Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fathers PC with a Bootkit infection I Think


  • This topic is locked This topic is locked
14 replies to this topic

#1 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 30 July 2012 - 07:50 PM

STARTED HERE - http://www.bleepingcomputer.com/forums/topic463144.html

AND CONTINUED NOW HERE IN THIS POST

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HERGENROEDER at 19:40:58 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2241 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\HostsMan\hm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bleepingcomputer.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [HostsMan] "C:\Program Files (x86)\HostsMan\hm.exe" -s
uRun: [BDUSBImmunizer] C:\Users\HERGENROEDER\Desktop\BDUSBImmunizer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9223451D-3143-4A54-ABFB-28739C2E50EC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EF24F2BA-0701-46E4-93F2-DAA3065A8304} : DhcpNameServer = 192.168.0.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Do Not Track Plus: {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HERGENROEDER\AppData\Roaming\Mozilla\Firefox\Profiles\y0eqj7zs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-7-30 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-8 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-8 297048]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-29 655944]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-8 976728]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-29 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-31 00:40:16 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8FBB280-83AC-451F-81FE-B5F53629A291}\offreg.dll
2012-07-30 23:22:22 -------- d-----w- C:\Users\HERGENROEDER\AppData\Roaming\Rovio
2012-07-30 23:22:00 -------- d-----w- C:\Program Files (x86)\Rovio
2012-07-30 16:27:24 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8FBB280-83AC-451F-81FE-B5F53629A291}\mpengine.dll
2012-07-30 05:41:22 101464 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-07-30 05:41:02 -------- d-----w- C:\Users\HERGENROEDER\AppData\Local\Trusteer
2012-07-30 05:40:49 -------- d-----w- C:\Program Files (x86)\Trusteer
2012-07-30 03:30:05 -------- d-----w- C:\ProgramData\Trusteer
2012-07-30 02:19:02 -------- d-----w- C:\Users\HERGENROEDER\AppData\Roaming\abelhadigital.com
2012-07-30 02:19:02 -------- d-----w- C:\ProgramData\abelhadigital.com
2012-07-30 02:18:59 -------- d-----w- C:\Program Files (x86)\HostsMan
2012-07-30 02:17:28 -------- d-----w- C:\Program Files (x86)\hpHosts
2012-07-30 02:06:53 -------- d-----w- C:\Users\HERGENROEDER\AppData\Local\Adobe
2012-07-30 02:02:13 -------- d-----w- C:\Users\HERGENROEDER\AppData\Local\DoNotTrackPlus
2012-07-30 02:02:00 -------- d-----w- C:\Program Files (x86)\DoNotTrackPlus
2012-07-30 02:00:43 -------- d-----w- C:\Users\HERGENROEDER\AppData\Local\Macromedia
2012-07-30 02:00:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 02:00:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-30 01:38:33 -------- d-----w- C:\Program Files\WOT
2012-07-30 01:38:33 -------- d-----w- C:\Program Files (x86)\WOT
2012-07-30 01:30:04 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-30 01:29:43 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-30 01:29:19 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-30 01:29:10 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-30 01:29:08 -------- d-----w- C:\Program Files\PlayReady
2012-07-30 01:03:55 -------- d-----w- C:\Windows\PCHEALTH
2012-07-30 01:01:49 -------- d-----w- C:\Users\HERGENROEDER\AppData\Local\Microsoft Help
2012-07-30 00:08:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-30 00:08:40 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-29 23:03:06 -------- d-----w- C:\Windows\System32\SPReview
2012-07-29 23:02:45 -------- d-----w- C:\Windows\System32\EventProviders
2012-07-29 23:02:19 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-29 23:00:06 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-29 23:00:06 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-29 23:00:00 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-29 22:57:59 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2012-07-29 22:57:58 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-07-29 22:57:58 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2012-07-29 22:57:57 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-07-29 22:57:57 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2012-07-29 22:57:53 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-07-29 22:57:42 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-07-29 22:57:42 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-07-29 22:57:42 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-29 22:56:35 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-07-29 22:56:35 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-07-29 22:56:28 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-07-29 22:33:11 -------- d-----w- C:\Windows\SysWow64\Wat
2012-07-29 22:33:10 -------- d-----w- C:\Windows\System32\Wat
2012-07-29 22:32:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-07-29 22:32:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-07-29 22:32:42 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-07-29 22:15:49 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-29 21:28:11 -------- d-----w- C:\Windows\Panther
2012-07-29 21:20:25 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-29 21:19:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-29 21:19:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-29 21:19:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-29 21:19:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-29 21:19:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-29 21:19:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-29 21:19:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-29 21:16:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-07-29 21:16:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-07-29 21:16:22 395776 ----a-w- C:\Windows\System32\webio.dll
2012-07-29 21:16:22 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-07-29 21:16:19 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-07-29 21:16:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-07-29 21:14:59 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-29 21:13:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-07-29 21:04:24 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-07-29 21:03:57 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-07-29 21:03:55 77312 ----a-w- C:\Windows\System32\packager.dll
2012-07-29 21:03:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-07-29 21:03:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-07-29 21:03:46 642944 ----a-w- C:\Windows\System32\winload.efi
2012-07-29 21:03:46 605552 ----a-w- C:\Windows\System32\winload.exe
2012-07-29 21:03:45 566208 ----a-w- C:\Windows\System32\winresume.efi
2012-07-29 21:03:45 518672 ----a-w- C:\Windows\System32\winresume.exe
2012-07-29 21:03:44 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2012-07-29 21:03:44 20352 ----a-w- C:\Windows\System32\kdusb.dll
2012-07-29 21:03:44 19328 ----a-w- C:\Windows\System32\kd1394.dll
2012-07-29 21:03:44 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-07-29 21:02:14 -------- d-----w- C:\Users\HERGENROEDER\AppData\Roaming\Malwarebytes
2012-07-29 21:02:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 21:02:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 21:02:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 20:59:42 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{755C401D-5119-4470-B059-CD1CD68F273C}\gapaengine.dll
2012-07-29 20:59:35 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-07-29 20:59:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-29 20:59:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-29 20:59:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-29 20:50:18 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-29 20:44:06 0 ----a-w- C:\Windows\ativpsrm.bin
2012-07-29 20:42:50 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-29 20:42:46 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-07-29 20:42:46 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-07-29 20:42:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-07-29 20:39:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-29 20:39:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-29 20:39:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-29 20:39:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-29 20:36:37 -------- d-----w- C:\Program Files\ATI
2012-07-29 20:36:12 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-07-29 20:36:12 118784 ----a-w- C:\Windows\System32\atibtmon.exe
2012-07-29 20:36:12 -------- d-sh--w- C:\Windows\Installer
2012-07-29 20:33:21 -------- d-----w- C:\Users\HERGENROEDER\AppData\Roaming\WinBatch
2012-07-29 18:39:56 -------- d-----w- C:\Users\HERGENROEDER\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
2012-07-29 23:14:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-29 23:14:02 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 19:42:25.91 ===============




THIS IS A WINDOWS 7 64BIT SO GMER WAS NOT DONE
Posted Image

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:49 AM

Posted 01 August 2012 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

#3 herg62123

herg62123
  • Topic Starter

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 01 August 2012 - 07:31 PM

I am very familiar with these tools but I know you are helping me so here they are as you asked:

