0552 2116 SNMPTRAP - ok
10:38:09.0583 2116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:38:09.0583 2116 spldr - ok
10:38:09.0708 2116 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:38:09.0739 2116 Spooler - ok
10:38:10.0613 2116 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:38:10.0707 2116 sppsvc - ok
10:38:10.0956 2116 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:38:10.0972 2116 sppuinotify - ok
10:38:11.0346 2116 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307000.009\SRTSP64.SYS
10:38:11.0362 2116 SRTSP - ok
10:38:11.0377 2116 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307000.009\SRTSPX64.SYS
10:38:11.0377 2116 SRTSPX - ok
10:38:11.0565 2116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:38:11.0580 2116 srv - ok
10:38:11.0767 2116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:38:11.0783 2116 srv2 - ok
10:38:11.0923 2116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:38:11.0939 2116 srvnet - ok
10:38:11.0986 2116 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:38:11.0986 2116 SSDPSRV - ok
10:38:12.0001 2116 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:38:12.0017 2116 SstpSvc - ok
10:38:12.0095 2116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:38:12.0095 2116 stexstor - ok
10:38:12.0438 2116 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:38:12.0454 2116 stisvc - ok
10:38:12.0485 2116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:38:12.0485 2116 swenum - ok
10:38:12.0703 2116 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:38:12.0750 2116 swprv - ok
10:38:13.0015 2116 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS
10:38:13.0031 2116 SymDS - ok
10:38:13.0468 2116 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS
10:38:13.0530 2116 SymEFA - ok
10:38:13.0608 2116 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:38:13.0608 2116 SymEvent - ok
10:38:13.0655 2116 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS
10:38:13.0655 2116 SymIRON - ok
10:38:13.0905 2116 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS
10:38:13.0920 2116 SymNetS - ok
10:38:14.0669 2116 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:38:14.0716 2116 SysMain - ok
10:38:14.0981 2116 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:38:14.0997 2116 TabletInputService - ok
10:38:15.0199 2116 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:38:15.0231 2116 TapiSrv - ok
10:38:15.0262 2116 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:38:15.0277 2116 TBS - ok
10:38:15.0745 2116 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:38:15.0808 2116 Tcpip - ok
10:38:16.0666 2116 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:38:16.0697 2116 TCPIP6 - ok
10:38:16.0978 2116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:38:16.0993 2116 tcpipreg - ok
10:38:17.0040 2116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:38:17.0056 2116 TDPIPE - ok
10:38:17.0149 2116 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:38:17.0149 2116 TDTCP - ok
10:38:17.0196 2116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:38:17.0212 2116 tdx - ok
10:38:17.0259 2116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:38:17.0274 2116 TermDD - ok
10:38:17.0461 2116 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:38:17.0493 2116 TermService - ok
10:38:17.0508 2116 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:38:17.0524 2116 Themes - ok
10:38:17.0539 2116 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:38:17.0539 2116 THREADORDER - ok
10:38:17.0586 2116 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:38:17.0586 2116 TrkWks - ok
10:38:17.0649 2116 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:38:17.0664 2116 TrustedInstaller - ok
10:38:17.0695 2116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:17.0695 2116 tssecsrv - ok
10:38:17.0742 2116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:38:17.0742 2116 TsUsbFlt - ok
10:38:17.0836 2116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:38:17.0836 2116 tunnel - ok
10:38:17.0867 2116 TurboB (48743b69ea47c020a792d8649f753f44) C:\Windows\system32\DRIVERS\TurboB.sys
10:38:17.0867 2116 TurboB - ok
10:38:18.0117 2116 TurboBoost (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:38:18.0132 2116 TurboBoost - ok
10:38:18.0163 2116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:38:18.0163 2116 uagp35 - ok
10:38:18.0273 2116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:38:18.0288 2116 udfs - ok
10:38:18.0335 2116 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:38:18.0351 2116 UI0Detect - ok
10:38:18.0522 2116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:38:18.0522 2116 uliagpkx - ok
10:38:18.0585 2116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:38:18.0600 2116 umbus - ok
10:38:18.0631 2116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:38:18.0631 2116 UmPass - ok
10:38:18.0725 2116 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:38:18.0741 2116 upnphost - ok
10:38:18.0787 2116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:18.0803 2116 usbccgp - ok
10:38:18.0865 2116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:38:18.0865 2116 usbcir - ok
10:38:18.0943 2116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:38:18.0943 2116 usbehci - ok
10:38:19.0084 2116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:38:19.0084 2116 usbhub - ok
10:38:19.0115 2116 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:38:19.0146 2116 usbohci - ok
10:38:19.0177 2116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:38:19.0177 2116 usbprint - ok
10:38:19.0224 2116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:19.0240 2116 USBSTOR - ok
10:38:19.0287 2116 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:38:19.0302 2116 usbuhci - ok
10:38:19.0380 2116 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:38:19.0380 2116 usbvideo - ok
10:38:19.0411 2116 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:38:19.0411 2116 UxSms - ok
10:38:19.0521 2116 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:38:19.0521 2116 VaultSvc - ok
10:38:19.0583 2116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:38:19.0583 2116 vdrvroot - ok
10:38:19.0770 2116 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:38:19.0801 2116 vds - ok
10:38:19.0833 2116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:19.0833 2116 vga - ok
10:38:19.0848 2116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:38:19.0864 2116 VgaSave - ok
10:38:19.0942 2116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:38:19.0942 2116 vhdmp - ok
10:38:19.0973 2116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:38:19.0973 2116 viaide - ok
10:38:20.0004 2116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:38:20.0004 2116 volmgr - ok
10:38:20.0191 2116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:38:20.0191 2116 volmgrx - ok
10:38:20.0269 2116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:38:20.0269 2116 volsnap - ok
10:38:20.0332 2116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:38:20.0363 2116 vsmraid - ok
10:38:20.0878 2116 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:38:20.0940 2116 VSS - ok
10:38:21.0252 2116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:38:21.0268 2116 vwifibus - ok
10:38:21.0315 2116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:38:21.0315 2116 vwififlt - ok
10:38:21.0424 2116 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:38:21.0439 2116 W32Time - ok
10:38:21.0486 2116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:38:21.0486 2116 WacomPen - ok
10:38:21.0658 2116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:21.0658 2116 WANARP - ok
10:38:21.0689 2116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:21.0689 2116 Wanarpv6 - ok
10:38:22.0079 2116 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:38:22.0141 2116 WatAdminSvc - ok
10:38:22.0485 2116 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:38:22.0531 2116 wbengine - ok
10:38:22.0812 2116 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:38:22.0828 2116 WbioSrvc - ok
10:38:22.0968 2116 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:38:22.0999 2116 wcncsvc - ok
10:38:23.0062 2116 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:38:23.0062 2116 WcsPlugInService - ok
10:38:23.0155 2116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:38:23.0155 2116 Wd - ok
10:38:23.0374 2116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:38:23.0389 2116 Wdf01000 - ok
10:38:23.0405 2116 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:38:23.0421 2116 WdiServiceHost - ok
10:38:23.0421 2116 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:38:23.0421 2116 WdiSystemHost - ok
10:38:23.0561 2116 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:38:23.0592 2116 WebClient - ok
10:38:23.0670 2116 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:38:23.0686 2116 Wecsvc - ok
10:38:23.0701 2116 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:38:23.0701 2116 wercplsupport - ok
10:38:23.0733 2116 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:38:23.0748 2116 WerSvc - ok
10:38:23.0842 2116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:38:23.0842 2116 WfpLwf - ok
10:38:23.0857 2116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:38:23.0889 2116 WIMMount - ok
10:38:23.0920 2116 WinDefend - ok
10:38:23.0935 2116 WinHttpAutoProxySvc - ok
10:38:24.0060 2116 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:38:24.0060 2116 Winmgmt - ok
10:38:24.0747 2116 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:38:24.0825 2116 WinRM - ok
10:38:25.0371 2116 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:38:25.0417 2116 Wlansvc - ok
10:38:25.0495 2116 wltrysvc (1daeb80c233d35f8ef285217ae386307) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
10:38:25.0511 2116 wltrysvc - ok
10:38:25.0620 2116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:38:25.0620 2116 WmiAcpi - ok
10:38:25.0823 2116 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:38:25.0839 2116 wmiApSrv - ok
10:38:25.0885 2116 WMPNetworkSvc - ok
10:38:25.0948 2116 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:38:25.0948 2116 WPCSvc - ok
10:38:25.0979 2116 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:38:25.0995 2116 WPDBusEnum - ok
10:38:26.0026 2116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:38:26.0026 2116 ws2ifsl - ok
10:38:26.0135 2116 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:38:26.0135 2116 wscsvc - ok
10:38:26.0135 2116 WSearch - ok
10:38:26.0837 2116 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:38:26.0899 2116 wuauserv - ok
10:38:27.0180 2116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:38:27.0180 2116 WudfPf - ok
10:38:27.0243 2116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:27.0243 2116 WUDFRd - ok
10:38:27.0274 2116 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:38:27.0289 2116 wudfsvc - ok
10:38:27.0336 2116 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:38:27.0352 2116 WwanSvc - ok
10:38:27.0399 2116 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:38:27.0508 2116 \Device\Harddisk0\DR0 - ok
10:38:27.0508 2116 Boot (0x1200) (b42cb25252a0556b39c8d9536c0e4c29) \Device\Harddisk0\DR0\Partition0
10:38:27.0523 2116 \Device\Harddisk0\DR0\Partition0 - ok
10:38:27.0570 2116 Boot (0x1200) (66b45880b92dc2e27dadd8be9eca4f4c) \Device\Harddisk0\DR0\Partition1
10:38:27.0570 2116 \Device\Harddisk0\DR0\Partition1 - ok
10:38:27.0601 2116 Boot (0x1200) (488cc269a8da12365337b28a34186c1e) \Device\Harddisk0\DR0\Partition2
10:38:27.0601 2116 \Device\Harddisk0\DR0\Partition2 - ok
10:38:27.0601 2116 ============================================================
10:38:27.0601 2116 Scan finished
10:38:27.0601 2116 ============================================================
10:38:27.0617 1580 Detected object count: 0
10:38:27.0617 1580 Actual detected object count: 0
10:39:02.0421 4940 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 10:42:34
-----------------------------
10:42:34.969 OS Version: Windows x64 6.1.7601 Service Pack 1
10:42:34.969 Number of processors: 8 586 0x2A07
10:42:34.971 ComputerName: ELIF UserName:
10:42:37.549 Initialize success
10:44:23.908 AVAST engine defs: 12051501
10:44:38.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:44:38.333 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
10:44:38.392 Disk 0 MBR read successfully
10:44:38.399 Disk 0 MBR scan
10:44:38.409 Disk 0 Windows 7 default MBR code
10:44:38.422 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:44:38.441 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 361798 MB offset 206848
10:44:38.474 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 353503 MB offset 741169152
10:44:38.515 Disk 0 scanning C:\Windows\system32\drivers
10:44:50.598 Service scanning
10:45:25.309 Modules scanning
10:45:25.328 Disk 0 trace - called modules:
10:45:25.354 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:45:25.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de9790]
10:45:25.380 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f3c050]
10:45:27.840 AVAST engine scan C:\Windows
10:45:34.551 AVAST engine scan C:\Windows\system32
10:49:26.875 AVAST engine scan C:\Windows\system32\drivers
10:49:59.099 AVAST engine scan C:\Users\Samsung
10:51:05.702 AVAST engine scan C:\ProgramData
10:51:45.114 Scan finished successfully
10:52:00.111 Disk 0 MBR has been saved successfully to "C:\Users\Samsung\Desktop\MBR.dat"
10:52:00.123 The log file has been saved successfully to "C:\Users\Samsung\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 16 May 2012 - 05:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 avendesora

avendesora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 May 2012 - 06:43 AM

Hello, report from ComboFix is below. I still get these attacks from random IPs occasionally, is this normal? Thank you for your help!