19:05:17.0589 3464 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:05:18.0405 3464 ============================================================
19:05:18.0405 3464 Current date / time: 2012/08/01 19:05:18.0405
19:05:18.0405 3464 SystemInfo:
19:05:18.0405 3464
19:05:18.0406 3464 OS Version: 6.1.7601 ServicePack: 1.0
19:05:18.0406 3464 Product type: Workstation
19:05:18.0406 3464 ComputerName: HERGENROEDER-PC
19:05:18.0406 3464 UserName: HERGENROEDER
19:05:18.0406 3464 Windows directory: C:\Windows
19:05:18.0406 3464 System windows directory: C:\Windows
19:05:18.0406 3464 Running under WOW64
19:05:18.0406 3464 Processor architecture: Intel x64
19:05:18.0407 3464 Number of processors: 2
19:05:18.0407 3464 Page size: 0x1000
19:05:18.0407 3464 Boot type: Normal boot
19:05:18.0407 3464 ============================================================
19:05:19.0531 3464 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:05:19.0570 3464 ============================================================
19:05:19.0570 3464 \Device\Harddisk0\DR0:
19:05:19.0570 3464 MBR partitions:
19:05:19.0570 3464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:05:19.0570 3464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
19:05:19.0570 3464 ============================================================
19:05:19.0581 3464 C: <-> \Device\Harddisk0\DR0\Partition1
19:05:19.0582 3464 ============================================================
19:05:19.0582 3464 Initialize success
19:05:19.0582 3464 ============================================================
19:05:23.0917 1248 ============================================================
19:05:23.0917 1248 Scan started
19:05:23.0917 1248 Mode: Manual; SigCheck; TDLFS;
19:05:23.0917 1248 ============================================================
19:05:24.0799 1248 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:05:24.0878 1248 1394ohci - ok
19:05:25.0034 1248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:05:25.0053 1248 ACPI - ok
19:05:25.0134 1248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:05:25.0146 1248 AcpiPmi - ok
19:05:25.0306 1248 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:05:25.0336 1248 AdobeARMservice - ok
19:05:25.0484 1248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:05:25.0505 1248 adp94xx - ok
19:05:25.0679 1248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:05:25.0697 1248 adpahci - ok
19:05:25.0728 1248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:05:25.0739 1248 adpu320 - ok
19:05:25.0791 1248 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:05:25.0817 1248 AeLookupSvc - ok
19:05:25.0915 1248 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:05:25.0937 1248 AFD - ok
19:05:26.0003 1248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:05:26.0030 1248 agp440 - ok
19:05:26.0050 1248 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:05:26.0062 1248 ALG - ok
19:05:26.0095 1248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:05:26.0103 1248 aliide - ok
19:05:26.0151 1248 AMD External Events Utility (2fdcb3e855076ce97ccb58e2cf8f2a09) C:\Windows\system32\atiesrxx.exe
19:05:26.0204 1248 AMD External Events Utility - ok
19:05:26.0233 1248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:05:26.0246 1248 amdide - ok
19:05:26.0271 1248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:05:26.0287 1248 AmdK8 - ok
19:05:27.0526 1248 amdkmdag (9920704bf815a5b42da5264f013aaeb7) C:\Windows\system32\DRIVERS\atikmdag.sys
19:05:27.0606 1248 amdkmdag - ok
19:05:27.0879 1248 amdkmdap (0d1055a47a8f5dc1caa2701831293ebb) C:\Windows\system32\DRIVERS\atikmpag.sys
19:05:27.0893 1248 amdkmdap - ok
19:05:27.0921 1248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:05:27.0932 1248 AmdPPM - ok
19:05:27.0962 1248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:05:27.0971 1248 amdsata - ok
19:05:27.0990 1248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:05:28.0001 1248 amdsbs - ok
19:05:28.0012 1248 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:05:28.0021 1248 amdxata - ok
19:05:28.0056 1248 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\DRIVERS\amd_sata.sys
19:05:28.0070 1248 amd_sata - ok
19:05:28.0085 1248 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\DRIVERS\amd_xata.sys
19:05:28.0092 1248 amd_xata - ok
19:05:28.0129 1248 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:05:28.0181 1248 AppID - ok
19:05:28.0230 1248 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:05:28.0255 1248 AppIDSvc - ok
19:05:28.0272 1248 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:05:28.0297 1248 Appinfo - ok
19:05:28.0335 1248 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:05:28.0367 1248 arc - ok
19:05:28.0377 1248 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:05:28.0392 1248 arcsas - ok
19:05:28.0412 1248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:05:28.0436 1248 AsyncMac - ok
19:05:28.0460 1248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:05:28.0469 1248 atapi - ok
19:05:28.0503 1248 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:05:28.0511 1248 AtiPcie - ok
19:05:28.0643 1248 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:05:28.0698 1248 AudioEndpointBuilder - ok
19:05:28.0704 1248 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:05:28.0736 1248 AudioSrv - ok
19:05:28.0903 1248 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:05:28.0943 1248 AxInstSV - ok
19:05:29.0095 1248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:05:29.0126 1248 b06bdrv - ok
19:05:29.0165 1248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:05:29.0180 1248 b57nd60a - ok
19:05:29.0205 1248 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:05:29.0216 1248 BDESVC - ok
19:05:29.0230 1248 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:05:29.0254 1248 Beep - ok
19:05:29.0373 1248 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:05:29.0420 1248 BFE - ok
19:05:29.0532 1248 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:05:29.0563 1248 BITS - ok
19:05:29.0633 1248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:05:29.0643 1248 blbdrive - ok
19:05:29.0695 1248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:05:29.0706 1248 bowser - ok
19:05:29.0761 1248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:05:29.0805 1248 BrFiltLo - ok
19:05:29.0833 1248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:05:29.0851 1248 BrFiltUp - ok
19:05:29.0940 1248 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:05:29.0988 1248 Browser - ok
19:05:30.0066 1248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:05:30.0108 1248 Brserid - ok
19:05:30.0123 1248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:05:30.0139 1248 BrSerWdm - ok
19:05:30.0163 1248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:05:30.0175 1248 BrUsbMdm - ok
19:05:30.0252 1248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:05:30.0270 1248 BrUsbSer - ok
19:05:30.0282 1248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:05:30.0296 1248 BTHMODEM - ok
19:05:30.0361 1248 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:05:30.0387 1248 bthserv - ok
19:05:30.0405 1248 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:05:30.0431 1248 cdfs - ok
19:05:30.0453 1248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:05:30.0467 1248 cdrom - ok
19:05:30.0501 1248 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:05:30.0571 1248 CertPropSvc - ok
19:05:30.0618 1248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:05:30.0652 1248 circlass - ok
19:05:30.0718 1248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:05:30.0737 1248 CLFS - ok
19:05:30.0839 1248 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:30.0871 1248 clr_optimization_v2.0.50727_32 - ok
19:05:30.0944 1248 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:05:30.0975 1248 clr_optimization_v2.0.50727_64 - ok
19:05:31.0406 1248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:05:31.0431 1248 clr_optimization_v4.0.30319_32 - ok
19:05:31.0606 1248 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:05:31.0620 1248 clr_optimization_v4.0.30319_64 - ok
19:05:31.0683 1248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:05:31.0705 1248 CmBatt - ok
19:05:31.0770 1248 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:05:31.0779 1248 cmdide - ok
19:05:31.0939 1248 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:05:31.0982 1248 CNG - ok
19:05:32.0077 1248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:05:32.0111 1248 Compbatt - ok
19:05:32.0151 1248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:05:32.0163 1248 CompositeBus - ok
19:05:32.0181 1248 COMSysApp - ok
19:05:32.0199 1248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:05:32.0207 1248 crcdisk - ok
19:05:32.0289 1248 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:05:32.0301 1248 CryptSvc - ok
19:05:32.0485 1248 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:05:32.0555 1248 DcomLaunch - ok
19:05:32.0704 1248 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:05:32.0739 1248 defragsvc - ok
19:05:32.0848 1248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:05:32.0896 1248 DfsC - ok
19:05:32.0995 1248 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:05:33.0047 1248 Dhcp - ok
19:05:33.0071 1248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:05:33.0096 1248 discache - ok
19:05:33.0157 1248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:05:33.0167 1248 Disk - ok
19:05:33.0193 1248 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:05:33.0204 1248 Dnscache - ok
19:05:33.0258 1248 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:05:33.0284 1248 dot3svc - ok
19:05:33.0306 1248 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:05:33.0330 1248 DPS - ok
19:05:33.0431 1248 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:05:33.0451 1248 drmkaud - ok
19:05:33.0673 1248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:05:33.0703 1248 DXGKrnl - ok
19:05:33.0763 1248 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:05:33.0789 1248 EapHost - ok
19:05:34.0097 1248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:05:34.0131 1248 ebdrv - ok
19:05:34.0213 1248 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:05:34.0223 1248 EFS - ok
19:05:34.0328 1248 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:05:34.0353 1248 ehRecvr - ok
19:05:34.0375 1248 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:05:34.0386 1248 ehSched - ok
19:05:34.0472 1248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:05:34.0486 1248 elxstor - ok
19:05:34.0506 1248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:05:34.0517 1248 ErrDev - ok
19:05:34.0581 1248 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:05:34.0609 1248 EventSystem - ok
19:05:34.0675 1248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:05:34.0727 1248 exfat - ok
19:05:34.0754 1248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:05:34.0780 1248 fastfat - ok
19:05:34.0891 1248 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:05:34.0906 1248 Fax - ok
19:05:34.0955 1248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:05:34.0966 1248 fdc - ok
19:05:35.0014 1248 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:05:35.0039 1248 fdPHost - ok
19:05:35.0043 1248 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:05:35.0068 1248 FDResPub - ok
19:05:35.0096 1248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:05:35.0105 1248 FileInfo - ok
19:05:35.0111 1248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:05:35.0136 1248 Filetrace - ok
19:05:35.0139 1248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:05:35.0150 1248 flpydisk - ok
19:05:35.0301 1248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:05:35.0333 1248 FltMgr - ok
19:05:35.0482 1248 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:05:35.0501 1248 FontCache - ok
19:05:35.0781 1248 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:05:35.0807 1248 FontCache3.0.0.0 - ok
19:05:35.0934 1248 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:05:35.0987 1248 FsDepends - ok
19:05:36.0015 1248 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:05:36.0024 1248 Fs_Rec - ok
19:05:36.0069 1248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:05:36.0082 1248 fvevol - ok
19:05:36.0199 1248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:05:36.0229 1248 gagp30kx - ok
19:05:36.0329 1248 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:05:36.0359 1248 gpsvc - ok
19:05:36.0384 1248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:05:36.0395 1248 hcw85cir - ok
19:05:36.0493 1248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:05:36.0523 1248 HdAudAddService - ok
19:05:36.0565 1248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:05:36.0578 1248 HDAudBus - ok
19:05:36.0582 1248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:05:36.0592 1248 HidBatt - ok
19:05:36.0603 1248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:05:36.0616 1248 HidBth - ok
19:05:36.0630 1248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:05:36.0643 1248 HidIr - ok
19:05:36.0665 1248 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:05:36.0692 1248 hidserv - ok
19:05:36.0783 1248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:05:36.0806 1248 HidUsb - ok
19:05:36.0843 1248 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:05:36.0868 1248 hkmsvc - ok
19:05:36.0912 1248 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:05:36.0924 1248 HomeGroupListener - ok
19:05:36.0966 1248 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:05:36.0978 1248 HomeGroupProvider - ok
19:05:37.0011 1248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:05:37.0020 1248 HpSAMD - ok
19:05:37.0153 1248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:05:37.0193 1248 HTTP - ok
19:05:37.0206 1248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:05:37.0215 1248 hwpolicy - ok
19:05:37.0249 1248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:05:37.0262 1248 i8042prt - ok
19:05:37.0310 1248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:05:37.0322 1248 iaStorV - ok
19:05:37.0450 1248 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:05:37.0483 1248 idsvc - ok
19:05:37.0514 1248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:05:37.0523 1248 iirsp - ok
19:05:37.0592 1248 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:05:37.0623 1248 IKEEXT - ok
19:05:37.0883 1248 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
19:05:37.0917 1248 IntcAzAudAddService - ok
19:05:38.0099 1248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:05:38.0134 1248 intelide - ok
19:05:38.0261 1248 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:05:38.0297 1248 intelppm - ok
19:05:38.0350 1248 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:05:38.0409 1248 IPBusEnum - ok
19:05:38.0658 1248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:05:38.0682 1248 IpFilterDriver - ok
19:05:38.0759 1248 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:05:38.0789 1248 iphlpsvc - ok
19:05:38.0814 1248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:05:38.0826 1248 IPMIDRV - ok
19:05:38.0878 1248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:05:38.0926 1248 IPNAT - ok
19:05:38.0943 1248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:05:38.0956 1248 IRENUM - ok
19:05:38.0975 1248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:05:38.0984 1248 isapnp - ok
19:05:39.0004 1248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:05:39.0016 1248 iScsiPrt - ok
19:05:39.0052 1248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:05:39.0062 1248 kbdclass - ok
19:05:39.0099 1248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:05:39.0110 1248 kbdhid - ok
19:05:39.0155 1248 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:05:39.0165 1248 KeyIso - ok
19:05:39.0194 1248 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:05:39.0204 1248 KSecDD - ok
19:05:39.0246 1248 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:05:39.0256 1248 KSecPkg - ok
19:05:39.0306 1248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:05:39.0332 1248 ksthunk - ok
19:05:39.0367 1248 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:05:39.0401 1248 KtmRm - ok
19:05:39.0466 1248 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:05:39.0493 1248 LanmanServer - ok
19:05:39.0577 1248 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:05:39.0603 1248 LanmanWorkstation - ok
19:05:39.0663 1248 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:05:39.0711 1248 lltdio - ok
19:05:39.0753 1248 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:05:39.0781 1248 lltdsvc - ok
19:05:39.0799 1248 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:05:39.0826 1248 lmhosts - ok
19:05:39.0848 1248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:05:39.0859 1248 LSI_FC - ok
19:05:39.0868 1248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:05:39.0886 1248 LSI_SAS - ok
19:05:39.0894 1248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:05:39.0903 1248 LSI_SAS2 - ok
19:05:39.0911 1248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:05:39.0921 1248 LSI_SCSI - ok
19:05:39.0939 1248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:05:39.0965 1248 luafv - ok
19:05:39.0989 1248 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:05:39.0998 1248 MBAMProtector - ok
19:05:40.0078 1248 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:05:40.0092 1248 MBAMService - ok
19:05:40.0162 1248 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:05:40.0192 1248 Mcx2Svc - ok
19:05:40.0215 1248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:05:40.0223 1248 megasas - ok
19:05:40.0243 1248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:05:40.0255 1248 MegaSR - ok
19:05:40.0287 1248 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:05:40.0314 1248 MMCSS - ok
19:05:40.0354 1248 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:05:40.0379 1248 Modem - ok
19:05:40.0404 1248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:05:40.0416 1248 monitor - ok
19:05:40.0437 1248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:05:40.0446 1248 mouclass - ok
19:05:40.0476 1248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:05:40.0486 1248 mouhid - ok
19:05:40.0511 1248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:05:40.0520 1248 mountmgr - ok
19:05:40.0605 1248 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:05:40.0637 1248 MozillaMaintenance - ok
19:05:40.0746 1248 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:05:40.0768 1248 MpFilter - ok
19:05:40.0799 1248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:05:40.0809 1248 mpio - ok
19:05:40.0830 1248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:05:40.0856 1248 mpsdrv - ok
19:05:40.0923 1248 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:05:40.0955 1248 MpsSvc - ok
19:05:40.0981 1248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:05:40.0996 1248 MRxDAV - ok
19:05:41.0028 1248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:05:41.0039 1248 mrxsmb - ok
19:05:41.0061 1248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:05:41.0073 1248 mrxsmb10 - ok
19:05:41.0088 1248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:05:41.0100 1248 mrxsmb20 - ok
19:05:41.0121 1248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:05:41.0130 1248 msahci - ok
19:05:41.0155 1248 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:05:41.0166 1248 msdsm - ok
19:05:41.0195 1248 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:05:41.0207 1248 MSDTC - ok
19:05:41.0242 1248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:05:41.0268 1248 Msfs - ok
19:05:41.0280 1248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:05:41.0305 1248 mshidkmdf - ok
19:05:41.0317 1248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:05:41.0326 1248 msisadrv - ok
19:05:41.0355 1248 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:05:41.0381 1248 MSiSCSI - ok
19:05:41.0384 1248 msiserver - ok
19:05:41.0397 1248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:05:41.0422 1248 MSKSSRV - ok
19:05:41.0519 1248 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:05:41.0554 1248 MsMpSvc - ok
19:05:41.0562 1248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:05:41.0599 1248 MSPCLOCK - ok
19:05:41.0626 1248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:05:41.0651 1248 MSPQM - ok
19:05:41.0703 1248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:05:41.0730 1248 MsRPC - ok
19:05:41.0751 1248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:05:41.0760 1248 mssmbios - ok
19:05:41.0778 1248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:05:41.0802 1248 MSTEE - ok
19:05:41.0805 1248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:05:41.0817 1248 MTConfig - ok
19:05:41.0830 1248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:05:41.0839 1248 Mup - ok
19:05:41.0884 1248 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:05:41.0912 1248 napagent - ok
19:05:41.0983 1248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:05:42.0024 1248 NativeWifiP - ok
19:05:42.0093 1248 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:05:42.0111 1248 NDIS - ok
19:05:42.0140 1248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:05:42.0165 1248 NdisCap - ok
19:05:42.0177 1248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:05:42.0202 1248 NdisTapi - ok
19:05:42.0226 1248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:05:42.0250 1248 Ndisuio - ok
19:05:42.0279 1248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:05:42.0304 1248 NdisWan - ok
19:05:42.0342 1248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:05:42.0397 1248 NDProxy - ok
19:05:42.0416 1248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:05:42.0441 1248 NetBIOS - ok
19:05:42.0473 1248 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:05:42.0499 1248 NetBT - ok
19:05:42.0521 1248 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:05:42.0531 1248 Netlogon - ok
19:05:42.0569 1248 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:05:42.0597 1248 Netman - ok
19:05:42.0630 1248 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:05:42.0659 1248 netprofm - ok
19:05:42.0749 1248 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
19:05:42.0766 1248 netr28x - ok
19:05:42.0828 1248 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:05:42.0857 1248 NetTcpPortSharing - ok
19:05:42.0886 1248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:05:42.0900 1248 nfrd960 - ok
19:05:42.0956 1248 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:05:42.0980 1248 NisDrv - ok
19:05:43.0075 1248 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:05:43.0105 1248 NisSrv - ok
19:05:43.0156 1248 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:05:43.0193 1248 NlaSvc - ok
19:05:43.0197 1248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:05:43.0223 1248 Npfs - ok
19:05:43.0239 1248 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:05:43.0265 1248 nsi - ok
19:05:43.0277 1248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:05:43.0302 1248 nsiproxy - ok
19:05:43.0404 1248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:05:43.0430 1248 Ntfs - ok
19:05:43.0521 1248 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:05:43.0573 1248 Null - ok
19:05:43.0607 1248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:05:43.0617 1248 nvraid - ok
19:05:43.0635 1248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:05:43.0645 1248 nvstor - ok
19:05:43.0657 1248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:05:43.0667 1248 nv_agp - ok
19:05:43.0882 1248 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:05:43.0900 1248 odserv - ok
19:05:43.0931 1248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:05:43.0941 1248 ohci1394 - ok
19:05:44.0008 1248 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:05:44.0017 1248 ose - ok
19:05:44.0064 1248 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:05:44.0077 1248 p2pimsvc - ok
19:05:44.0118 1248 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:05:44.0132 1248 p2psvc - ok
19:05:44.0162 1248 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:05:44.0173 1248 Parport - ok
19:05:44.0199 1248 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:05:44.0209 1248 partmgr - ok
19:05:44.0230 1248 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:05:44.0245 1248 PcaSvc - ok
19:05:44.0352 1248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:05:44.0387 1248 pci - ok
19:05:44.0391 1248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:05:44.0405 1248 pciide - ok
19:05:44.0473 1248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:05:44.0508 1248 pcmcia - ok
19:05:44.0532 1248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:05:44.0546 1248 pcw - ok
19:05:44.0635 1248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:05:44.0666 1248 PEAUTH - ok
19:05:44.0791 1248 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:05:44.0802 1248 PerfHost - ok
19:05:44.0990 1248 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:05:45.0025 1248 pla - ok
19:05:45.0113 1248 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:05:45.0135 1248 PlugPlay - ok
19:05:45.0180 1248 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:05:45.0190 1248 PNRPAutoReg - ok
19:05:45.0225 1248 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:05:45.0238 1248 PNRPsvc - ok
19:05:45.0329 1248 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:05:45.0362 1248 PolicyAgent - ok
19:05:45.0388 1248 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:05:45.0415 1248 Power - ok
19:05:45.0509 1248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:05:45.0555 1248 PptpMiniport - ok
19:05:45.0582 1248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:05:45.0593 1248 Processor - ok
19:05:45.0661 1248 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:05:45.0686 1248 ProfSvc - ok
19:05:45.0724 1248 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:05:45.0734 1248 ProtectedStorage - ok
19:05:45.0811 1248 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:05:45.0857 1248 Psched - ok
19:05:46.0025 1248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:05:46.0050 1248 ql2300 - ok
19:05:46.0187 1248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:05:46.0203 1248 ql40xx - ok
19:05:46.0329 1248 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:05:46.0344 1248 QWAVE - ok
19:05:46.0378 1248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:05:46.0391 1248 QWAVEdrv - ok
19:05:46.0550 1248 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys
19:05:46.0568 1248 RapportCerberus_34302 - ok
19:05:46.0703 1248 RapportEI64 (54bcd50f96236f28cefea58b30b26591) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
19:05:46.0714 1248 RapportEI64 - ok
19:05:46.0752 1248 RapportKE64 (fffbcf4d62276dd719a2e29e54d34760) C:\Windows\system32\Drivers\RapportKE64.sys
19:05:46.0761 1248 RapportKE64 - ok
19:05:46.0869 1248 RapportMgmtService (c862053be4168c0bb6191af76b9fc878) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
19:05:46.0898 1248 RapportMgmtService - ok
19:05:46.0983 1248 RapportPG64 (f23ca0cd061363f7664a76313dde26e0) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
19:05:47.0006 1248 RapportPG64 - ok
19:05:47.0112 1248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:05:47.0169 1248 RasAcd - ok
19:05:47.0187 1248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:05:47.0213 1248 RasAgileVpn - ok
19:05:47.0241 1248 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:05:47.0267 1248 RasAuto - ok
19:05:47.0299 1248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:05:47.0325 1248 Rasl2tp - ok
19:05:47.0367 1248 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:05:47.0394 1248 RasMan - ok
19:05:47.0416 1248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:05:47.0442 1248 RasPppoe - ok
19:05:47.0453 1248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:05:47.0479 1248 RasSstp - ok
19:05:47.0517 1248 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:05:47.0543 1248 rdbss - ok
19:05:47.0555 1248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:05:47.0567 1248 rdpbus - ok
19:05:47.0579 1248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:05:47.0604 1248 RDPCDD - ok