ComboFix 12-05-16.01 - Samsung 16.05.2012 14:07:17.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.6056.4281 [GMT 3:00]
Running from: c:\users\Samsung\Desktop\ComboFix.exe
Command switches used :: c:\users\Samsung\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 11:15 . 2012-05-16 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 09:31 . 2012-05-16 09:31 -------- d-----w- c:\windows\tr
2012-05-16 09:29 . 2012-05-16 09:29 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-05-16 09:27 . 2012-05-16 09:27 -------- d-----w- c:\program files\Windows Live
2012-05-16 09:25 . 2009-09-04 14:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-05-16 09:25 . 2009-09-04 14:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-05-16 09:25 . 2009-09-04 14:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-05-16 09:25 . 2009-09-04 14:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-05-16 09:24 . 2006-11-29 10:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-05-16 09:24 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-05-16 09:22 . 2012-05-16 09:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 17:37 . 2012-04-18 00:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B117DD0-DA4F-4BA7-ACBE-9B6C3BA9AACA}\mpengine.dll
2012-05-14 06:55 . 2012-05-14 06:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-11 10:02 . 2012-05-11 10:02 -------- d-----w- c:\programdata\Malwarebytes
2012-05-11 10:02 . 2012-05-11 10:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 10:02 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 21:42 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-10 21:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-10 14:20 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-10 14:20 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-10 14:20 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-05-10 14:08 . 2012-05-10 14:08 -------- d-----w- c:\windows\system32\SPReview
2012-05-10 14:07 . 2012-05-10 14:07 -------- d-----w- c:\windows\system32\EventProviders
2012-05-10 13:53 . 2010-11-20 13:43 3584 ----a-w- c:\windows\system32\drivers\tr-TR\tsusbflt.sys.mui
2012-05-10 13:53 . 2010-11-20 13:41 2560 ----a-w- c:\windows\system32\drivers\tr-TR\rdpwd.sys.mui
2012-05-10 13:53 . 2010-11-20 13:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\vwifibus.sys.mui
2012-05-10 13:51 . 2010-11-20 13:27 235008 ----a-w- c:\windows\system32\winsta.dll
2012-05-10 13:50 . 2010-11-20 13:27 243712 ----a-w- c:\windows\system32\taskbarcpl.dll
2012-05-10 13:49 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-05-10 13:48 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-05-10 13:48 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-05-10 13:48 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-05-10 13:39 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-05-10 13:39 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-05-10 13:39 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-05-10 13:10 . 2012-05-10 13:10 -------- d-----w- c:\program files (x86)\TRADOS
2012-05-10 12:44 . 2012-05-10 12:44 -------- d-----w- c:\program files (x86)\MSECache
2012-05-10 12:35 . 2012-05-10 12:35 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-10 12:35 . 2012-05-10 12:35 -------- d-----w- c:\windows\system32\Wat
2012-05-10 12:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-10 12:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 12:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 11:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 11:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 11:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 11:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 11:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-10 11:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-10 11:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-10 11:32 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-10 11:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-05-10 11:30 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 11:30 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 11:30 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 11:30 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 11:30 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 11:30 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 11:28 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-10 11:27 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-05-10 11:26 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-10 11:26 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-10 11:26 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 11:26 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-10 11:26 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-10 11:26 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-10 11:26 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-10 11:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 11:25 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-05-10 11:21 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-05-10 11:21 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 11:21 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:21 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 11:21 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 11:13 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-10 11:13 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-10 11:13 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-10 11:13 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-10 10:41 . 2012-05-10 15:25 -------- d-----w- c:\programdata\boost_interprocess
2012-05-10 10:40 . 2012-05-10 10:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-10 10:40 . 2012-05-10 10:41 -------- d-----r- c:\program files (x86)\Skype
2012-05-09 18:45 . 2009-08-11 18:22 580096 ----a-w- c:\windows\system32\ac3filter64.acm
2012-05-09 18:45 . 2009-08-11 18:18 497664 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-05-09 18:44 . 2012-05-09 18:45 -------- d-----w- c:\program files (x86)\AC3Filter
2012-05-09 18:35 . 2012-05-09 18:35 -------- d-----w- c:\program files (x86)\GNU
2012-05-09 18:31 . 2012-05-09 18:31 -------- d-----w- c:\users\Public\CyberLink
2012-05-09 16:05 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-09 16:05 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 16:05 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-09 16:05 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-09 16:04 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-09 15:37 . 2012-05-09 15:37 -------- d-----w- C:\2114c43bf619d33ab751
2012-05-09 15:24 . 2012-05-09 15:24 -------- d-----w- c:\windows\CheckSur
2012-05-09 15:22 . 2011-08-09 16:31 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-05-09 15:22 . 2011-08-09 16:32 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-05-09 15:06 . 2012-05-16 10:59 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-09 14:44 . 2010-11-30 16:44 14392507 ----a-w- c:\windows\Samsung Astro Orbit I.scr
2012-05-09 14:43 . 2012-05-09 18:53 -------- d-----w- c:\programdata\SAMSUNG
2012-05-09 14:41 . 2012-05-09 14:41 -------- d-----w- c:\program files\Intel
2012-05-09 14:39 . 2012-05-10 10:41 -------- d-----w- c:\programdata\Skype
2012-05-09 14:34 . 2012-05-09 14:34 -------- d-----w- c:\programdata\Symantec
2012-05-09 14:29 . 2012-05-09 14:43 -------- d-----w- c:\program files\SAMSUNG
2012-05-09 14:28 . 2010-07-01 07:46 13824 ----a-w- c:\windows\system32\drivers\SABI.sys
2012-05-09 14:27 . 2012-05-09 14:49 -------- d-----w- c:\program files (x86)\Samsung
2012-05-09 14:15 . 2012-05-09 14:15 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2012-05-09 14:14 . 2012-05-09 14:14 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-05-09 14:14 . 2012-05-09 14:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-09 14:14 . 2012-05-09 14:14 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-09 14:14 . 2012-05-09 14:46 -------- d-----w- c:\program files (x86)\CyberLink
2012-05-09 14:14 . 2012-05-09 18:31 -------- d-----w- c:\programdata\CyberLink
2012-05-09 14:07 . 2011-08-09 16:34 22056 ----a-w- c:\windows\system32\btwcoins.dll
2012-05-09 14:07 . 2011-08-09 16:34 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-05-09 14:07 . 2011-08-09 16:34 21416 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-05-09 14:07 . 2011-08-09 16:34 138280 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-05-09 14:07 . 2011-08-09 16:34 348712 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-05-09 14:07 . 2011-08-09 16:34 106536 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-05-09 14:06 . 2012-05-09 14:06 -------- d-----w- c:\program files\WIDCOMM
2012-05-09 14:06 . 2012-05-09 14:06 -------- d-----w- c:\program files\Elantech
2012-05-09 14:01 . 2012-05-09 14:01 -------- d-----w- c:\program files\SRS Labs
2012-05-09 14:00 . 2012-05-09 14:00 -------- d-----w- c:\windows\system32\SRSLabs
2012-05-09 14:00 . 2012-05-09 14:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-05-09 14:00 . 2012-05-09 14:00 -------- d-----w- c:\program files\Realtek
2012-05-09 13:24 . 2012-05-16 11:00 -------- d-----w- c:\programdata\Norton
2012-05-09 12:18 . 2012-05-16 09:29 -------- d-----w- c:\program files (x86)\Windows Live
2012-05-09 12:16 . 2012-05-09 12:16 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 09:26 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-10 15:04 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-10 15:04 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 15:50 . 2012-03-08 15:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 15:37 . 2012-03-08 15:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-15_18.59.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-09 11:21 . 2012-05-15 19:31 35560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-16 11:02 32230 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-09 10:41 . 2012-05-14 14:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-09 10:41 . 2012-05-16 07:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-09 10:41 . 2012-05-14 14:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-09 10:41 . 2012-05-16 07:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-16 07:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-14 14:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-16 11:03 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-16 09:29 . 2012-05-16 09:29 23552 c:\windows\Installer\665d18.msp
+ 2012-05-16 09:28 . 2012-05-16 09:28 29696 c:\windows\Installer\665d13.msi
+ 2012-05-16 09:28 . 2012-05-16 09:28 60928 c:\windows\Installer\665d0e.msp
+ 2012-05-16 09:21 . 2012-05-16 09:21 29184 c:\windows\Installer\665cb6.msp
+ 2012-05-16 09:21 . 2012-05-16 09:21 69120 c:\windows\Installer\665cb0.msi
+ 2012-05-16 09:22 . 2012-05-16 09:22 39936 c:\windows\Installer\665b67.msp
+ 2012-05-16 09:22 . 2012-05-16 09:22 74240 c:\windows\Installer\665b62.msi
+ 2012-05-16 09:22 . 2012-05-16 09:22 26112 c:\windows\Installer\665b5e.msi
+ 2010-03-31 20:41 . 2010-03-31 20:41 41984 c:\windows\Installer\665b4f.msi
+ 2012-05-16 09:29 . 2012-05-16 09:29 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-05-16 09:31 . 2012-05-16 09:31 89440 c:\windows\Installer\{95140000-007A-041F-0000-0000000FF1CE}\OLCIcon.exe
+ 2012-05-16 09:23 . 2012-05-16 09:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 86376 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startuplang.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 93552 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXImageTranscode.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 56176 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewer.exe
+ 2010-09-22 21:37 . 2010-09-22 21:37 12144 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.SubscribePlugins.dll
+ 2010-09-22 21:37 . 2010-09-22 21:37 11632 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.PublishPlugins.dll
+ 2010-09-22 21:33 . 2010-09-22 21:33 68976 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoCameraAutoPlayManager.exe
+ 2010-09-22 21:33 . 2010-09-22 21:33 98160 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoAcquireWizardResources.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 49008 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeShellExt.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 18288 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeControlHostPS.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 19312 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoGalleryRepair.exe
+ 2010-09-22 21:32 . 2010-09-22 21:32 78704 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoClassic.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 82288 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoCinematic.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 19824 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXCodecHostPS.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 46960 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXCodecHost.exe
+ 2010-09-22 21:32 . 2010-09-22 21:32 51568 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\PhotoViewerShimx64.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 43376 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\PhotoViewerShim.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 14704 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\NPWLPG.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 42864 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\AlbumDownloadProtocolHandler.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 17264 c:\windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502\MovieMakerPreviewClient.dll
+ 2012-05-09 11:10 . 2012-05-16 11:02 8036 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3238748116-4089550959-2454182330-1000_UserData.bin
- 2012-05-15 18:53 . 2012-05-15 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-16 11:01 . 2012-05-16 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-15 18:53 . 2012-05-15 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-16 11:01 . 2012-05-16 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-22 21:17 . 2010-09-22 21:17 9576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingslang.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 9064 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorLang.dll
+ 2011-03-28 17:31 . 2011-03-28 17:31 209280 c:\windows\SysWOW64\LIVESSP.DLL
+ 2010-07-11 12:47 . 2010-07-11 12:47 453456 c:\windows\SysWOW64\d3dx10_41.dll
+ 2012-05-10 07:58 . 2012-05-16 08:42 230854 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-03-28 18:11 . 2011-03-28 18:11 252800 c:\windows\system32\LIVESSP.DLL
- 2009-07-14 05:01 . 2012-05-15 18:52 394292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-16 11:00 394292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-16 09:28 . 2012-05-16 09:28 158208 c:\windows\Installer\665d09.msi
+ 2012-05-16 09:28 . 2012-05-16 09:28 513024 c:\windows\Installer\665cf4.msp
+ 2012-05-16 09:28 . 2012-05-16 09:28 665600 c:\windows\Installer\665ceb.msp
+ 2012-05-16 09:27 . 2012-05-16 09:27 469504 c:\windows\Installer\665cd1.msp
+ 2012-05-16 09:21 . 2012-05-16 09:21 628736 c:\windows\Installer\665cc3.msp
+ 2012-05-16 09:27 . 2012-05-16 09:27 205824 c:\windows\Installer\665cac.msp
+ 2012-05-16 09:27 . 2012-05-16 09:27 775168 c:\windows\Installer\665ca3.msi
+ 2012-05-16 09:23 . 2012-05-16 09:23 715264 c:\windows\Installer\665be2.msp
+ 2012-05-16 09:23 . 2012-05-16 09:23 136704 c:\windows\Installer\665bb5.msp
+ 2012-05-16 09:23 . 2012-05-16 09:23 429056 c:\windows\Installer\665bb0.msi
+ 2012-05-16 09:23 . 2012-05-16 09:23 147968 c:\windows\Installer\665bac.msi
+ 2010-09-22 21:17 . 2010-09-22 21:17 827240 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlupdate.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 618856 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlstartup.exe
+ 2010-09-22 21:17 . 2010-09-22 21:17 138600 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsres.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 552296 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlshim.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 265576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingsres.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 493928 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettings.exe
+ 2010-09-22 21:17 . 2010-09-22 21:17 166248 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlbici.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 476008 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorRes.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 345960 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelector.exe
+ 2010-09-22 21:32 . 2010-09-22 21:32 822128 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewerCore.dll
+ 2010-09-22 21:37 . 2010-09-22 21:37 104304 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\SubscribePluginsInterop.dll
+ 2010-09-22 21:37 . 2010-09-22 21:37 103792 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\PublishPluginsInterop.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 489840 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoTrim.dll
+ 2010-09-22 21:33 . 2010-09-22 21:33 684400 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoAcquireWizard.exe
+ 2010-09-22 21:32 . 2010-09-22 21:32 139120 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVAFilt.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 501616 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXSlideshow.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 117616 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeControlHost.exe
+ 2010-09-22 21:32 . 2010-09-22 21:32 731504 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPipetran.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 745328 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPipeline.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 785264 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoLibraryDatabase.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 131440 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoGallery.exe
+ 2010-09-22 21:32 . 2010-09-22 21:32 246640 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoAcquireWizard.exe
+ 2010-09-22 21:32 . 2010-09-22 21:32 301936 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPGSS.SCR
+ 2010-09-22 21:32 . 2010-09-22 21:32 173424 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXMP4Parser.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 130928 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXGrinderScheduler.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 191344 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXDSPA.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 237936 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\wlxclip.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 383344 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXAlbumDownloadWizard.exe
+ 2012-05-16 09:29 . 2012-05-16 09:29 236392 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2010-07-11 12:47 . 2010-07-11 12:47 1846632 c:\windows\SysWOW64\D3DCompiler_41.dll
+ 2009-07-14 04:45 . 2012-05-16 11:03 7115155 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-11 09:45 7115155 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-16 09:29 . 2012-05-16 09:29 3101184 c:\windows\Installer\665d1c.msi
+ 2012-05-16 09:28 . 2012-05-16 09:28 2147328 c:\windows\Installer\665d04.msp
+ 2012-05-16 09:28 . 2012-05-16 09:28 4263424 c:\windows\Installer\665cf9.msi
+ 2012-05-16 09:28 . 2012-05-16 09:28 5568512 c:\windows\Installer\665cef.msi
+ 2012-05-16 09:28 . 2012-05-16 09:28 4805120 c:\windows\Installer\665ce5.msi
+ 2012-05-16 09:27 . 2012-05-16 09:27 5126144 c:\windows\Installer\665ce0.msp
+ 2012-05-16 09:27 . 2012-05-16 09:27 6669312 c:\windows\Installer\665cd6.msi
+ 2012-05-16 09:27 . 2012-05-16 09:27 1072640 c:\windows\Installer\665cc7.msi
+ 2012-05-16 09:21 . 2012-05-16 09:21 1519616 c:\windows\Installer\665cba.msi
+ 2012-05-16 09:27 . 2012-05-16 09:27 3734016 c:\windows\Installer\665c9e.msp
+ 2012-05-16 09:25 . 2012-05-16 09:25 1819136 c:\windows\Installer\665c60.msi
+ 2012-05-16 09:25 . 2012-05-16 09:25 2957312 c:\windows\Installer\665c5c.msp
+ 2012-05-16 09:25 . 2012-05-16 09:25 8313856 c:\windows\Installer\665c42.msi
+ 2012-05-16 09:25 . 2012-05-16 09:25 5868544 c:\windows\Installer\665c3e.msp
+ 2012-05-16 09:25 . 2012-05-16 09:25 3734016 c:\windows\Installer\665c23.msi
+ 2012-05-16 09:24 . 2012-05-16 09:24 3664384 c:\windows\Installer\665c1f.msi
+ 2012-05-16 09:24 . 2012-05-16 09:24 5535744 c:\windows\Installer\665c1a.msp
+ 2012-05-16 09:24 . 2012-05-16 09:24 3312128 c:\windows\Installer\665c02.msp
+ 2012-05-16 09:24 . 2012-05-16 09:24 8332288 c:\windows\Installer\665be6.msi
+ 2012-05-16 09:23 . 2012-05-16 09:23 2310656 c:\windows\Installer\665bda.msi
+ 2012-05-16 09:23 . 2012-05-16 09:23 1139712 c:\windows\Installer\665bd6.msp
+ 2012-05-16 09:23 . 2012-05-16 09:23 4004864 c:\windows\Installer\665bbf.msi
+ 2012-05-16 09:23 . 2012-05-16 09:23 2343936 c:\windows\Installer\665ba8.msi
+ 2012-05-16 09:23 . 2012-05-16 09:23 4680704 c:\windows\Installer\665ba0.msi
+ 2012-05-16 09:21 . 2012-05-16 09:21 2932224 c:\windows\Installer\665b9c.msp
+ 2012-05-16 09:21 . 2012-05-16 09:21 7710720 c:\windows\Installer\665b7e.msi
+ 2012-05-16 09:21 . 2012-05-16 09:21 4426240 c:\windows\Installer\665b7a.msp
+ 2012-05-16 09:21 . 2012-05-16 09:21 9433088 c:\windows\Installer\665b6b.msi
+ 2012-05-16 09:22 . 2012-05-16 09:22 8822784 c:\windows\Installer\665b5a.msi
+ 2010-09-22 21:17 . 2010-09-22 21:17 2668392 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startupres.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 1378160 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXMediaPublishSubscribe.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 1245552 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoVoyager.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 1342320 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoViewer.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 1877872 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoAcq.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 4824432 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXFaceRecognition.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 1507184 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXAlbumDownloadWizardResources.dll
+ 2010-09-22 21:32 . 2010-09-22 21:32 7559024 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\Imaging.dll
+ 2010-09-22 20:28 . 2010-09-22 20:28 1043312 c:\windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502\LivePlatform.dll
+ 2010-09-22 21:17 . 2010-09-22 21:17 1204584 c:\windows\Installer\$PatchCache$\Managed\06CD3021DB9D9F443B27B2F822E70649\15.4.3502\wlarp.exe
+ 2012-05-09 11:56 . 2012-05-16 11:00 10227320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3238748116-4089550959-2454182330-1000-8192.dat
+ 2012-05-16 09:27 . 2012-05-16 09:27 11846656 c:\windows\Installer\665c95.msi
+ 2012-05-16 09:26 . 2012-05-16 09:26 14624256 c:\windows\Installer\665c90.msp
+ 2012-05-16 09:26 . 2012-05-16 09:26 34193408 c:\windows\Installer\665c64.msi
+ 2012-05-16 09:25 . 2012-05-16 09:25 13850624 c:\windows\Installer\665c27.msi
+ 2012-05-16 09:24 . 2012-05-16 09:24 22647296 c:\windows\Installer\665c07.msi
+ 2012-05-16 09:22 . 2012-05-16 09:22 20240896 c:\windows\Installer\665b56.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-07 150016]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 11613288]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Görüntüyü &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sayfayı &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\2at8m3ci.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3238748116-4089550959-2454182330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3238748116-4089550959-2454182330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-16 14:18:39
ComboFix-quarantined-files.txt 2012-05-16 11:18
ComboFix2.txt 2012-05-15 19:02
.
Pre-Run: 342.072.143.872 bayt boş
Post-Run: 341.607.489.536 bayt boş
.
- - End Of File - - 387A01FE264607AE90C6B76FCA99DDE1