19:05:47.0613 1248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:05:47.0638 1248 RDPENCDD - ok
19:05:47.0650 1248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:05:47.0675 1248 RDPREFMP - ok
19:05:47.0703 1248 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:05:47.0717 1248 RDPWD - ok
19:05:47.0781 1248 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:05:47.0812 1248 rdyboost - ok
19:05:47.0837 1248 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:05:47.0873 1248 RemoteAccess - ok
19:05:47.0894 1248 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:05:47.0920 1248 RemoteRegistry - ok
19:05:47.0939 1248 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:05:47.0965 1248 RpcEptMapper - ok
19:05:47.0974 1248 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:05:47.0984 1248 RpcLocator - ok
19:05:48.0027 1248 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:05:48.0056 1248 RpcSs - ok
19:05:48.0088 1248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:05:48.0114 1248 rspndr - ok
19:05:48.0157 1248 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:05:48.0168 1248 RTL8167 - ok
19:05:48.0188 1248 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:05:48.0199 1248 SamSs - ok
19:05:48.0225 1248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:05:48.0234 1248 sbp2port - ok
19:05:48.0265 1248 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:05:48.0292 1248 SCardSvr - ok
19:05:48.0322 1248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:05:48.0347 1248 scfilter - ok
19:05:48.0431 1248 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:05:48.0465 1248 Schedule - ok
19:05:48.0491 1248 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:05:48.0515 1248 SCPolicySvc - ok
19:05:48.0552 1248 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:05:48.0587 1248 SDRSVC - ok
19:05:48.0645 1248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:05:48.0701 1248 secdrv - ok
19:05:48.0778 1248 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:05:48.0802 1248 seclogon - ok
19:05:48.0829 1248 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:05:48.0856 1248 SENS - ok
19:05:48.0870 1248 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:05:48.0881 1248 SensrSvc - ok
19:05:48.0901 1248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:05:48.0911 1248 Serenum - ok
19:05:48.0928 1248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:05:48.0939 1248 Serial - ok
19:05:48.0962 1248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:05:48.0972 1248 sermouse - ok
19:05:49.0007 1248 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:05:49.0033 1248 SessionEnv - ok
19:05:49.0048 1248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:05:49.0058 1248 sffdisk - ok
19:05:49.0062 1248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:05:49.0072 1248 sffp_mmc - ok
19:05:49.0076 1248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:05:49.0088 1248 sffp_sd - ok
19:05:49.0107 1248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:05:49.0118 1248 sfloppy - ok
19:05:49.0162 1248 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:05:49.0219 1248 SharedAccess - ok
19:05:49.0259 1248 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:05:49.0291 1248 ShellHWDetection - ok
19:05:49.0315 1248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:05:49.0324 1248 SiSRaid2 - ok
19:05:49.0331 1248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:05:49.0341 1248 SiSRaid4 - ok
19:05:49.0352 1248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:05:49.0378 1248 Smb - ok
19:05:49.0394 1248 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:05:49.0405 1248 SNMPTRAP - ok
19:05:49.0424 1248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:05:49.0433 1248 spldr - ok
19:05:49.0487 1248 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:05:49.0516 1248 Spooler - ok
19:05:49.0730 1248 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:05:49.0780 1248 sppsvc - ok
19:05:49.0877 1248 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:05:49.0934 1248 sppuinotify - ok
19:05:50.0010 1248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:05:50.0038 1248 srv - ok
19:05:50.0080 1248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:05:50.0099 1248 srv2 - ok
19:05:50.0122 1248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:05:50.0133 1248 srvnet - ok
19:05:50.0163 1248 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:05:50.0190 1248 SSDPSRV - ok
19:05:50.0201 1248 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:05:50.0228 1248 SstpSvc - ok
19:05:50.0242 1248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:05:50.0250 1248 stexstor - ok
19:05:50.0326 1248 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:05:50.0371 1248 stisvc - ok
19:05:50.0392 1248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:05:50.0400 1248 swenum - ok
19:05:50.0436 1248 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:05:50.0466 1248 swprv - ok
19:05:50.0618 1248 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:05:50.0660 1248 SysMain - ok
19:05:50.0788 1248 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:05:50.0839 1248 TabletInputService - ok
19:05:50.0975 1248 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:05:51.0040 1248 TapiSrv - ok
19:05:51.0082 1248 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:05:51.0136 1248 TBS - ok
19:05:51.0412 1248 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:05:51.0448 1248 Tcpip - ok
19:05:51.0827 1248 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:05:51.0886 1248 TCPIP6 - ok
19:05:52.0018 1248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:05:52.0084 1248 tcpipreg - ok
19:05:52.0126 1248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:05:52.0136 1248 TDPIPE - ok
19:05:52.0172 1248 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:05:52.0182 1248 TDTCP - ok
19:05:52.0222 1248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:05:52.0297 1248 tdx - ok
19:05:52.0377 1248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:05:52.0402 1248 TermDD - ok
19:05:52.0507 1248 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:05:52.0550 1248 TermService - ok
19:05:52.0662 1248 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:05:52.0703 1248 Themes - ok
19:05:52.0755 1248 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:05:52.0781 1248 THREADORDER - ok
19:05:52.0866 1248 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:05:52.0909 1248 TrkWks - ok
19:05:53.0028 1248 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:05:53.0083 1248 TrustedInstaller - ok
19:05:53.0107 1248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:05:53.0131 1248 tssecsrv - ok
19:05:53.0181 1248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:05:53.0210 1248 TsUsbFlt - ok
19:05:53.0275 1248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:05:53.0325 1248 tunnel - ok
19:05:53.0395 1248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:05:53.0409 1248 uagp35 - ok
19:05:53.0450 1248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:05:53.0477 1248 udfs - ok
19:05:53.0528 1248 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:05:53.0540 1248 UI0Detect - ok
19:05:53.0574 1248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:05:53.0583 1248 uliagpkx - ok
19:05:53.0593 1248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:05:53.0604 1248 umbus - ok
19:05:53.0621 1248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:05:53.0631 1248 UmPass - ok
19:05:53.0659 1248 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:05:53.0687 1248 upnphost - ok
19:05:53.0715 1248 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:05:53.0726 1248 usbccgp - ok
19:05:53.0751 1248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:05:53.0764 1248 usbcir - ok
19:05:53.0791 1248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:05:53.0801 1248 usbehci - ok
19:05:53.0827 1248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:05:53.0840 1248 usbhub - ok
19:05:53.0844 1248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:05:53.0855 1248 usbohci - ok
19:05:53.0869 1248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:05:53.0882 1248 usbprint - ok
19:05:53.0889 1248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:05:53.0900 1248 USBSTOR - ok
19:05:53.0904 1248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:05:53.0914 1248 usbuhci - ok
19:05:53.0962 1248 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:05:54.0016 1248 UxSms - ok
19:05:54.0081 1248 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:05:54.0111 1248 VaultSvc - ok
19:05:54.0143 1248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:05:54.0157 1248 vdrvroot - ok
19:05:54.0227 1248 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:05:54.0266 1248 vds - ok
19:05:54.0287 1248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:05:54.0299 1248 vga - ok
19:05:54.0303 1248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:05:54.0328 1248 VgaSave - ok
19:05:54.0396 1248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:05:54.0418 1248 vhdmp - ok
19:05:54.0468 1248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:05:54.0498 1248 viaide - ok
19:05:54.0562 1248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:05:54.0590 1248 volmgr - ok
19:05:54.0738 1248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:05:54.0772 1248 volmgrx - ok
19:05:54.0855 1248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:05:54.0891 1248 volsnap - ok
19:05:54.0929 1248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:05:54.0944 1248 vsmraid - ok
19:05:55.0330 1248 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:05:55.0368 1248 VSS - ok
19:05:55.0578 1248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:05:55.0612 1248 vwifibus - ok
19:05:55.0628 1248 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:05:55.0644 1248 vwififlt - ok
19:05:55.0685 1248 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:05:55.0717 1248 W32Time - ok
19:05:55.0724 1248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:05:55.0734 1248 WacomPen - ok
19:05:55.0758 1248 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:05:55.0783 1248 WANARP - ok
19:05:55.0798 1248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:05:55.0823 1248 Wanarpv6 - ok
19:05:56.0079 1248 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:05:56.0115 1248 WatAdminSvc - ok
19:05:56.0292 1248 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:05:56.0324 1248 wbengine - ok
19:05:56.0635 1248 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:05:56.0657 1248 WbioSrvc - ok
19:05:56.0727 1248 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:05:56.0767 1248 wcncsvc - ok
19:05:56.0826 1248 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:05:56.0846 1248 WcsPlugInService - ok
19:05:56.0922 1248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:05:56.0930 1248 Wd - ok
19:05:57.0067 1248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:05:57.0083 1248 Wdf01000 - ok
19:05:57.0124 1248 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:05:57.0139 1248 WdiServiceHost - ok
19:05:57.0141 1248 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:05:57.0156 1248 WdiSystemHost - ok
19:05:57.0232 1248 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:05:57.0270 1248 WebClient - ok
19:05:57.0348 1248 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:05:57.0375 1248 Wecsvc - ok
19:05:57.0419 1248 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:05:57.0446 1248 wercplsupport - ok
19:05:57.0521 1248 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:05:57.0581 1248 WerSvc - ok
19:05:57.0715 1248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:05:57.0747 1248 WfpLwf - ok
19:05:57.0758 1248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:05:57.0767 1248 WIMMount - ok
19:05:57.0813 1248 WinDefend - ok
19:05:57.0828 1248 WinHttpAutoProxySvc - ok
19:05:57.0942 1248 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:05:57.0980 1248 Winmgmt - ok
19:05:58.0235 1248 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:05:58.0291 1248 WinRM - ok
19:05:58.0611 1248 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:05:58.0655 1248 Wlansvc - ok
19:05:58.0744 1248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:05:58.0782 1248 WmiAcpi - ok
19:05:58.0830 1248 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:05:58.0849 1248 wmiApSrv - ok
19:05:58.0887 1248 WMPNetworkSvc - ok
19:05:58.0908 1248 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:05:58.0919 1248 WPCSvc - ok
19:05:58.0945 1248 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:05:58.0958 1248 WPDBusEnum - ok
19:05:58.0984 1248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:05:59.0010 1248 ws2ifsl - ok
19:05:59.0027 1248 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:05:59.0041 1248 wscsvc - ok
19:05:59.0044 1248 WSearch - ok
19:05:59.0321 1248 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:05:59.0374 1248 wuauserv - ok
19:05:59.0495 1248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:05:59.0557 1248 WudfPf - ok
19:05:59.0576 1248 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:05:59.0602 1248 WUDFRd - ok
19:05:59.0636 1248 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:05:59.0662 1248 wudfsvc - ok
19:05:59.0693 1248 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:05:59.0711 1248 WwanSvc - ok
19:05:59.0746 1248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:06:00.0139 1248 \Device\Harddisk0\DR0 - ok
19:06:00.0146 1248 Boot (0x1200) (8f74b19dca643587b41602bc450e5f7e) \Device\Harddisk0\DR0\Partition0
19:06:00.0149 1248 \Device\Harddisk0\DR0\Partition0 - ok
19:06:00.0192 1248 Boot (0x1200) (796287960d1c4551de0e368d80a5a466) \Device\Harddisk0\DR0\Partition1
19:06:00.0196 1248 \Device\Harddisk0\DR0\Partition1 - ok
19:06:00.0197 1248 ============================================================
19:06:00.0197 1248 Scan finished
19:06:00.0197 1248 ============================================================
19:06:00.0223 2528 Detected object count: 0
19:06:00.0223 2528 Actual detected object count: 0
19:08:50.0658 3612 Deinitialize success


ComboFix 12-07-31.03 - HERGENROEDER 08/01/2012 19:10:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2497 [GMT -5:00]
Running from: c:\users\HERGENROEDER\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 00:08 . 2012-06-29 08:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{795DE0FB-2435-406B-8243-929820DE1595}\mpengine.dll
2012-08-01 23:58 . 2012-08-01 23:58 -------- d-----w- c:\program files (x86)\HostsMan
2012-07-31 08:24 . 2012-06-29 08:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 02:39 . 2012-08-01 23:59 5618741 ----a-w- c:\windows\system32\drivers\etc\HOSTS.tmp
2012-07-30 23:22 . 2012-07-30 23:25 -------- d-----w- c:\program files (x86)\Rovio
2012-07-30 05:41 . 2012-07-08 12:19 101464 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-30 05:40 . 2012-07-30 05:40 -------- d-----w- c:\program files (x86)\Trusteer
2012-07-30 03:30 . 2012-07-30 03:30 -------- d-----w- c:\programdata\Trusteer
2012-07-30 02:19 . 2012-08-01 23:58 -------- d-----w- c:\programdata\abelhadigital.com
2012-07-30 02:17 . 2012-08-01 23:54 -------- d-----w- c:\program files (x86)\hpHosts
2012-07-30 02:06 . 2012-07-30 02:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-07-30 02:05 . 2012-07-30 02:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-30 02:02 . 2012-07-30 02:02 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
2012-07-30 02:00 . 2012-07-30 02:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 02:00 . 2012-07-30 02:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 02:00 . 2012-07-30 02:00 -------- d-----w- c:\windows\SysWow64\Macromed
2012-07-30 02:00 . 2012-07-30 02:00 -------- d-----w- c:\windows\system32\Macromed
2012-07-30 01:46 . 2012-07-30 01:46 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-30 01:38 . 2012-07-30 01:38 -------- d-----w- c:\program files\WOT
2012-07-30 01:38 . 2012-07-30 01:38 -------- d-----w- c:\program files (x86)\WOT
2012-07-30 01:30 . 2012-07-30 01:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-30 01:29 . 2012-07-30 01:29 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-30 01:29 . 2012-07-30 01:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-30 01:29 . 2012-07-30 01:29 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-30 01:29 . 2012-07-30 01:29 -------- d-----w- c:\program files\PlayReady
2012-07-30 01:15 . 2012-07-30 01:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-30 01:04 . 2012-07-30 01:17 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-07-30 01:03 . 2012-07-30 01:03 -------- d-----w- c:\windows\PCHEALTH
2012-07-30 01:02 . 2012-07-30 01:02 -------- d-----w- c:\program files\Microsoft Office
2012-07-30 01:01 . 2012-07-30 01:24 -------- d-----w- c:\programdata\Microsoft Help
2012-07-30 01:01 . 2012-07-30 01:01 -------- d-----r- C:\MSOCache
2012-07-30 00:08 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-30 00:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-30 00:03 . 2012-07-30 01:03 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-29 23:03 . 2012-07-29 23:03 -------- d-----w- c:\windows\system32\SPReview
2012-07-29 23:02 . 2012-07-29 23:02 -------- d-----w- c:\windows\system32\EventProviders
2012-07-29 23:00 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-29 23:00 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-29 23:00 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-07-29 22:58 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-07-29 22:57 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-07-29 22:57 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-07-29 22:57 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-07-29 22:57 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-29 22:57 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-29 22:57 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-29 22:57 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-29 22:57 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-29 22:57 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-29 22:56 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-29 22:56 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-29 22:56 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-29 22:34 . 2012-07-29 22:34 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-29 22:34 . 2012-07-29 22:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-29 22:33 . 2012-07-29 22:33 -------- d-----w- c:\windows\SysWow64\Wat
2012-07-29 22:33 . 2012-07-29 22:33 -------- d-----w- c:\windows\system32\Wat
2012-07-29 22:32 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-07-29 22:32 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-07-29 22:32 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-29 22:15 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-29 21:28 . 2012-07-29 18:38 -------- d-----w- c:\windows\Panther
2012-07-29 21:25 . 2012-07-03 08:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-29 21:20 . 2012-07-29 21:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-29 21:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-29 21:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-29 21:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-29 21:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-29 21:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-29 21:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-29 21:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-29 21:16 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-29 21:16 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-07-29 21:16 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-07-29 21:16 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-07-29 21:16 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-07-29 21:16 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-29 21:14 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-29 21:13 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-29 21:04 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-29 21:03 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-07-29 21:03 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-07-29 21:03 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-29 21:03 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-07-29 21:03 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2012-07-29 21:03 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2012-07-29 21:03 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2012-07-29 21:03 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2012-07-29 21:03 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-07-29 21:03 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2012-07-29 21:03 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2012-07-29 21:03 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2012-07-29 21:02 . 2012-07-29 21:02 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 21:02 . 2012-07-29 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 21:02 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 20:59 . 2012-07-29 20:59 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{755C401D-5119-4470-B059-CD1CD68F273C}\gapaengine.dll
2012-07-29 20:59 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-29 20:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-29 20:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-29 20:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-29 20:50 . 2012-07-29 21:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-29 20:46 . 2012-07-29 20:46 -------- d-----w- c:\programdata\ATI
2012-07-29 20:44 . 2012-07-29 20:44 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-29 20:42 . 2012-07-29 20:42 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-29 20:42 . 2012-07-29 20:42 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-07-29 20:42 . 2012-07-29 20:42 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-07-29 20:42 . 2012-07-29 20:42 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-07-29 20:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-29 20:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-29 20:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-29 20:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-29 20:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-29 20:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-29 20:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-29 20:39 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-29 20:39 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-29 20:36 . 2012-07-29 20:36 -------- d-----w- c:\program files\ATI
2012-07-29 20:36 . 2012-07-31 03:40 -------- d-sh--w- c:\windows\Installer
2012-07-29 20:36 . 2011-06-30 06:50 58880 ----a-w- c:\windows\system32\coinst.dll
2012-07-29 20:36 . 2009-05-11 08:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-07-29 18:38 . 2012-08-02 00:05 -------- d-----w- c:\users\HERGENROEDER
2012-07-29 18:38 . 2012-07-29 18:38 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 23:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-29 23:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDUSBImmunizer"="c:\users\HERGENROEDER\Desktop\Robs Stuff\BDUSBImmunizer.exe" [2012-07-30 4675584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-29 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-04 38016]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-08 101464]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-07-30 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-08 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-08 297048]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-08 976728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bleepingcomputer.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\HERGENROEDER\AppData\Roaming\Mozilla\Firefox\Profiles\y0eqj7zs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Completion time: 2012-08-01 19:20:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 00:20
.
Pre-Run: 705,914,392,576 bytes free
Post-Run: 705,973,620,736 bytes free
.
- - End Of File - - A5DA2F4229A9C47A74ADFCD25D5EC118