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 16 May 2012 - 02:03 PM

it is happening from chrome so lets uninstall it and if asked about user data or settings the remove that also

restart the computer and reinstall it and see if you still get the warnings


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 avendesora

avendesora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 May 2012 - 04:32 PM

Hi, I still get the warnings after uninstalling Chrome and Firefox. No matter which browser I run, IE, Chrome, or Firefox it is the same.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 16 May 2012 - 09:04 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 avendesora

avendesora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 17 May 2012 - 04:00 AM

Hi, report from OTL is as follows. I had to divide it as it is too long to post. Thanks!

OTL logfile created on: 17.05.2012 11:05:51 - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Samsung\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

5,91 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 71,58% Memory free
11,82 Gb Paging File | 9,99 Gb Available in Paging File | 84,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 353,32 Gb Total Space | 314,83 Gb Free Space | 89,11% Space Free | Partition Type: NTFS
Drive D: | 345,22 Gb Total Space | 344,34 Gb Free Space | 99,75% Space Free | Partition Type: NTFS

Computer Name: ELIF | User Name: Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Samsung\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_tr_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (TurboBoost) Intel® -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Broadcom Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120516.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120516.003\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120515.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 1B 5C 86 93 2E CD 01 [binary data]
IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.05.16 14:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.05.17 10:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.17 00:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.16 17:30:25 | 000,000,000 | ---D | M]

[2012.05.17 00:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samsung\AppData\Roaming\mozilla\Extensions
[2012.05.17 00:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.10 13:41:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.21 04:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 20:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.21 05:42:45 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012.04.21 05:42:45 | 000,002,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml

O1 HOSTS File: ([2009.06.11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3238748116-4089550959-2454182330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3238748116-4089550959-2454182330-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O8:64bit: - Extra context menu item: Görüntüyü &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Sayfayı &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Görüntüyü &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Sayfayı &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Bluetooth'a Gönder - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Bluetooth Aygıtına Gönder... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EC7C8D2-A55C-4114-A920-ECD3CF61B2F9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3898230-03F3-4F7D-B22F-6935F404A29C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.17 11:02:07 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Samsung\Desktop\OTL.exe
[2012.05.17 10:59:37 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\{36F6C0EB-DED5-4C13-B67A-81C74FBC74C5}
[2012.05.17 10:59:24 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\{68D59161-B63E-409C-B38C-BF9D696A99A7}
[2012.05.17 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Mozilla
[2012.05.17 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.16 23:38:49 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\ElevatedDiagnostics
[2012.05.16 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.16 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.16 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\{88E11F0D-7DD2-435D-B85D-9377DC783BE0}
[2012.05.16 14:46:38 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\{049452F7-268A-4D86-BC4B-4E6F2DBBF41A}
[2012.05.16 14:28:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.16 14:25:45 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symefa64.sys
[2012.05.16 14:25:45 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtsp64.sys
[2012.05.16 14:25:45 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symds64.sys
[2012.05.16 14:25:45 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symnets.sys
[2012.05.16 14:25:45 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\ironx64.sys
[2012.05.16 14:25:45 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\ccsetx64.sys
[2012.05.16 14:25:45 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtspx64.sys
[2012.05.16 14:25:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1307000.009
[2012.05.16 14:22:44 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.05.16 14:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.05.16 14:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.05.16 14:21:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012.05.16 14:21:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.05.16 14:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012.05.16 14:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.05.16 14:18:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.16 14:05:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.16 12:31:15 | 000,000,000 | ---D | C] -- C:\Windows\tr
[2012.05.16 12:30:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.05.16 12:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.05.16 12:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.05.16 12:25:41 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.05.16 12:25:41 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.05.16 12:25:41 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.05.16 12:25:41 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.05.16 12:24:11 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.05.16 12:24:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.05.16 12:20:51 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Windows Live
[2012.05.16 02:34:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Samsung\Desktop\aswMBR.exe
[2012.05.16 02:33:53 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Samsung\Desktop\tdsskiller.exe
[2012.05.15 21:54:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.15 21:54:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.15 21:52:10 | 004,495,419 | R--- | C] (Swearware) -- C:\Users\Samsung\Desktop\ComboFix.exe
[2012.05.14 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Adobe
[2012.05.14 09:55:39 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\NPE
[2012.05.14 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.11 13:02:53 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Malwarebytes
[2012.05.11 13:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 13:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.11 13:02:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 13:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.11 09:32:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.11 09:31:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.11 01:50:07 | 055,656,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.05.11 00:42:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.05.11 00:42:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.05.10 17:20:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.10 17:20:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.10 17:19:58 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.10 17:19:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.10 17:19:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.10 17:19:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.10 17:19:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.05.10 17:19:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.10 17:19:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.10 17:19:54 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.10 17:19:54 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.10 17:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.05.10 17:07:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.05.10 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaTexis
[2012.05.10 16:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTexis
[2012.05.10 16:56:24 | 000,491,520 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalSGrid6.ocx
[2012.05.10 16:56:24 | 000,139,264 | ---- | C] (MetaTexis Software and Services) -- C:\Windows\SysWow64\RTFBoxMX.ocx
[2012.05.10 16:56:24 | 000,094,208 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalIml6.ocx
[2012.05.10 16:56:24 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2012.05.10 16:56:22 | 000,172,032 | ---- | C] (Simple Software Solutions, Inc.) -- C:\Windows\SysWow64\edb2drv.dll
[2012.05.10 16:56:22 | 000,143,360 | ---- | C] (Simple Software Solutions, Inc.) -- C:\Windows\SysWow64\edb1drv.dll
[2012.05.10 16:56:21 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.05.10 16:56:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2012.05.10 16:56:21 | 000,036,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20DEU.DLL
[2012.05.10 16:56:17 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.05.10 16:56:17 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RCHTXDE.DLL
[2012.05.10 16:56:17 | 000,024,626 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrnde.dll
[2012.05.10 16:56:16 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2012.05.10 16:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaTexis
[2012.05.10 16:52:58 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2012.05.10 16:52:58 | 000,048,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2012.05.10 16:52:53 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2012.05.10 16:52:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.05.10 16:52:48 | 003,715,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.05.10 16:52:48 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.10 16:52:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.05.10 16:52:46 | 003,215,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.05.10 16:52:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012.05.10 16:52:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012.05.10 16:52:40 | 014,633,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012.05.10 16:52:38 | 003,205,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2012.05.10 16:52:37 | 004,120,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012.05.10 16:52:37 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2012.05.10 16:52:36 | 003,008,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012.05.10 16:52:36 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2012.05.10 16:52:36 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2012.05.10 16:52:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2012.05.10 16:52:36 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2012.05.10 16:52:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2012.05.10 16:52:34 | 001,219,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2012.05.10 16:52:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2012.05.10 16:52:34 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2012.05.10 16:52:33 | 002,086,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012.05.10 16:52:32 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2012.05.10 16:52:32 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012.05.10 16:52:32 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2012.05.10 16:52:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012.05.10 16:52:31 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012.05.10 16:52:31 | 001,340,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2012.05.10 16:52:30 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2012.05.10 16:52:30 | 001,753,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2012.05.10 16:52:30 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2012.05.10 16:52:30 | 001,326,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NaturalLanguage6.dll
[2012.05.10 16:52:30 | 000,299,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2012.05.10 16:52:28 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012.05.10 16:52:27 | 003,027,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2012.05.10 16:52:27 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2012.05.10 16:52:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2012.05.10 16:52:27 | 000,109,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2012.05.10 16:52:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2012.05.10 16:52:26 | 003,957,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2012.05.10 16:52:26 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2012.05.10 16:52:26 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2012.05.10 16:52:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2012.05.10 16:52:26 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpdd.dll
[2012.05.10 16:52:24 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2012.05.10 16:52:24 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012.05.10 16:52:23 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2012.05.10 16:52:23 | 000,867,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFolder.dll
[2012.05.10 16:52:22 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuthFWSnapin.dll
[2012.05.10 16:52:22 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthFWSnapin.dll
[2012.05.10 16:52:22 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2012.05.10 16:52:21 | 003,391,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2012.05.10 16:52:20 | 001,456,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.05.10 16:52:19 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012.05.10 16:52:18 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2012.05.10 16:52:18 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2012.05.10 16:52:17 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.05.10 16:52:16 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2012.05.10 16:52:16 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2012.05.10 16:52:16 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012.05.10 16:52:16 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2012.05.10 16:52:15 | 001,900,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2012.05.10 16:52:15 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012.05.10 16:52:14 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2012.05.10 16:52:14 | 001,281,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\werconcpl.dll
[2012.05.10 16:52:14 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012.05.10 16:52:14 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012.05.10 16:52:13 | 001,008,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2012.05.10 16:52:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2012.05.10 16:52:12 | 001,049,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.05.10 16:52:12 | 000,376,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.05.10 16:52:11 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2012.05.10 16:52:11 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2012.05.10 16:52:10 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2012.05.10 16:52:10 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.05.10 16:52:10 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2012.05.10 16:52:10 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2012.05.10 16:52:10 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2012.05.10 16:52:10 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2012.05.10 16:52:10 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsmf.dll
[2012.05.10 16:52:10 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.05.10 16:52:09 | 002,652,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2012.05.10 16:52:09 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2012.05.10 16:52:09 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2012.05.10 16:52:08 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012.05.10 16:52:08 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012.05.10 16:52:08 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2012.05.10 16:52:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmonui.dll
[2012.05.10 16:52:07 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2012.05.10 16:52:07 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012.05.10 16:52:07 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2012.05.10 16:52:06 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012.05.10 16:52:06 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2012.05.10 16:52:06 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2012.05.10 16:52:06 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.exe
[2012.05.10 16:52:06 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2012.05.10 16:52:05 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2012.05.10 16:52:05 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2012.05.10 16:52:04 | 002,543,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2012.05.10 16:52:04 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Vault.dll
[2012.05.10 16:52:04 | 000,897,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2012.05.10 16:52:04 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2012.05.10 16:52:04 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsmf.dll
[2012.05.10 16:52:04 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QAGENT.DLL
[2012.05.10 16:52:04 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3api.dll
[2012.05.10 16:52:03 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2012.05.10 16:52:03 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmd.exe
[2012.05.10 16:52:03 | 000,281,600 | ---- | C] (Microsoft) -- C:\Windows\SysNative\DShowRdpFilter.dll
[2012.05.10 16:52:02 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2012.05.10 16:52:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.05.10 16:52:02 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2012.05.10 16:52:02 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2012.05.10 16:52:02 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2012.05.10 16:52:01 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012.05.10 16:52:01 | 001,190,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2012.05.10 16:52:01 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sxs.dll
[2012.05.10 16:52:00 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2012.05.10 16:52:00 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2012.05.10 16:52:00 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2012.05.10 16:52:00 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012.05.10 16:52:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2012.05.10 16:52:00 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2012.05.10 16:52:00 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcbuilder.exe
[2012.05.10 16:52:00 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2012.05.10 16:52:00 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgprint.dll
[2012.05.10 16:52:00 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012.05.10 16:51:59 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2012.05.10 16:51:59 | 001,158,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2012.05.10 16:51:59 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2012.05.10 16:51:59 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2012.05.10 16:51:59 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2012.05.10 16:51:58 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2012.05.10 16:51:58 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2012.05.10 16:51:58 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3api.dll
[2012.05.10 16:51:56 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2012.05.10 16:51:56 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2012.05.10 16:51:56 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2012.05.10 16:51:56 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2012.05.10 16:51:56 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2012.05.10 16:51:56 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012.05.10 16:51:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mcbuilder.exe
[2012.05.10 16:51:56 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prncache.dll
[2012.05.10 16:51:55 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012.05.10 16:51:55 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.05.10 16:51:55 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2012.05.10 16:51:55 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2012.05.10 16:51:55 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2012.05.10 16:51:55 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnike.dll
[2012.05.10 16:51:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2012.05.10 16:51:54 | 002,262,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2012.05.10 16:51:54 | 001,082,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2012.05.10 16:51:54 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012.05.10 16:51:54 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2012.05.10 16:51:54 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.exe
[2012.05.10 16:51:54 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2012.05.10 16:51:54 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2012.05.10 16:51:53 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2012.05.10 16:51:53 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2012.05.10 16:51:53 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.05.10 16:51:52 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localsec.dll
[2012.05.10 16:51:52 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2012.05.10 16:51:52 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2012.05.10 16:51:52 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.05.10 16:51:52 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2012.05.10 16:51:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2012.05.10 16:51:52 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012.05.10 16:51:52 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2012.05.10 16:51:52 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fde.dll
[2012.05.10 16:51:51 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netdiagfx.dll
[2012.05.10 16:51:51 | 000,298,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2012.05.10 16:51:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2012.05.10 16:51:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012.05.10 16:51:50 | 002,746,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012.05.10 16:51:50 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2012.05.10 16:51:50 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biocpl.dll
[2012.05.10 16:51:50 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2012.05.10 16:51:50 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2012.05.10 16:51:50 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2012.05.10 16:51:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSHVHOST.DLL
[2012.05.10 16:51:50 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2012.05.10 16:51:50 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netid.dll
[2012.05.10 16:51:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.05.10 16:51:50 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012.05.10 16:51:49 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2012.05.10 16:51:49 | 001,050,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2012.05.10 16:51:49 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspbda.dll
[2012.05.10 16:51:49 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2012.05.10 16:51:48 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2012.05.10 16:51:48 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2012.05.10 16:51:48 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2012.05.10 16:51:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2012.05.10 16:51:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.05.10 16:51:48 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2012.05.10 16:51:48 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2012.05.10 16:51:48 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2012.05.10 16:51:48 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitagent.exe
[2012.05.10 16:51:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.05.10 16:51:47 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbghelp.dll