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
HostsMan 4.0.85 Beta6
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````


Still having the freeze issues ever so often and boot up takes at least 3 to 4 minutes to load to the login screen.
Posted Image

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:49 AM

Posted 01 August 2012 - 08:52 PM

  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

#5 herg62123

herg62123
  • Topic Starter

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 01 August 2012 - 09:34 PM

OK here you go:


ListParts by Farbar Version: 25-07-2012
Ran by SYSTEM (administrator) on 01-08-2012 at 21:30:08
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 3839.29 MB
Available physical RAM: 3395.64 MB
Total Pagefile: 3837.43 MB
Available Pagefile: 3368.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:698.54 GB) (Free:654.74 GB) NTFS
4 Drive f: (VIRUSSTUFF2) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7633 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F VIRUSSTUFF2 FAT32 Removable 7633 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {48eddd8e-d9c4-11e1-b99c-b73b4566e79d}
resumeobject {48eddd8d-d9c4-11e1-b99c-b73b4566e79d}
displayorder {48eddd8e-d9c4-11e1-b99c-b73b4566e79d}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {48eddd8e-d9c4-11e1-b99c-b73b4566e79d}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {48eddd8f-d9c4-11e1-b99c-b73b4566e79d}
recoveryenabled Yes
osdevice partition=D:
systemroot \Windows
resumeobject {48eddd8d-d9c4-11e1-b99c-b73b4566e79d}
nx OptIn

Windows Boot Loader
-------------------
identifier {48eddd8f-d9c4-11e1-b99c-b73b4566e79d}
device ramdisk=[D:]\Recovery\48eddd8f-d9c4-11e1-b99c-b73b4566e79d\Winre.wim,{48eddd90-d9c4-11e1-b99c-b73b4566e79d}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\48eddd8f-d9c4-11e1-b99c-b73b4566e79d\Winre.wim,{48eddd90-d9c4-11e1-b99c-b73b4566e79d}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {48eddd8d-d9c4-11e1-b99c-b73b4566e79d}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=D:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {48eddd90-d9c4-11e1-b99c-b73b4566e79d}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\48eddd8f-d9c4-11e1-b99c-b73b4566e79d\boot.sdi


****** End Of Log ******
Posted Image

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:49 AM

Posted 01 August 2012 - 10:56 PM

----------Step 1----------------
Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

NOTE: the Avast free scan is selected by default. You can opt-out of this since I don't need you to run it.


----------Step 2----------------
We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


----------Step 3----------------
Please include both the aswMBR report (and the MBR.dat zip file) as well as the OTL report.

Are things running good? Are any of your browsers getting redirected? Please let me know. :)

#7 herg62123

herg62123
  • Topic Starter

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 02 August 2012 - 12:58 AM

OK here you go. After this post I plan on going to bed and I will be back later tomorrow to do the next task.

I do not have redirects of any kind even before you started helping me. I still get ever so often the screen freezes up for a few minutes but then I get it back. I can say it does not happen as often but it still happens.

The other issue is boot up till login screen takes 3 to 4 minutes. I know this is not correct. I just not sure what the issue could be.




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 23:18:32
-----------------------------
23:18:32.533 OS Version: Windows x64 6.1.7601 Service Pack 1
23:18:32.533 Number of processors: 2 586 0x603
23:18:32.533 ComputerName: HERGENROEDER-PC UserName: HERGENROEDER
23:18:34.031 Initialize success
23:19:13.146 AVAST engine defs: 12080101
23:19:19.277 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
23:19:19.277 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
23:19:19.293 Disk 0 MBR read successfully
23:19:19.293 Disk 0 MBR scan
23:19:19.293 Disk 0 Windows 7 default MBR code
23:19:19.293 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:19:19.324 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
23:19:19.371 Disk 0 scanning C:\Windows\system32\drivers
23:19:30.431 Service scanning
23:19:53.925 Modules scanning
23:19:53.940 Disk 0 trace - called modules:
23:19:53.956 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
23:19:53.972 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f6790]
23:19:54.486 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80045839b0]
23:19:54.486 5 amd_xata.sys[fffff880011028b4] -> nt!IofCallDriver -> \Device\00000052[0xfffffa800457f550]
23:19:56.296 AVAST engine scan C:\Windows
23:20:00.789 AVAST engine scan C:\Windows\system32
23:22:56.273 AVAST engine scan C:\Windows\system32\drivers
23:23:09.097 AVAST engine scan C:\Users\HERGENROEDER
23:27:37.090 AVAST engine scan C:\ProgramData
23:28:53.483 Scan finished successfully
23:30:42.745 Disk 0 MBR has been saved successfully to "C:\Users\HERGENROEDER\Desktop\MBR.dat"
23:30:42.761 The log file has been saved successfully to "C:\Users\HERGENROEDER\Desktop\aswMBR.txt"


Now I was able to run OTL but at the end I got an error saying the following: OTL List index out of bounds(13).