[2012.05.10 16:51:47 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012.05.10 16:51:46 | 003,211,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.05.10 16:51:46 | 000,934,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallControlPanel.dll
[2012.05.10 16:51:46 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2012.05.10 16:51:46 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2012.05.10 16:51:46 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2012.05.10 16:51:46 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012.05.10 16:51:46 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012.05.10 16:51:46 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2012.05.10 16:51:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2012.05.10 16:51:45 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2012.05.10 16:51:45 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXP.dll
[2012.05.10 16:51:45 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2012.05.10 16:51:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetapi.dll
[2012.05.10 16:51:44 | 000,780,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2012.05.10 16:51:44 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2012.05.10 16:51:44 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2012.05.10 16:51:43 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2012.05.10 16:51:42 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2012.05.10 16:51:42 | 002,494,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2012.05.10 16:51:42 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2012.05.10 16:51:42 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2012.05.10 16:51:42 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012.05.10 16:51:42 | 000,263,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2012.05.10 16:51:42 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012.05.10 16:51:42 | 000,128,000 | ---- | C] (Microsoft) -- C:\Windows\SysNative\Robocopy.exe
[2012.05.10 16:51:42 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
[2012.05.10 16:51:42 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys
[2012.05.10 16:51:41 | 001,457,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxpTaskSync.dll
[2012.05.10 16:51:41 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2012.05.10 16:51:41 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2012.05.10 16:51:41 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2012.05.10 16:51:41 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2012.05.10 16:51:40 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012.05.10 16:51:40 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\puiobj.dll
[2012.05.10 16:51:40 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2012.05.10 16:51:40 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prncache.dll
[2012.05.10 16:51:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2012.05.10 16:51:39 | 000,932,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2012.05.10 16:51:39 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXPTaskRingtone.dll
[2012.05.10 16:51:39 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2012.05.10 16:51:37 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2012.05.10 16:51:37 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.05.10 16:51:36 | 001,363,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2012.05.10 16:51:36 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2012.05.10 16:51:36 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2012.05.10 16:51:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2012.05.10 16:51:36 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\net1.exe
[2012.05.10 16:51:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2012.05.10 16:51:35 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdengin2.dll
[2012.05.10 16:51:35 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2012.05.10 16:51:35 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2012.05.10 16:51:35 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012.05.10 16:51:34 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2012.05.10 16:51:34 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiadefui.dll
[2012.05.10 16:51:34 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2012.05.10 16:51:34 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2012.05.10 16:51:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samcli.dll
[2012.05.10 16:51:34 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012.05.10 16:51:33 | 002,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.05.10 16:51:33 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2012.05.10 16:51:33 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2012.05.10 16:51:33 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSHVHOST.DLL
[2012.05.10 16:51:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.05.10 16:51:33 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012.05.10 16:51:33 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QUTIL.DLL
[2012.05.10 16:51:33 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2012.05.10 16:51:32 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2012.05.10 16:51:32 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2012.05.10 16:51:32 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2012.05.10 16:51:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2012.05.10 16:51:32 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.05.10 16:51:32 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netdiagfx.dll
[2012.05.10 16:51:32 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fde.dll
[2012.05.10 16:51:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012.05.10 16:51:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcl.exe
[2012.05.10 16:51:32 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012.05.10 16:51:31 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2012.05.10 16:51:31 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TabletPC.cpl
[2012.05.10 16:51:31 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.05.10 16:51:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012.05.10 16:51:26 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgcpl.dll
[2012.05.10 16:51:26 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msconfig.exe
[2012.05.10 16:51:26 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2012.05.10 16:51:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2012.05.10 16:51:24 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2012.05.10 16:51:24 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2012.05.10 16:51:24 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2012.05.10 16:51:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2012.05.10 16:51:24 | 000,166,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2012.05.10 16:51:24 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdeploy.dll
[2012.05.10 16:51:24 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsmproxy.dll
[2012.05.10 16:51:24 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.05.10 16:51:23 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2012.05.10 16:51:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012.05.10 16:51:22 | 000,633,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2012.05.10 16:51:22 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXPTaskRingtone.dll
[2012.05.10 16:51:22 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012.05.10 16:51:22 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RpcRtRemote.dll
[2012.05.10 16:51:21 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2012.05.10 16:51:21 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2012.05.10 16:51:21 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2012.05.10 16:51:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logoncli.dll
[2012.05.10 16:51:20 | 002,250,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsCpl.dll
[2012.05.10 16:51:20 | 002,193,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2012.05.10 16:51:20 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Narrator.exe
[2012.05.10 16:51:20 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2012.05.10 16:51:20 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2012.05.10 16:51:20 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sharemediacpl.dll
[2012.05.10 16:51:20 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2012.05.10 16:51:20 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netjoin.dll
[2012.05.10 16:51:20 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nci.dll
[2012.05.10 16:51:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2012.05.10 16:51:19 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2012.05.10 16:51:19 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012.05.10 16:51:19 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppcomapi.dll
[2012.05.10 16:51:19 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2012.05.10 16:51:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2012.05.10 16:51:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnikeapi.dll
[2012.05.10 16:51:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\proquota.exe
[2012.05.10 16:51:18 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2012.05.10 16:51:18 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2012.05.10 16:51:18 | 000,763,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2012.05.10 16:51:18 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2012.05.10 16:51:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2012.05.10 16:51:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshipsec.dll
[2012.05.10 16:51:18 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2012.05.10 16:51:18 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2012.05.10 16:51:18 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2012.05.10 16:51:18 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2012.05.10 16:51:18 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012.05.10 16:51:18 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2012.05.10 16:51:18 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2012.05.10 16:51:18 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2012.05.10 16:51:18 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.05.10 16:51:18 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2012.05.10 16:51:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2012.05.10 16:51:17 | 001,264,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2012.05.10 16:51:17 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2012.05.10 16:51:17 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2012.05.10 16:51:17 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2012.05.10 16:51:17 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2012.05.10 16:51:16 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2012.05.10 16:51:16 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2012.05.10 16:51:16 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2012.05.10 16:51:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2012.05.10 16:51:16 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2012.05.10 16:51:16 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys
[2012.05.10 16:51:16 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prntvpt.dll
[2012.05.10 16:51:16 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2012.05.10 16:51:16 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2012.05.10 16:51:15 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2012.05.10 16:51:14 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2012.05.10 16:51:14 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2012.05.10 16:51:14 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2012.05.10 16:51:14 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprddm.dll
[2012.05.10 16:51:14 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QAGENT.DLL
[2012.05.10 16:51:14 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netid.dll
[2012.05.10 16:51:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2012.05.10 16:51:13 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2012.05.10 16:51:12 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2012.05.10 16:51:12 | 000,957,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2012.05.10 16:51:12 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vault.dll
[2012.05.10 16:51:12 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2012.05.10 16:51:12 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2012.05.10 16:51:12 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2012.05.10 16:51:12 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpsrcwp.dll
[2012.05.10 16:51:12 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nci.dll
[2012.05.10 16:51:08 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2012.05.10 16:51:08 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DiagCpl.dll
[2012.05.10 16:51:07 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bootres.dll
[2012.05.10 16:51:07 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2012.05.10 16:51:07 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2012.05.10 16:51:07 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\Robocopy.exe
[2012.05.10 16:51:07 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012.05.10 16:51:06 | 000,812,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2012.05.10 16:51:06 | 000,433,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MCEWMDRMNDBootstrap.dll
[2012.05.10 16:51:06 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2012.05.10 16:51:06 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSTPager.ax
[2012.05.10 16:51:05 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DxpTaskSync.dll
[2012.05.10 16:51:05 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2012.05.10 16:51:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2012.05.10 16:51:05 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskmgr.exe
[2012.05.10 16:51:05 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2012.05.10 16:51:05 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2012.05.10 16:51:05 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2012.05.10 16:51:04 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnfldr.dll
[2012.05.10 16:51:04 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\termmgr.dll
[2012.05.10 16:51:04 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiobj.dll
[2012.05.10 16:51:04 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2012.05.10 16:51:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2012.05.10 16:51:04 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2012.05.10 16:51:04 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskmgr.exe
[2012.05.10 16:51:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012.05.10 16:51:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012.05.10 16:51:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2012.05.10 16:51:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\proquota.exe
[2012.05.10 16:51:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\userinit.exe
[2012.05.10 16:51:03 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiadefui.dll
[2012.05.10 16:51:03 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2012.05.10 16:51:03 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2012.05.10 16:51:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2012.05.10 16:51:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2012.05.10 16:51:03 | 000,155,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2012.05.10 16:51:03 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2012.05.10 16:51:03 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logoncli.dll
[2012.05.10 16:51:03 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2012.05.10 16:51:03 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2012.05.10 16:51:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userinit.exe
[2012.05.10 16:51:02 | 003,745,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2012.05.10 16:51:02 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SensorsCpl.dll
[2012.05.10 16:51:02 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2012.05.10 16:51:02 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FirewallControlPanel.dll
[2012.05.10 16:51:02 | 000,649,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2012.05.10 16:51:01 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2012.05.10 16:51:01 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slui.exe
[2012.05.10 16:51:01 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2012.05.10 16:51:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012.05.10 16:51:00 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2012.05.10 16:51:00 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2012.05.10 16:51:00 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceCenter.dll
[2012.05.10 16:51:00 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localsec.dll
[2012.05.10 16:51:00 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2012.05.10 16:51:00 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2012.05.10 16:51:00 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hgcpl.dll
[2012.05.10 16:51:00 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\defaultlocationcpl.dll
[2012.05.10 16:51:00 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2012.05.10 16:51:00 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2012.05.10 16:50:59 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2012.05.10 16:50:59 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2012.05.10 16:50:59 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprddm.dll
[2012.05.10 16:50:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskbarcpl.dll
[2012.05.10 16:50:59 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OnLineIDCpl.dll
[2012.05.10 16:50:58 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2012.05.10 16:50:58 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll
[2012.05.10 16:50:58 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
[2012.05.10 16:50:58 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2012.05.10 16:50:58 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2012.05.10 16:50:58 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2012.05.10 16:50:58 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2012.05.10 16:50:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2012.05.10 16:50:58 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.05.10 16:50:58 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroleui.dll
[2012.05.10 16:50:58 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2012.05.10 16:50:58 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2012.05.10 16:50:58 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2012.05.10 16:50:58 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2012.05.10 16:50:58 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVolSSO.dll
[2012.05.10 16:50:58 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twext.dll
[2012.05.10 16:50:58 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxlib.dll
[2012.05.10 16:50:58 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recovery.dll
[2012.05.10 16:50:58 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prntvpt.dll
[2012.05.10 16:50:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w32tm.exe
[2012.05.10 16:50:57 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2012.05.10 16:50:57 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsuiext.dll
[2012.05.10 16:50:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizeng.dll
[2012.05.10 16:50:57 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2012.05.10 16:50:57 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroleui.dll
[2012.05.10 16:50:57 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cca.dll
[2012.05.10 16:50:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe
[2012.05.10 16:50:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sisbkup.dll
[2012.05.10 16:50:56 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2012.05.10 16:50:56 | 001,003,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2012.05.10 16:50:56 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdcpl.dll
[2012.05.10 16:50:56 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2012.05.10 16:50:56 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenterCPL.dll
[2012.05.10 16:50:56 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\main.cpl
[2012.05.10 16:50:56 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2012.05.10 16:50:56 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shwebsvc.dll
[2012.05.10 16:50:56 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2012.05.10 16:50:56 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2012.05.10 16:50:56 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\efscore.dll
[2012.05.10 16:50:56 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recdisc.exe
[2012.05.10 16:50:56 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2012.05.10 16:50:56 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2012.05.10 16:50:56 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syncui.dll
[2012.05.10 16:50:56 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VBICodec.ax
[2012.05.10 16:50:56 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2012.05.10 16:50:56 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldp.dll
[2012.05.10 16:50:56 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netjoin.dll
[2012.05.10 16:50:56 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2012.05.10 16:50:56 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2012.05.10 16:50:56 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2012.05.10 16:50:56 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzutil.exe
[2012.05.10 16:50:56 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2012.05.10 16:50:55 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2012.05.10 16:50:55 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2012.05.10 16:50:55 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll
[2012.05.10 16:50:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2012.05.10 16:50:54 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2012.05.10 16:50:54 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenter.dll
[2012.05.10 16:50:54 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll

Remainder of the report:

[2012.05.10 16:50:54 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2012.05.10 16:50:54 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizeng.dll
[2012.05.10 16:50:54 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\termmgr.dll
[2012.05.10 16:50:54 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnfldr.dll
[2012.05.10 16:50:54 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2012.05.10 16:50:54 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2012.05.10 16:50:54 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2012.05.10 16:50:54 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2012.05.10 16:50:54 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2012.05.10 16:50:54 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iprtrmgr.dll
[2012.05.10 16:50:54 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2012.05.10 16:50:54 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2012.05.10 16:50:54 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\defaultlocationcpl.dll
[2012.05.10 16:50:54 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OnLineIDCpl.dll
[2012.05.10 16:50:54 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2012.05.10 16:50:54 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntlanman.dll
[2012.05.10 16:50:54 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksxbar.ax
[2012.05.10 16:50:53 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2012.05.10 16:50:53 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlcese30.dll
[2012.05.10 16:50:53 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2012.05.10 16:50:53 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2012.05.10 16:50:53 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2012.05.10 16:50:53 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2012.05.10 16:50:53 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iprtrmgr.dll
[2012.05.10 16:50:53 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\efscore.dll
[2012.05.10 16:50:53 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2012.05.10 16:50:53 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifsutil.dll
[2012.05.10 16:50:53 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserAccountControlSettings.dll
[2012.05.10 16:50:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2012.05.10 16:50:53 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpd3d.dll
[2012.05.10 16:50:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2012.05.10 16:50:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.05.10 16:50:53 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2012.05.10 16:50:53 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sisbkup.dll
[2012.05.10 16:50:52 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OobeFldr.dll
[2012.05.10 16:50:52 | 000,781,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2012.05.10 16:50:52 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012.05.10 16:50:52 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenterCPL.dll
[2012.05.10 16:50:52 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2012.05.10 16:50:52 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DeviceCenter.dll
[2012.05.10 16:50:52 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ssText3d.scr
[2012.05.10 16:50:52 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iTVData.dll
[2012.05.10 16:50:52 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wavemsp.dll
[2012.05.10 16:50:52 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingFolder.dll
[2012.05.10 16:50:52 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquoui.dll
[2012.05.10 16:50:52 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syncui.dll
[2012.05.10 16:50:52 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2012.05.10 16:50:52 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srvcli.dll
[2012.05.10 16:50:52 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nslookup.exe
[2012.05.10 16:50:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSTPager.ax
[2012.05.10 16:50:52 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012.05.10 16:50:51 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2012.05.10 16:50:51 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2012.05.10 16:50:51 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2012.05.10 16:50:51 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2012.05.10 16:50:51 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srrstr.dll
[2012.05.10 16:50:51 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2012.05.10 16:50:51 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdboot.exe
[2012.05.10 16:50:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2012.05.10 16:50:51 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2012.05.10 16:50:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPHLPR.DLL
[2012.05.10 16:50:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acppage.dll
[2012.05.10 16:50:50 | 001,672,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2012.05.10 16:50:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2012.05.10 16:50:50 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpx.dll
[2012.05.10 16:50:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\activeds.dll
[2012.05.10 16:50:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2012.05.10 16:50:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpsrcwp.dll
[2012.05.10 16:50:50 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2012.05.10 16:50:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPHLPR.DLL
[2012.05.10 16:50:50 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppnp.dll
[2012.05.10 16:50:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\migisol.dll
[2012.05.10 16:50:50 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabinet.dll
[2012.05.10 16:50:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.05.10 16:50:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.05.10 16:50:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\remotepg.dll
[2012.05.10 16:50:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wkscli.dll
[2012.05.10 16:50:49 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2012.05.10 16:50:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.05.10 16:50:47 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshipsec.dll
[2012.05.10 16:50:46 | 000,685,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsuiext.dll
[2012.05.10 16:50:46 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfrgui.exe
[2012.05.10 16:50:46 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2012.05.10 16:50:46 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2012.05.10 16:50:46 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfrgui.exe
[2012.05.10 16:50:46 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2012.05.10 16:50:46 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
[2012.05.10 16:50:46 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3ui.dll
[2012.05.10 16:50:46 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2012.05.10 16:50:46 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wavemsp.dll
[2012.05.10 16:50:46 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2012.05.10 16:50:46 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.05.10 16:50:46 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.05.10 16:50:46 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\net1.exe
[2012.05.10 16:50:46 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kstvtune.ax
[2012.05.10 16:50:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe
[2012.05.10 16:50:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2012.05.10 16:50:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2012.05.10 16:50:45 | 000,840,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2012.05.10 16:50:45 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2012.05.10 16:50:45 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2012.05.10 16:50:45 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimgapi.dll
[2012.05.10 16:50:45 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsqmcons.exe
[2012.05.10 16:50:45 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012.05.10 16:50:45 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2012.05.10 16:50:45 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzutil.exe
[2012.05.10 16:50:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2012.05.10 16:50:44 | 001,911,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012.05.10 16:50:44 | 000,899,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Bubbles.scr
[2012.05.10 16:50:44 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\main.cpl
[2012.05.10 16:50:44 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2012.05.10 16:50:44 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2012.05.10 16:50:44 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012.05.10 16:50:44 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PkgMgr.exe
[2012.05.10 16:50:44 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstask.dll
[2012.05.10 16:50:44 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2012.05.10 16:50:44 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcap.dll
[2012.05.10 16:50:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.05.10 16:50:44 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifsutil.dll
[2012.05.10 16:50:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twext.dll
[2012.05.10 16:50:44 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\uxlib.dll
[2012.05.10 16:50:44 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupugc.exe
[2012.05.10 16:50:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2012.05.10 16:50:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2012.05.10 16:50:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdmat.dll
[2012.05.10 16:50:44 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012.05.10 16:50:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsium.dll
[2012.05.10 16:50:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012.05.10 16:50:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.05.10 16:50:43 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ssText3d.scr
[2012.05.10 16:50:43 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mystify.scr
[2012.05.10 16:50:43 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Ribbons.scr
[2012.05.10 16:50:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2012.05.10 16:50:43 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2012.05.10 16:50:43 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2012.05.10 16:50:42 | 001,087,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbghelp.dll
[2012.05.10 16:50:42 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSAPI.dll
[2012.05.10 16:50:42 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2012.05.10 16:50:42 | 000,573,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.05.10 16:50:42 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2012.05.10 16:50:42 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimserv.exe
[2012.05.10 16:50:42 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeResults.exe
[2012.05.10 16:50:42 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2012.05.10 16:50:42 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2012.05.10 16:50:42 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2012.05.10 16:50:42 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012.05.10 16:50:42 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionQueue.dll
[2012.05.10 16:50:42 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingFolder.dll
[2012.05.10 16:50:42 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012.05.10 16:50:42 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfmon.exe
[2012.05.10 16:50:42 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfmon.exe
[2012.05.10 16:50:42 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpshell.dll
[2012.05.10 16:50:42 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tlscsp.dll
[2012.05.10 16:50:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\umb.dll
[2012.05.10 16:50:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPCRYPT.DLL
[2012.05.10 16:50:42 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\acppage.dll
[2012.05.10 16:50:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AzSqlExt.dll
[2012.05.10 16:50:42 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netutils.dll
[2012.05.10 16:50:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2012.05.10 16:50:41 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2012.05.10 16:50:41 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2012.05.10 16:50:41 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2012.05.10 16:50:41 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2012.05.10 16:50:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2012.05.10 16:50:41 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2012.05.10 16:50:41 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\remotepg.dll
[2012.05.10 16:50:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiavideo.dll
[2012.05.10 16:50:41 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QUTIL.DLL
[2012.05.10 16:50:41 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012.05.10 16:50:41 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\runonce.exe
[2012.05.10 16:50:41 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPCRYPT.DLL
[2012.05.10 16:50:41 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syssetup.dll
[2012.05.10 16:50:40 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onexui.dll
[2012.05.10 16:50:40 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2012.05.10 16:50:40 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nltest.exe
[2012.05.10 16:50:40 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2012.05.10 16:50:40 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2012.05.10 16:50:40 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsadmin.exe
[2012.05.10 16:50:40 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iTVData.dll
[2012.05.10 16:50:40 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2012.05.10 16:50:40 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2012.05.10 16:50:40 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsbas.dll
[2012.05.10 16:50:40 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetapi.dll
[2012.05.10 16:50:40 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsbas.dll
[2012.05.10 16:50:40 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MdSched.exe
[2012.05.10 16:50:40 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2012.05.10 16:50:40 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2012.05.10 16:50:40 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2012.05.10 16:50:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserAccountControlSettings.dll
[2012.05.10 16:50:40 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\runonce.exe
[2012.05.10 16:50:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PrintIsolationProxy.dll
[2012.05.10 16:50:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vpnikeapi.dll
[2012.05.10 16:50:39 | 000,527,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2012.05.10 16:50:39 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2012.05.10 16:50:39 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2012.05.10 16:50:39 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2012.05.10 16:50:39 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsadmin.exe
[2012.05.10 16:50:39 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qcap.dll
[2012.05.10 16:50:39 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2012.05.10 16:50:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shacct.dll
[2012.05.10 16:50:39 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSVRMGMT.DLL
[2012.05.10 16:50:39 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2012.05.10 16:50:39 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shacct.dll
[2012.05.10 16:50:39 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpshell.dll
[2012.05.10 16:50:39 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2012.05.10 16:50:39 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tabcal.exe
[2012.05.10 16:50:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2012.05.10 16:50:39 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2012.05.10 16:50:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lsmproxy.dll
[2012.05.10 16:50:38 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012.05.10 16:50:38 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2012.05.10 16:50:38 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Bubbles.scr
[2012.05.10 16:50:38 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceStatus.dll
[2012.05.10 16:50:38 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceStatus.dll
[2012.05.10 16:50:38 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2012.05.10 16:50:38 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2012.05.10 16:50:38 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3ui.dll
[2012.05.10 16:50:38 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlcese30.dll
[2012.05.10 16:50:38 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdv.dll
[2012.05.10 16:50:38 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2012.05.10 16:50:38 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceSyncProvider.dll
[2012.05.10 16:50:38 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Ribbons.scr
[2012.05.10 16:50:38 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceSyncProvider.dll
[2012.05.10 16:50:38 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2012.05.10 16:50:38 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\desk.cpl
[2012.05.10 16:50:38 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2012.05.10 16:50:38 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fphc.dll
[2012.05.10 16:50:38 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSVRMGMT.DLL
[2012.05.10 16:50:38 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.05.10 16:50:38 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.05.10 16:50:38 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kstvtune.ax
[2012.05.10 16:50:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2012.05.10 16:50:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spbcd.dll
[2012.05.10 16:50:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\olethk32.dll
[2012.05.10 16:50:38 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2012.05.10 16:50:38 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdmat.dll
[2012.05.10 16:50:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpd3d.dll
[2012.05.10 16:50:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.05.10 16:50:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsium.dll
[2012.05.10 16:50:37 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2012.05.10 16:50:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2012.05.10 16:50:37 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2012.05.10 16:50:37 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012.05.10 16:50:37 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2012.05.10 16:50:37 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mystify.scr
[2012.05.10 16:50:37 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VBICodec.ax
[2012.05.10 16:50:37 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2012.05.10 16:50:37 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2012.05.10 16:50:37 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2012.05.10 16:50:37 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiavideo.dll
[2012.05.10 16:50:37 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2012.05.10 16:50:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fphc.dll
[2012.05.10 16:50:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2012.05.10 16:50:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amstream.dll
[2012.05.10 16:50:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2012.05.10 16:50:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\takeown.exe
[2012.05.10 16:50:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2012.05.10 16:50:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\takeown.exe
[2012.05.10 16:50:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\utildll.dll
[2012.05.10 16:50:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HotStartUserAgent.dll
[2012.05.10 16:50:36 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2012.05.10 16:50:36 | 000,681,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.05.10 16:50:36 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2012.05.10 16:50:36 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdv.dll
[2012.05.10 16:50:36 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2012.05.10 16:50:36 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.05.10 16:50:36 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppinst.dll
[2012.05.10 16:50:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmstp.exe
[2012.05.10 16:50:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmstp.exe
[2012.05.10 16:50:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QCLIPROV.DLL
[2012.05.10 16:50:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2012.05.10 16:50:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.05.10 16:50:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QCLIPROV.DLL
[2012.05.10 16:50:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertPolEng.dll
[2012.05.10 16:50:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MuiUnattend.exe
[2012.05.10 16:50:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cca.dll
[2012.05.10 16:50:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WavDest.dll
[2012.05.10 16:50:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\djoin.exe
[2012.05.10 16:50:36 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vfwwdm32.dll
[2012.05.10 16:50:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2012.05.10 16:50:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MultiDigiMon.exe
[2012.05.10 16:50:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdhui.dll
[2012.05.10 16:50:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimgvw.dll
[2012.05.10 16:50:36 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nrpsrv.dll
[2012.05.10 16:50:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsicli.exe
[2012.05.10 16:50:35 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2012.05.10 16:50:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2012.05.10 16:50:35 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\g711codc.ax
[2012.05.10 16:50:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.05.10 16:50:35 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2012.05.10 16:50:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2012.05.10 16:50:34 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2012.05.10 16:50:34 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2012.05.10 16:50:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itircl.dll
[2012.05.10 16:50:34 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2012.05.10 16:50:34 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2012.05.10 16:50:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\itircl.dll
[2012.05.10 16:50:34 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsicli.exe
[2012.05.10 16:50:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mydocs.dll
[2012.05.10 16:50:34 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2012.05.10 16:50:34 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\desk.cpl
[2012.05.10 16:50:34 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2012.05.10 16:50:34 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mobsync.exe
[2012.05.10 16:50:34 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2012.05.10 16:50:34 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2012.05.10 16:50:34 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2012.05.10 16:50:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amstream.dll
[2012.05.10 16:50:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2012.05.10 16:50:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertPolEng.dll
[2012.05.10 16:50:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spbcd.dll
[2012.05.10 16:50:34 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.05.10 16:50:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksxbar.ax
[2012.05.10 16:50:34 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wkscli.dll
[2012.05.10 16:50:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbisurf.ax
[2012.05.10 16:50:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2012.05.10 16:50:34 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdmo.dll
[2012.05.10 16:50:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AzSqlExt.dll
[2012.05.10 16:50:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiougc.exe
[2012.05.10 16:50:34 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2012.05.10 16:50:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syssetup.dll
[2012.05.10 16:50:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BWUnpairElevated.dll
[2012.05.10 16:50:33 | 001,080,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onexui.dll
[2012.05.10 16:50:33 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2012.05.10 16:50:33 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSTIFF.dll
[2012.05.10 16:50:33 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2012.05.10 16:50:33 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2012.05.10 16:50:33 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2012.05.10 16:50:33 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2012.05.10 16:50:33 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2012.05.10 16:50:33 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mobsync.exe
[2012.05.10 16:50:33 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2012.05.10 16:50:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2012.05.10 16:50:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tlscsp.dll
[2012.05.10 16:50:33 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2012.05.10 16:50:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\luainstall.dll
[2012.05.10 16:50:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciqtz32.dll
[2012.05.10 16:50:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.05.10 16:50:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\choice.exe
[2012.05.10 16:50:33 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz32.dll
[2012.05.10 16:50:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012.05.10 16:50:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2012.05.10 16:50:33 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2012.05.10 16:50:32 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDPENCDD.dll
[2012.05.10 16:50:32 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2012.05.10 16:50:32 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012.05.10 16:50:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\manage-bde.exe
[2012.05.10 16:50:32 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetmib1.dll
[2012.05.10 16:50:32 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2012.05.10 16:50:32 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetmib1.dll
[2012.05.10 16:50:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\repair-bde.exe
[2012.05.10 16:50:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.05.10 16:50:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\luainstall.dll
[2012.05.10 16:50:32 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdiasqmmodule.dll
[2012.05.10 16:50:32 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shimgvw.dll
[2012.05.10 16:50:32 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unlodctr.exe
[2012.05.10 16:50:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbisurf.ax
[2012.05.10 16:50:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profprov.dll
[2012.05.10 16:50:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdmo.dll
[2012.05.10 16:50:32 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schedcli.dll
[2012.05.10 16:50:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdprefdrvapi.dll
[2012.05.10 16:50:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spopk.dll
[2012.05.10 16:50:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spopk.dll
[2012.05.10 16:50:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2012.05.10 16:50:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2012.05.10 16:50:31 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2012.05.10 16:50:31 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2012.05.10 16:50:31 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\g711codc.ax
[2012.05.10 16:50:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSMON.dll
[2012.05.10 16:50:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.05.10 16:50:31 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2012.05.10 16:50:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.05.10 16:50:31 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2012.05.10 16:50:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elsTrans.dll
[2012.05.10 16:50:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TRAPI.dll
[2012.05.10 16:50:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfts.dll
[2012.05.10 16:50:30 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\napdsnap.dll
[2012.05.10 16:50:30 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\napdsnap.dll
[2012.05.10 16:50:30 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsauth.dll
[2012.05.10 16:50:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys
[2012.05.10 16:50:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsauth.dll
[2012.05.10 16:50:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2012.05.10 16:50:30 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LogonUI.exe
[2012.05.10 16:50:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsperf.dll
[2012.05.10 16:50:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdprefdrvapi.dll
[2012.05.10 16:50:30 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elsTrans.dll
[2012.05.10 16:50:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TRAPI.dll
[2012.05.10 16:50:30 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsperf.dll
[2012.05.10 16:50:30 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSUNATD.exe
[2012.05.10 16:50:30 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schedcli.dll
[2012.05.10 16:50:26 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2012.05.10 16:50:26 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2012.05.10 16:50:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.05.10 16:50:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.05.10 16:50:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shgina.dll
[2012.05.10 16:50:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2012.05.10 16:50:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2012.05.10 16:50:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012.05.10 16:50:25 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2012.05.10 16:50:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shgina.dll
[2012.05.10 16:50:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshirda.dll
[2012.05.10 16:50:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\riched32.dll
[2012.05.10 16:50:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshirda.dll
[2012.05.10 16:50:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched32.dll
[2012.05.10 16:50:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcfgex.dll
[2012.05.10 16:50:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\C_ISCII.DLL
[2012.05.10 16:50:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shunimpl.dll
[2012.05.10 16:50:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\C_ISCII.DLL
[2012.05.10 16:50:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2012.05.10 16:50:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2012.05.10 16:50:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2012.05.10 16:50:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2012.05.10 16:50:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2012.05.10 16:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-ums-l1-1-0.dll
[2012.05.10 16:50:21 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012.05.10 16:50:21 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012.05.10 16:50:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUQ.DLL
[2012.05.10 16:50:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUF.DLL
[2012.05.10 16:50:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSG.DLL
[2012.05.10 16:50:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdlk41a.dll
[2012.05.10 16:50:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGKL.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUQ.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUF.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSG.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSF.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDPO.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDNEPR.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdlk41a.dll
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGR1.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGR1.DLL
[2012.05.10 16:50:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGKL.DLL
[2012.05.10 16:50:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2012.05.10 16:50:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDCZ1.DLL
[2012.05.10 16:50:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDCZ1.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUS.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUGHR1.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTURME.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAJIK.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSF.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDPO.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDNEPR.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMON.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMAORI.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDLT1.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBULG.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBLR.DLL