Here is the only log i am able to find for OTL:


OTL logfile created on: 8/2/2012 12:40:58 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\HERGENROEDER\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.22% Memory free
7.50 Gb Paging File | 5.88 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 654.44 Gb Free Space | 93.69% Space Free | Partition Type: NTFS

Computer Name: HERGENROEDER-PC | User Name: HERGENROEDER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 23:17:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\HERGENROEDER\Desktop\OTL.exe
PRC - [2012/07/13 19:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/08 07:19:02 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/08 07:19:00 | 001,668,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 00:42:09 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/07/13 19:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/30 00:42:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/08 07:19:02 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/08 07:19:18 | 000,101,464 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/30 02:33:12 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 00:00:50 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 11:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/04 20:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/11/04 05:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/04 05:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/07/30 00:42:07 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2012/07/08 07:19:20 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/07/08 07:19:18 | 000,297,048 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-9233428-294075859-1346128562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/
IE - HKU\S-1-5-21-9233428-294075859-1346128562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-9233428-294075859-1346128562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 EF 93 B2 F3 6D CD 01 [binary data]
IE - HKU\S-1-5-21-9233428-294075859-1346128562-1000\..\SearchScopes,DefaultScope = {8E088C3F-25CA-4CD6-A5F9-A7C535B67FEF}
IE - HKU\S-1-5-21-9233428-294075859-1346128562-1000\..\SearchScopes\{8E088C3F-25CA-4CD6-A5F9-A7C535B67FEF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-9233428-294075859-1346128562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bleepingcomputer.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/29 20:46:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/29 20:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HERGENROEDER\AppData\Roaming\Mozilla\Extensions
[2012/07/29 20:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HERGENROEDER\AppData\Roaming\Mozilla\Firefox\Profiles\y0eqj7zs.default\extensions
[2012/07/29 20:51:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\HERGENROEDER\AppData\Roaming\Mozilla\Firefox\Profiles\y0eqj7zs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/07/29 20:58:47 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\HERGENROEDER\AppData\Roaming\Mozilla\Firefox\Profiles\y0eqj7zs.default\extensions\donottrackplus@abine.com
[2012/07/29 20:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/01 22:53:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKU\S-1-5-21-9233428-294075859-1346128562-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-9233428-294075859-1346128562-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-9233428-294075859-1346128562-1000..\Run: [BDUSBImmunizer] C:\Users\HERGENROEDER\Desktop\Robs Stuff\BDUSBImmunizer.exe (BitDefender LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-9233428-294075859-1346128562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-9233428-294075859-1346128562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9223451D-3143-4A54-ABFB-28739C2E50EC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF24F2BA-0701-46E4-93F2-DAA3065A8304}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 23:17:47 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\HERGENROEDER\Desktop\OTL.exe
[2012/08/01 23:17:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\HERGENROEDER\Desktop\aswMBR.exe
[2012/08/01 22:56:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/01 22:53:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/01 21:11:00 | 000,814,903 | ---- | C] (Farbar) -- C:\Users\HERGENROEDER\Desktop\ListParts64.exe
[2012/08/01 19:09:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/01 19:09:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/01 19:09:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/01 19:09:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 19:09:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 19:08:06 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\HERGENROEDER\Desktop\ComboFix.exe
[2012/08/01 19:02:40 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HERGENROEDER\Desktop\tdsskiller.exe
[2012/08/01 18:58:26 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\abelhadigital.com
[2012/08/01 18:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
[2012/08/01 18:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HostsMan
[2012/07/30 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\WinRAR
[2012/07/30 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/30 23:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/30 23:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/07/30 22:40:16 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/07/30 22:40:15 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Apps
[2012/07/30 19:40:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\HERGENROEDER\Desktop\dds.scr
[2012/07/30 18:22:22 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Rovio
[2012/07/30 18:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2012/07/30 18:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2012/07/30 00:48:12 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/07/30 00:41:22 | 000,101,464 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/07/30 00:41:02 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Trusteer
[2012/07/30 00:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2012/07/30 00:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2012/07/29 22:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2012/07/29 21:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2012/07/29 21:19:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2012/07/29 21:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpHosts
[2012/07/29 21:13:26 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\Desktop\Robs Stuff
[2012/07/29 21:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/07/29 21:06:53 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Adobe
[2012/07/29 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/07/29 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/07/29 21:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/07/29 21:02:13 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\DoNotTrackPlus
[2012/07/29 21:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DoNotTrackPlus
[2012/07/29 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Macromedia
[2012/07/29 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Macromedia
[2012/07/29 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Adobe
[2012/07/29 21:00:36 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/29 21:00:36 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/29 21:00:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/07/29 21:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/29 20:46:37 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Mozilla
[2012/07/29 20:46:37 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Mozilla
[2012/07/29 20:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/29 20:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/29 20:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/29 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/07/29 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2012/07/29 20:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012/07/29 20:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/07/29 20:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/07/29 20:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/07/29 20:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/07/29 20:03:55 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/07/29 20:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/29 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Microsoft Help
[2012/07/29 20:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/07/29 20:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/07/29 20:01:09 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/07/29 19:08:40 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/07/29 19:08:40 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/07/29 19:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/07/29 18:03:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/07/29 18:02:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/07/29 18:00:06 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2012/07/29 18:00:06 | 000,048,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2012/07/29 18:00:00 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2012/07/29 17:59:57 | 003,715,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/07/29 17:59:57 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/07/29 17:59:57 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/07/29 17:59:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/07/29 17:59:55 | 003,215,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/07/29 17:59:53 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012/07/29 17:59:52 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012/07/29 17:59:50 | 014,633,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012/07/29 17:59:49 | 003,205,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2012/07/29 17:59:49 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2012/07/29 17:59:48 | 004,120,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/07/29 17:59:48 | 003,008,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012/07/29 17:59:48 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2012/07/29 17:59:48 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2012/07/29 17:59:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2012/07/29 17:59:48 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2012/07/29 17:59:47 | 001,219,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2012/07/29 17:59:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2012/07/29 17:59:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2012/07/29 17:59:46 | 002,086,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012/07/29 17:59:46 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2012/07/29 17:59:45 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2012/07/29 17:59:45 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/07/29 17:59:45 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2012/07/29 17:59:44 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/07/29 17:59:44 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/07/29 17:59:44 | 001,753,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2012/07/29 17:59:44 | 001,340,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2012/07/29 17:59:43 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2012/07/29 17:59:43 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2012/07/29 17:59:43 | 001,326,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NaturalLanguage6.dll
[2012/07/29 17:59:43 | 000,299,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2012/07/29 17:59:42 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012/07/29 17:59:42 | 003,027,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2012/07/29 17:59:41 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2012/07/29 17:59:41 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2012/07/29 17:59:41 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2012/07/29 17:59:41 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2012/07/29 17:59:41 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpdd.dll
[2012/07/29 17:59:41 | 000,109,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2012/07/29 17:59:41 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2012/07/29 17:59:40 | 003,957,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2012/07/29 17:59:40 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2012/07/29 17:59:40 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/07/29 17:59:39 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2012/07/29 17:59:39 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2012/07/29 17:59:39 | 000,867,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFolder.dll
[2012/07/29 17:59:38 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuthFWSnapin.dll
[2012/07/29 17:59:38 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthFWSnapin.dll
[2012/07/29 17:59:38 | 003,391,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2012/07/29 17:59:38 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2012/07/29 17:59:36 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/07/29 17:59:35 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2012/07/29 17:59:35 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2012/07/29 17:59:34 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2012/07/29 17:59:34 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/07/29 17:59:34 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012/07/29 17:59:34 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2012/07/29 17:59:33 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2012/07/29 17:59:33 | 001,900,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2012/07/29 17:59:33 | 001,281,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\werconcpl.dll
[2012/07/29 17:59:33 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2012/07/29 17:59:33 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/07/29 17:59:32 | 001,049,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/07/29 17:59:32 | 001,008,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2012/07/29 17:59:32 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/07/29 17:59:32 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/07/29 17:59:31 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2012/07/29 17:59:31 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/07/29 17:59:31 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2012/07/29 17:59:31 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2012/07/29 17:59:31 | 000,376,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/07/29 17:59:31 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2012/07/29 17:59:31 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsmf.dll
[2012/07/29 17:59:31 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2012/07/29 17:59:30 | 002,652,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2012/07/29 17:59:30 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2012/07/29 17:59:30 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2012/07/29 17:59:30 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2012/07/29 17:59:30 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2012/07/29 17:59:30 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2012/07/29 17:59:30 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/07/29 17:59:29 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2012/07/29 17:59:29 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/07/29 17:59:29 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/07/29 17:59:29 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2012/07/29 17:59:29 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012/07/29 17:59:29 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2012/07/29 17:59:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmonui.dll
[2012/07/29 17:59:28 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012/07/29 17:59:28 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2012/07/29 17:59:28 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2012/07/29 17:59:28 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.exe