[2012.05.10 16:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUS.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUGHR1.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTURME.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAJIK.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMON.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMAORI.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDLT1.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGEO.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGEO.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBULG.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBLR.DLL
[2012.05.10 16:50:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2012.05.10 16:50:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2012.05.10 16:50:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2012.05.10 16:50:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pifmgr.dll
[2012.05.10 16:50:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pifmgr.dll
[2012.05.10 16:50:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL
[2012.05.10 16:50:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2012.05.10 16:50:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2012.05.10 16:50:14 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BlbEvents.dll
[2012.05.10 16:50:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizres.dll
[2012.05.10 16:50:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizres.dll
[2012.05.10 16:50:13 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpx.dll
[2012.05.10 16:50:13 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2012.05.10 16:49:58 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqmapi.dll
[2012.05.10 16:39:34 | 000,529,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn.dll
[2012.05.10 16:39:23 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqmapi.dll
[2012.05.10 16:08:32 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012.05.10 16:08:31 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012.05.10 16:08:25 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012.05.10 16:08:25 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012.05.10 16:08:24 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012.05.10 16:08:24 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012.05.10 16:08:24 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012.05.10 16:08:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012.05.10 16:08:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012.05.10 16:08:05 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2012.05.10 15:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012.05.10 15:38:32 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.05.10 15:38:32 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.05.10 15:38:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.05.10 15:38:32 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.05.10 15:38:32 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.05.10 15:38:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.05.10 15:38:32 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.05.10 15:38:32 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.05.10 15:38:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.05.10 15:38:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.05.10 15:38:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.05.10 15:38:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.05.10 15:38:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.05.10 15:38:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.05.10 15:38:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.05.10 15:38:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.05.10 15:38:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.05.10 15:38:31 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.05.10 15:38:31 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.05.10 15:38:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.05.10 15:38:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.05.10 15:38:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.05.10 15:38:31 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.05.10 15:38:31 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.05.10 15:38:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.05.10 15:38:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.05.10 15:38:31 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.05.10 15:38:31 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.05.10 15:38:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.05.10 15:38:31 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.05.10 15:38:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.10 15:38:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.05.10 15:38:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.05.10 15:38:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.05.10 15:38:30 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.05.10 15:38:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.05.10 15:38:30 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.05.10 15:38:30 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.05.10 15:38:30 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.05.10 15:38:30 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.05.10 15:38:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.05.10 15:38:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.05.10 15:38:30 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.05.10 15:38:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.05.10 15:38:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.05.10 15:38:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.05.10 15:38:29 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.05.10 15:38:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.05.10 15:38:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.05.10 15:38:29 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.05.10 15:38:29 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.05.10 15:38:29 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.05.10 15:38:29 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.05.10 15:38:29 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.05.10 15:38:29 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.05.10 15:38:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.05.10 15:38:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.05.10 15:38:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.05.10 15:38:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.05.10 15:38:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.05.10 15:38:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.05.10 15:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.05.10 15:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.05.10 15:34:31 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.10 14:35:09 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.05.10 14:35:08 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.05.10 14:35:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.05.10 14:32:09 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.05.10 14:30:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 14:30:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 14:30:28 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.10 14:30:08 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 14:29:54 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.05.10 14:29:54 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.05.10 14:29:53 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.05.10 14:29:53 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.05.10 14:29:51 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.05.10 14:29:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.05.10 14:29:50 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.05.10 14:29:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.05.10 14:29:49 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.05.10 14:29:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.05.10 14:29:49 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.05.10 14:29:48 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.05.10 14:29:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.05.10 14:29:36 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.05.10 14:29:35 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.05.10 14:29:33 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.05.10 14:29:33 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.05.10 14:29:33 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.05.10 14:29:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.05.10 14:29:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.05.10 14:29:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.05.10 14:29:21 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012.05.10 14:29:21 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012.05.10 14:29:20 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012.05.10 14:29:20 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012.05.10 14:29:18 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.05.10 14:29:17 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.05.10 14:29:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.05.10 14:29:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.05.10 14:29:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.05.10 14:29:15 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.05.10 14:29:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.05.10 14:29:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.05.10 14:29:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.05.10 14:29:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.05.10 14:29:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.05.10 14:29:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.05.10 14:29:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.05.10 14:29:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.05.10 14:29:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.05.10 14:29:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.05.10 14:29:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.05.10 14:29:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.05.10 14:29:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.05.10 14:29:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.05.10 14:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.05.10 14:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.05.10 14:29:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.05.10 14:29:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.05.10 14:29:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.05.10 14:29:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.05.10 14:29:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.05.10 14:29:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.05.10 14:29:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.05.10 14:29:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.05.10 14:29:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.05.10 14:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.05.10 14:29:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.05.10 14:29:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.05.10 14:29:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.05.10 14:29:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.05.10 14:28:55 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012.05.10 14:28:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012.05.10 14:28:52 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.05.10 14:28:51 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012.05.10 14:28:45 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.05.10 14:28:45 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.05.10 14:28:43 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.05.10 14:28:43 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.05.10 14:28:40 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012.05.10 14:28:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012.05.10 14:28:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012.05.10 14:28:31 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.05.10 14:28:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.05.10 14:28:27 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012.05.10 14:28:27 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012.05.10 14:28:26 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012.05.10 14:28:26 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012.05.10 14:28:25 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012.05.10 14:28:25 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012.05.10 14:28:25 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012.05.10 14:28:24 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2012.05.10 14:28:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012.05.10 14:28:18 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012.05.10 14:28:17 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012.05.10 14:28:17 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012.05.10 14:28:16 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012.05.10 14:28:16 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012.05.10 14:28:15 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012.05.10 14:28:15 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012.05.10 14:28:12 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012.05.10 14:28:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012.05.10 14:28:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012.05.10 14:28:11 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012.05.10 14:28:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012.05.10 14:28:10 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012.05.10 14:28:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012.05.10 14:28:09 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012.05.10 14:28:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012.05.10 14:28:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012.05.10 14:27:46 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012.05.10 14:27:46 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cfgmgr32.dll
[2012.05.10 14:27:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012.05.10 14:27:42 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.10 14:27:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.10 14:27:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.05.10 14:27:40 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.05.10 14:27:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.05.10 14:27:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.05.10 14:27:39 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.05.10 14:27:39 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.05.10 14:27:34 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.05.10 14:27:33 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.05.10 14:27:33 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012.05.10 14:27:32 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WFS.exe
[2012.05.10 14:27:31 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.05.10 14:27:31 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.05.10 14:27:23 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012.05.10 14:27:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012.05.10 14:27:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012.05.10 14:27:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012.05.10 14:27:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012.05.10 14:27:22 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012.05.10 14:27:21 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012.05.10 14:27:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012.05.10 14:27:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012.05.10 14:27:12 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.05.10 14:26:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012.05.10 14:26:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.05.10 14:26:51 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012.05.10 14:26:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012.05.10 14:26:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012.05.10 14:25:47 | 000,288,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.05.10 14:13:28 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.05.10 14:13:26 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.05.10 14:13:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.05.10 14:02:41 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\WinRAR
[2012.05.10 14:02:41 | 000,000,000 | ---D | C] -- C:\Users\Samsung\Documents\Legan EN-TR
[2012.05.10 13:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.05.10 13:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.10 13:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.10 13:40:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.05.10 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\ApplicationHistory
[2012.05.10 13:01:57 | 000,000,000 | ---D | C] -- C:\Users\Samsung\Documents\trados lisans
[2012.05.10 12:25:30 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Skype
[2012.05.09 21:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012.05.09 21:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2012.05.09 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\CrashDumps
[2012.05.09 21:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2012.05.09 21:31:08 | 000,000,000 | ---D | C] -- C:\Users\Samsung\Documents\CyberLink
[2012.05.09 19:05:07 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.05.09 19:05:06 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.05.09 19:04:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.05.09 19:03:28 | 000,000,000 | ---D | C] -- C:\Users\Samsung\Documents\Symantec
[2012.05.09 18:52:29 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Power2Go
[2012.05.09 18:37:32 | 000,000,000 | ---D | C] -- C:\2114c43bf619d33ab751
[2012.05.09 18:24:54 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.05.09 18:22:45 | 000,345,600 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\SetLCDStretchMode.exe
[2012.05.09 18:22:39 | 000,407,040 | ---- | C] (Samsung Electronics) -- C:\Windows\HotfixChecker.exe
[2012.05.09 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.05.09 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Microsoft Games
[2012.05.09 17:48:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2012.05.09 17:44:23 | 014,392,507 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Samsung Astro Orbit I.scr
[2012.05.09 17:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SAMSUNG
[2012.05.09 17:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.05.09 17:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.05.09 17:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.05.09 17:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012.05.09 17:28:45 | 000,013,824 | ---- | C] (SAMSUNG ELECTRONICS) -- C:\Windows\SysNative\drivers\SABI.sys
[2012.05.09 17:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.05.09 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.05.09 17:20:58 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\CyberLink
[2012.05.09 17:20:53 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Cyberlink
[2012.05.09 17:15:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[2012.05.09 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2012.05.09 17:14:24 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.05.09 17:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012.05.09 17:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.05.09 17:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.05.09 17:13:34 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Broadcom
[2012.05.09 17:13:34 | 000,000,000 | ---D | C] -- C:\Users\Samsung\Documents\Bluetooth Değişim Klasörü
[2012.05.09 17:07:43 | 000,022,056 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\btwcoins.dll
[2012.05.09 17:07:42 | 000,348,712 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2012.05.09 17:07:42 | 000,138,280 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2012.05.09 17:07:42 | 000,106,536 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2012.05.09 17:07:42 | 000,039,464 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2012.05.09 17:07:42 | 000,021,416 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2012.05.09 17:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012.05.09 17:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012.05.09 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\SRS Labs
[2012.05.09 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
[2012.05.09 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\SRS Labs
[2012.05.09 17:00:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2012.05.09 17:00:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.05.09 17:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.05.09 16:59:58 | 002,186,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012.05.09 16:59:58 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012.05.09 16:59:57 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012.05.09 16:59:56 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012.05.09 16:59:55 | 002,813,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012.05.09 16:59:55 | 000,618,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012.05.09 16:59:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.05.09 16:59:55 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.05.09 16:59:55 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.05.09 16:59:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.05.09 16:59:54 | 001,242,728 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012.05.09 16:59:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.05.09 16:59:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.05.09 16:59:54 | 000,083,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012.05.09 16:59:43 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.05.09 16:59:41 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012.05.09 16:59:41 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012.05.09 16:59:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.05.09 16:59:39 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.05.09 16:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.05.09 16:33:24 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Diagnostics
[2012.05.09 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.05.09 16:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.05.09 15:57:42 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Macromedia
[2012.05.09 15:19:49 | 000,000,000 | ---D | C] -- C:\Users\Samsung\Tracing
[2012.05.09 15:19:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.05.09 15:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.05.09 15:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.05.09 15:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.05.09 15:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.05.09 15:11:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.05.09 15:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.05.09 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Microsoft Help
[2012.05.09 15:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.05.09 15:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.05.09 14:53:57 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Adobe
[2012.05.09 14:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.05.09 14:53:12 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.05.09 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.05.09 14:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\GRETECH
[2012.05.09 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\GRETECH
[2012.05.09 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\Samsung\Documents\GomPlayer
[2012.05.09 14:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012.05.09 14:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2012.05.09 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.09 14:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.09 14:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.05.09 14:49:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.05.09 14:49:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.05.09 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012.05.09 14:48:40 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Algılayıcı
[2012.05.09 14:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.05.09 14:48:37 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Winamp
[2012.05.09 14:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.05.09 14:48:00 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\vlc
[2012.05.09 14:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.05.09 14:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.05.09 14:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXARadyo
[2012.05.09 14:46:18 | 000,000,000 | ---D | C] -- C:\EXA
[2012.05.09 14:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.05.09 14:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.05.09 14:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.05.09 14:41:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.09 14:41:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.09 14:41:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.09 14:41:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.09 14:41:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.09 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.05.09 14:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.05.09 14:40:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.05.09 14:39:58 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.09 14:39:58 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.09 14:39:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.05.09 14:38:25 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Mozilla
[2012.05.09 14:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.05.09 14:34:08 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Intel Corporation
[2012.05.09 14:34:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.05.09 14:33:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2012.05.09 14:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.05.09 14:31:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom Wireless
[2012.05.09 14:30:49 | 001,014,784 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\BCMLogon.dll
[2012.05.09 14:30:29 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012.05.09 14:30:29 | 000,022,592 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012.05.09 14:30:28 | 004,961,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012.05.09 14:30:28 | 004,428,288 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmttls.dll
[2012.05.09 14:30:28 | 000,073,728 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012.05.09 14:30:28 | 000,060,928 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlrmt.dll
[2012.05.09 14:30:27 | 007,761,408 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012.05.09 14:30:26 | 003,161,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe
[2012.05.09 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012.05.09 14:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.05.09 14:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.05.09 14:28:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.05.09 14:27:55 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012.05.09 14:27:52 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\InstallShield
[2012.05.09 14:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012.05.09 14:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012.05.09 14:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.05.09 14:20:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.05.09 14:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.05.09 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.05.09 14:20:36 | 020,453,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.09 14:20:36 | 015,039,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.09 14:20:36 | 007,713,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.09 14:20:36 | 005,637,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.09 14:20:36 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
[2012.05.09 14:20:36 | 000,763,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.09 14:20:36 | 000,644,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.09 14:20:36 | 000,446,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoptimusmft.dll
[2012.05.09 14:20:36 | 000,380,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoptimusmft.dll
[2012.05.09 14:20:36 | 000,226,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.09 14:20:36 | 000,192,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.09 14:20:36 | 000,025,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2012.05.09 14:20:35 | 012,835,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.09 14:20:35 | 010,055,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.09 14:20:35 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
[2012.05.09 14:20:35 | 000,391,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.09 14:20:35 | 000,320,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.09 14:20:34 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.09 14:20:34 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.09 14:20:34 | 006,598,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.09 14:20:34 | 004,936,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.09 14:20:34 | 003,182,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.09 14:20:34 | 002,954,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.09 14:20:34 | 002,871,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.09 14:20:34 | 002,579,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.09 14:20:34 | 002,198,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.09 14:20:34 | 001,963,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.09 14:20:34 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.09 14:20:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.05.09 14:20:34 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2012.05.09 14:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.05.09 14:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012.05.09 14:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.05.09 14:07:54 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.05.09 14:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.05.09 14:07:46 | 000,000,000 | ---D | C] -- C:\Intel
[2012.05.09 14:06:55 | 000,533,096 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.05.09 14:06:55 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012.05.09 14:06:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.05.09 14:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.05.09 13:46:28 | 000,000,000 | R--D | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.05.09 13:46:28 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Searches
[2012.05.09 13:46:28 | 000,000,000 | R--D | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.05.09 13:46:28 | 000,000,000 | -H-D | C] -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012.05.09 13:46:08 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Contacts
[2012.05.09 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\VirtualStore
[2012.05.09 13:45:47 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\AppData\Local\Temporary Internet Files
[2012.05.09 13:45:46 | 000,000,000 | --SD | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Videos
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Saved Games
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Pictures
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Music
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Links
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Favorites
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Downloads
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Documents
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\Desktop
[2012.05.09 13:45:46 | 000,000,000 | R--D | C] -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Documents\Videolarım
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Templates
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Start Menu
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\SendTo
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Documents\Resimlerim
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Recent
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\PrintHood
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\NetHood
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Documents\Müziğim
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Local Settings
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\AppData\Local\History
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Cookies
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Belgelerim
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\Application Data
[2012.05.09 13:45:46 | 000,000,000 | -HSD | C] -- C:\Users\Samsung\AppData\Local\Application Data
[2012.05.09 13:45:46 | 000,000,000 | -H-D | C] -- C:\Users\Samsung\AppData
[2012.05.09 13:45:46 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Temp
[2012.05.09 13:45:46 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\Microsoft
[2012.05.09 13:45:46 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\Media Center Programs
[2012.05.09 13:45:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Videolarım
[2012.05.09 13:45:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Sık Kullanılanlar
[2012.05.09 13:45:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Resimlerim
[2012.05.09 13:45:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Müziğim
[2012.05.09 13:45:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Belgeler
[2012.05.09 13:45:37 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.05.09 13:37:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.05.09 13:35:16 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.05.09 13:34:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.05.08 16:28:10 | 004,633,992 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2012.05.08 16:28:04 | 000,118,664 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys

========== Files - Modified Within 30 Days ==========

[2012.05.17 11:05:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.17 11:05:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.17 11:02:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Samsung\Desktop\OTL.exe
[2012.05.17 10:58:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.17 10:58:01 | 466,968,575 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.17 00:19:21 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.16 18:35:55 | 000,000,030 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\mbam.context.scan
[2012.05.16 18:11:37 | 001,484,048 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.16 18:11:37 | 000,626,780 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.05.16 18:11:37 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.16 18:11:37 | 000,126,646 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.05.16 18:11:37 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.16 14:28:43 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.05.16 14:28:15 | 001,866,693 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\Cat.DB
[2012.05.16 14:22:44 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.05.16 14:22:44 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.05.16 14:22:44 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.05.16 14:03:23 | 004,495,419 | R--- | M] (Swearware) -- C:\Users\Samsung\Desktop\ComboFix.exe
[2012.05.16 10:52:00 | 000,000,512 | ---- | M] () -- C:\Users\Samsung\Desktop\MBR.dat
[2012.05.16 02:34:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Samsung\Desktop\aswMBR.exe
[2012.05.16 02:33:58 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Samsung\Desktop\tdsskiller.exe
[2012.05.15 13:15:56 | 000,879,714 | ---- | M] () -- C:\Users\Samsung\Desktop\SecurityCheck.exe
[2012.05.15 01:16:27 | 000,007,625 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Resmon.ResmonCfg
[2012.05.14 18:30:52 | 000,000,000 | ---- | M] () -- C:\Users\Samsung\defogger_reenable
[2012.05.14 16:39:33 | 000,050,477 | ---- | M] () -- C:\Users\Samsung\Desktop\Defogger.exe
[2012.05.11 18:41:22 | 000,544,768 | ---- | M] () -- C:\Users\Samsung\allergan.mxa
[2012.05.11 16:25:05 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.11 14:49:14 | 000,410,908 | ---- | M] () -- C:\Users\Samsung\Documents\giz 001.jpg
[2012.05.11 13:02:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.11 12:25:20 | 000,423,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 18:34:45 | 000,282,624 | ---- | M] () -- C:\Users\Samsung\allergan.mxt
[2012.05.10 18:04:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.05.10 18:04:37 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.05.10 15:49:24 | 000,001,425 | ---- | M] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.05.10 15:38:32 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.05.10 15:38:32 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.05.10 15:38:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.05.10 15:38:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.05.10 15:38:32 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.05.10 15:38:32 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.05.10 15:38:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.05.10 15:38:32 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.05.10 15:38:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.05.10 15:38:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.05.10 15:38:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.05.10 15:38:32 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.05.10 15:38:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.05.10 15:38:32 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.05.10 15:38:32 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.05.10 15:38:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.05.10 15:38:32 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.05.10 15:38:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.05.10 15:38:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.05.10 15:38:31 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.05.10 15:38:31 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.05.10 15:38:31 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.05.10 15:38:31 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.05.10 15:38:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.05.10 15:38:31 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.05.10 15:38:31 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.05.10 15:38:31 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.05.10 15:38:31 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.05.10 15:38:31 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.05.10 15:38:31 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.05.10 15:38:31 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.05.10 15:38:31 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.05.10 15:38:31 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.05.10 15:38:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.10 15:38:31 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.05.10 15:38:31 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.05.10 15:38:30 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.05.10 15:38:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.05.10 15:38:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.05.10 15:38:30 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.05.10 15:38:30 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.05.10 15:38:30 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.05.10 15:38:30 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.05.10 15:38:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.05.10 15:38:30 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.05.10 15:38:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.05.10 15:38:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.05.10 15:38:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.05.10 15:38:29 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.05.10 15:38:29 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.05.10 15:38:29 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.05.10 15:38:29 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.05.10 15:38:29 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.05.10 15:38:29 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.05.10 15:38:29 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.05.10 15:38:29 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.05.10 15:38:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.05.10 15:38:29 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.05.10 15:38:29 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.05.10 15:38:29 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.05.10 15:38:29 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.05.10 15:38:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.05.10 15:38:29 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.05.10 15:35:29 | 000,698,444 | ---- | M] () -- C:\Windows\SysNative\oem24.inf
[2012.05.10 13:40:55 | 000,002,519 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.10 13:24:47 | 000,000,396 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.05.10 13:03:52 | 000,000,095 | ---- | M] () -- C:\Users\Samsung\AppData\Local\fusioncache.dat
[2012.05.10 12:57:13 | 001,490,348 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.09 18:37:32 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012.05.09 18:22:43 | 000,003,860 | ---- | M] () -- C:\Windows\HotFixList.ini
[2012.05.09 17:43:45 | 000,001,635 | ---- | M] () -- C:\Users\Samsung\ChargeableUSB.lnk
[2012.05.09 17:43:06 | 000,002,076 | ---- | M] () -- C:\Users\Samsung\Easy Network Manager.lnk
[2012.05.09 17:39:47 | 000,002,519 | ---- | M] () -- C:\Users\Samsung\Skype.lnk
[2012.05.09 17:35:49 | 000,002,083 | ---- | M] () -- C:\Users\Samsung\EasyFileShare.lnk
[2012.05.09 17:30:28 | 000,001,812 | ---- | M] () -- C:\Users\Samsung\Samsung Update Plus.lnk
[2012.05.09 17:28:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SABI_01009.Wdf
[2012.05.09 17:28:42 | 000,002,114 | ---- | M] () -- C:\Users\Samsung\Samsung Support Center.lnk
[2012.05.09 17:27:50 | 000,002,783 | ---- | M] () -- C:\Users\Samsung\Easy Content Share.lnk
[2012.05.09 17:14:19 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.05.09 17:07:53 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.05.09 17:02:52 | 000,679,298 | ---- | M] () -- C:\Windows\SysNative\oem15.inf
[2012.05.09 14:53:47 | 000,001,213 | ---- | M] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.05.09 14:53:47 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.05.09 14:51:45 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.09 14:49:14 | 000,001,007 | ---- | M] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012.05.09 14:49:14 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.05.09 14:47:57 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.09 14:46:18 | 000,000,720 | ---- | M] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\EXARadyo.lnk
[2012.05.09 14:46:18 | 000,000,696 | ---- | M] () -- C:\Users\Public\Desktop\EXARadyo.lnk
[2012.05.09 14:41:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.09 14:41:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.09 14:41:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.09 14:41:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.09 14:40:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.09 14:39:58 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.09 14:31:02 | 000,698,444 | ---- | M] () -- C:\Windows\SysNative\oem12.inf
[2012.05.09 14:20:01 | 000,018,782 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012.05.09 14:05:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.05.09 13:40:15 | 000,061,298 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.05.09 13:40:15 | 000,061,298 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.04.26 20:08:16 | 055,656,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.04.19 06:43:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\isolate.ini

========== Files Created - No Company Name ==========

[2012.05.17 00:19:20 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.17 00:19:20 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.16 18:35:55 | 000,000,030 | ---- | C] () -- C:\Users\Samsung\AppData\Roaming\mbam.context.scan
[2012.05.16 14:27:53 | 001,866,693 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\Cat.DB
[2012.05.16 14:25:45 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symds64.cat
[2012.05.16 14:25:45 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\ccsetx64.cat
[2012.05.16 14:25:45 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtspx64.cat
[2012.05.16 14:25:45 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symefa64.cat
[2012.05.16 14:25:45 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symnet64.cat
[2012.05.16 14:25:45 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtsp64.cat
[2012.05.16 14:25:45 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\iron.cat
[2012.05.16 14:25:45 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symefa.inf
[2012.05.16 14:25:45 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symds.inf
[2012.05.16 14:25:45 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symnet.inf
[2012.05.16 14:25:45 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtsp64.inf
[2012.05.16 14:25:45 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\srtspx64.inf
[2012.05.16 14:25:45 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\ccsetx64.inf
[2012.05.16 14:25:45 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\iron.inf
[2012.05.16 14:25:35 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\symvtcer.dat
[2012.05.16 14:25:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\isolate.ini
[2012.05.16 14:22:44 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.05.16 14:22:44 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.05.16 14:22:42 | 000,002,492 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.05.16 12:30:18 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.05.16 12:29:50 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.05.16 12:29:16 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.05.16 12:28:52 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.05.16 10:40:28 | 000,000,512 | ---- | C] () -- C:\Users\Samsung\Desktop\MBR.dat
[2012.05.15 21:54:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.15 21:54:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.15 21:54:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.15 21:54:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.15 21:54:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.15 13:15:55 | 000,879,714 | ---- | C] () -- C:\Users\Samsung\Desktop\SecurityCheck.exe
[2012.05.15 01:16:27 | 000,007,625 | ---- | C] () -- C:\Users\Samsung\AppData\Local\Resmon.ResmonCfg
[2012.05.14 18:30:52 | 000,000,000 | ---- | C] () -- C:\Users\Samsung\defogger_reenable
[2012.05.14 16:39:32 | 000,050,477 | ---- | C] () -- C:\Users\Samsung\Desktop\Defogger.exe
[2012.05.11 14:49:01 | 000,410,908 | ---- | C] () -- C:\Users\Samsung\Documents\giz 001.jpg
[2012.05.11 13:02:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.10 18:34:44 | 000,282,624 | ---- | C] () -- C:\Users\Samsung\allergan.mxt
[2012.05.10 18:34:39 | 000,544,768 | ---- | C] () -- C:\Users\Samsung\allergan.mxa
[2012.05.10 16:56:23 | 002,076,672 | ---- | C] () -- C:\Windows\SysWow64\libmysql.dll
[2012.05.10 16:56:23 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012.05.10 16:56:22 | 000,499,712 | ---- | C] () -- C:\Windows\SysWow64\edbvba.dll
[2012.05.10 16:56:22 | 000,349,184 | ---- | C] () -- C:\Windows\SysWow64\FM20.oca
[2012.05.10 16:56:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012.05.10 16:52:28 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.05.10 16:50:33 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.05.10 16:50:14 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.05.10 16:50:14 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.05.10 16:49:54 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.05.10 15:38:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.05.10 15:38:29 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.05.10 15:35:35 | 000,698,444 | ---- | C] () -- C:\Windows\SysNative\oem24.inf
[2012.05.10 13:40:55 | 000,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.10 13:24:47 | 000,000,396 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.10 13:03:52 | 000,000,095 | ---- | C] () -- C:\Users\Samsung\AppData\Local\fusioncache.dat
[2012.05.09 21:45:01 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2012.05.09 21:45:01 | 000,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2012.05.09 18:19:27 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012.05.09 17:44:29 | 000,016,018 | ---- | C] () -- C:\Windows\Samsung.png
[2012.05.09 17:43:45 | 000,001,635 | ---- | C] () -- C:\Users\Samsung\ChargeableUSB.lnk
[2012.05.09 17:43:06 | 000,002,076 | ---- | C] () -- C:\Users\Samsung\Easy Network Manager.lnk
[2012.05.09 17:39:47 | 000,002,519 | ---- | C] () -- C:\Users\Samsung\Skype.lnk
[2012.05.09 17:38:45 | 000,003,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2012.05.09 17:35:49 | 000,002,083 | ---- | C] () -- C:\Users\Samsung\EasyFileShare.lnk
[2012.05.09 17:30:28 | 000,001,812 | ---- | C] () -- C:\Users\Samsung\Samsung Update Plus.lnk
[2012.05.09 17:30:26 | 000,000,433 | ---- | C] () -- C:\Windows\SlientUninstall.iss
[2012.05.09 17:28:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SABI_01009.Wdf
[2012.05.09 17:28:42 | 000,002,114 | ---- | C] () -- C:\Users\Samsung\Samsung Support Center.lnk
[2012.05.09 17:27:50 | 000,002,783 | ---- | C] () -- C:\Users\Samsung\Easy Content Share.lnk
[2012.05.09 17:07:07 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.05.09 17:03:00 | 000,679,298 | ---- | C] () -- C:\Windows\SysNative\oem15.inf
[2012.05.09 14:56:07 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.05.09 14:55:50 | 001,490,348 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.09 14:52:39 | 000,001,213 | ---- | C] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.05.09 14:52:39 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.05.09 14:51:44 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.09 14:49:14 | 000,001,007 | ---- | C] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012.05.09 14:49:14 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.05.09 14:47:57 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.09 14:46:18 | 000,000,720 | ---- | C] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\EXARadyo.lnk
[2012.05.09 14:46:18 | 000,000,696 | ---- | C] () -- C:\Users\Public\Desktop\EXARadyo.lnk
[2012.05.09 14:42:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.09 14:31:09 | 000,698,444 | ---- | C] () -- C:\Windows\SysNative\oem12.inf
[2012.05.09 14:30:29 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012.05.09 14:30:28 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012.05.09 14:30:26 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012.05.09 14:20:36 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.09 14:20:01 | 000,018,782 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012.05.09 14:06:55 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012.05.09 14:05:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.05.09 13:49:49 | 000,001,425 | ---- | C] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.05.09 13:46:39 | 000,001,397 | ---- | C] () -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.05.09 13:46:31 | 000,001,431 | ---- | C] () -- C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.05.09 13:45:46 | 000,000,290 | ---- | C] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.05.09 13:45:46 | 000,000,272 | ---- | C] () -- C:\Users\Samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.05.09 13:40:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.05.09 13:39:49 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.05.09 13:34:27 | 466,968,575 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.10 14:27:24 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.01.10 14:27:24 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.01.10 14:27:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.01.10 14:16:52 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.01.10 13:29:52 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 21 May 2012 - 03:06 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 avendesora

avendesora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 22 May 2012 - 03:46 AM

Hello. Here is the report from OTL:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
File RITY] not found.
File ptyjava] not found.
File PTYFLASH] not found.

OTL by OldTimer - Version 3.2.43.0 log created on 05222012_102126

It seems I no longer get those warnings but I have trouble running certain programs, actually only the ones that are designed for older versions of Windows I guess. Do you think some system files might be corrupt? If I did a system recovery, could the computer get infected again? Thank you so much!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 22 May 2012 - 07:48 AM

which programs are you having trouble with and yes doing a system restore at this time would most likely reinfect the computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 avendesora

avendesora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 22 May 2012 - 09:28 AM

MS Office 2003 for example, it runs but when I double clik a Word file, it won't open. I have to open Word first, click on 'Open' and then choose the file. I can live with that but the biggest problem is that I use a translation tool which has an interface connected to Word. When I try to use it with Word, I get an error message saying that the interface is not running, which is not the case. Do I have to reformat? I have all my backups including driver setups on an external HDD, which I scanned several times with different tools, it shows clean. But then again those same tools couldn't find any malware in my computer, either. Do you think that would be an issue?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users