[2012/07/29 17:59:28 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2012/07/29 17:59:27 | 002,543,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2012/07/29 17:59:27 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2012/07/29 17:59:27 | 000,897,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2012/07/29 17:59:27 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2012/07/29 17:59:27 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2012/07/29 17:59:27 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsmf.dll
[2012/07/29 17:59:27 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QAGENT.DLL
[2012/07/29 17:59:27 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3api.dll
[2012/07/29 17:59:26 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2012/07/29 17:59:26 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Vault.dll
[2012/07/29 17:59:26 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2012/07/29 17:59:26 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2012/07/29 17:59:26 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmd.exe
[2012/07/29 17:59:26 | 000,281,600 | ---- | C] (Microsoft) -- C:\Windows\SysNative\DShowRdpFilter.dll
[2012/07/29 17:59:25 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/07/29 17:59:25 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/07/29 17:59:25 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2012/07/29 17:59:25 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2012/07/29 17:59:24 | 001,190,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2012/07/29 17:59:24 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sxs.dll
[2012/07/29 17:59:24 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/07/29 17:59:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2012/07/29 17:59:24 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2012/07/29 17:59:24 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcbuilder.exe
[2012/07/29 17:59:23 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2012/07/29 17:59:23 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2012/07/29 17:59:23 | 001,158,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2012/07/29 17:59:23 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2012/07/29 17:59:23 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2012/07/29 17:59:23 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2012/07/29 17:59:23 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgprint.dll
[2012/07/29 17:59:23 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/07/29 17:59:23 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2012/07/29 17:59:22 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2012/07/29 17:59:22 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2012/07/29 17:59:22 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2012/07/29 17:59:22 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2012/07/29 17:59:22 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3api.dll
[2012/07/29 17:59:21 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2012/07/29 17:59:21 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2012/07/29 17:59:21 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2012/07/29 17:59:21 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2012/07/29 17:59:21 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/07/29 17:59:21 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mcbuilder.exe
[2012/07/29 17:59:21 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prncache.dll
[2012/07/29 17:59:20 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012/07/29 17:59:20 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2012/07/29 17:59:20 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2012/07/29 17:59:20 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2012/07/29 17:59:20 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnike.dll
[2012/07/29 17:59:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2012/07/29 17:59:19 | 001,082,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2012/07/29 17:59:19 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012/07/29 17:59:19 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2012/07/29 17:59:19 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2012/07/29 17:59:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.exe
[2012/07/29 17:59:19 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2012/07/29 17:59:19 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2012/07/29 17:59:18 | 002,262,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2012/07/29 17:59:18 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2012/07/29 17:59:18 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2012/07/29 17:59:18 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2012/07/29 17:59:18 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/07/29 17:59:17 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localsec.dll
[2012/07/29 17:59:17 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2012/07/29 17:59:17 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2012/07/29 17:59:17 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/07/29 17:59:17 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2012/07/29 17:59:17 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012/07/29 17:59:17 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2012/07/29 17:59:17 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fde.dll
[2012/07/29 17:59:16 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netdiagfx.dll
[2012/07/29 17:59:16 | 000,298,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2012/07/29 17:59:16 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2012/07/29 17:59:16 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSHVHOST.DLL
[2012/07/29 17:59:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2012/07/29 17:59:16 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2012/07/29 17:59:16 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netid.dll
[2012/07/29 17:59:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/07/29 17:59:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/07/29 17:59:15 | 002,746,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012/07/29 17:59:15 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2012/07/29 17:59:15 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biocpl.dll
[2012/07/29 17:59:15 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2012/07/29 17:59:15 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2012/07/29 17:59:15 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/07/29 17:59:14 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2012/07/29 17:59:14 | 001,050,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2012/07/29 17:59:14 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspbda.dll
[2012/07/29 17:59:14 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2012/07/29 17:59:14 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2012/07/29 17:59:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/07/29 17:59:13 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2012/07/29 17:59:13 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2012/07/29 17:59:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2012/07/29 17:59:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/07/29 17:59:13 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2012/07/29 17:59:13 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2012/07/29 17:59:13 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2012/07/29 17:59:13 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitagent.exe
[2012/07/29 17:59:12 | 000,934,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallControlPanel.dll
[2012/07/29 17:59:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbghelp.dll
[2012/07/29 17:59:12 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012/07/29 17:59:12 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2012/07/29 17:59:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/07/29 17:59:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/07/29 17:59:12 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2012/07/29 17:59:12 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2012/07/29 17:59:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2012/07/29 17:59:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2012/07/29 17:59:11 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXP.dll
[2012/07/29 17:59:11 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2012/07/29 17:59:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2012/07/29 17:59:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetapi.dll
[2012/07/29 17:59:10 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2012/07/29 17:59:10 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2012/07/29 17:59:10 | 000,780,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2012/07/29 17:59:10 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2012/07/29 17:59:10 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2012/07/29 17:59:10 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2012/07/29 17:59:10 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/07/29 17:59:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2012/07/29 17:59:10 | 000,128,000 | ---- | C] (Microsoft) -- C:\Windows\SysNative\Robocopy.exe
[2012/07/29 17:59:09 | 002,494,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2012/07/29 17:59:09 | 001,457,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxpTaskSync.dll
[2012/07/29 17:59:09 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2012/07/29 17:59:09 | 000,263,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2012/07/29 17:59:09 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012/07/29 17:59:09 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
[2012/07/29 17:59:09 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys
[2012/07/29 17:59:08 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012/07/29 17:59:08 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2012/07/29 17:59:08 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\puiobj.dll
[2012/07/29 17:59:08 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2012/07/29 17:59:08 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2012/07/29 17:59:08 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2012/07/29 17:59:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prncache.dll
[2012/07/29 17:59:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2012/07/29 17:59:07 | 000,932,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2012/07/29 17:59:07 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXPTaskRingtone.dll
[2012/07/29 17:59:07 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2012/07/29 17:59:07 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2012/07/29 17:59:07 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/07/29 17:59:06 | 001,363,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2012/07/29 17:59:06 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\net1.exe
[2012/07/29 17:59:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2012/07/29 17:59:05 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2012/07/29 17:59:05 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdengin2.dll
[2012/07/29 17:59:05 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2012/07/29 17:59:05 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2012/07/29 17:59:05 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012/07/29 17:59:05 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2012/07/29 17:59:05 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiadefui.dll
[2012/07/29 17:59:05 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2012/07/29 17:59:05 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2012/07/29 17:59:05 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2012/07/29 17:59:04 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2012/07/29 17:59:04 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2012/07/29 17:59:04 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2012/07/29 17:59:04 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSHVHOST.DLL
[2012/07/29 17:59:04 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/07/29 17:59:04 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/07/29 17:59:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QUTIL.DLL
[2012/07/29 17:59:04 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2012/07/29 17:59:04 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samcli.dll
[2012/07/29 17:59:04 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/07/29 17:59:03 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2012/07/29 17:59:03 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2012/07/29 17:59:03 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2012/07/29 17:59:03 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TabletPC.cpl
[2012/07/29 17:59:03 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2012/07/29 17:59:03 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/07/29 17:59:03 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netdiagfx.dll
[2012/07/29 17:59:03 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fde.dll
[2012/07/29 17:59:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012/07/29 17:59:03 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcl.exe
[2012/07/29 17:59:03 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012/07/29 17:59:02 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2012/07/29 17:59:02 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/07/29 17:59:02 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2012/07/29 17:59:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/07/29 17:59:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2012/07/29 17:59:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgcpl.dll
[2012/07/29 17:59:01 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msconfig.exe
[2012/07/29 17:59:00 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2012/07/29 17:59:00 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2012/07/29 17:59:00 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2012/07/29 17:59:00 | 000,166,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2012/07/29 17:59:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdeploy.dll
[2012/07/29 17:59:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsmproxy.dll
[2012/07/29 17:58:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012/07/29 17:58:59 | 000,633,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2012/07/29 17:58:59 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXPTaskRingtone.dll
[2012/07/29 17:58:59 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2012/07/29 17:58:59 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2012/07/29 17:58:59 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012/07/29 17:58:59 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/07/29 17:58:58 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2012/07/29 17:58:58 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2012/07/29 17:58:58 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sharemediacpl.dll
[2012/07/29 17:58:58 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2012/07/29 17:58:58 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logoncli.dll
[2012/07/29 17:58:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RpcRtRemote.dll
[2012/07/29 17:58:57 | 002,250,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsCpl.dll
[2012/07/29 17:58:57 | 002,193,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2012/07/29 17:58:57 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Narrator.exe
[2012/07/29 17:58:57 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2012/07/29 17:58:57 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2012/07/29 17:58:57 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012/07/29 17:58:57 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2012/07/29 17:58:57 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2012/07/29 17:58:57 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netjoin.dll
[2012/07/29 17:58:57 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2012/07/29 17:58:57 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nci.dll
[2012/07/29 17:58:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2012/07/29 17:58:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnikeapi.dll
[2012/07/29 17:58:56 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2012/07/29 17:58:56 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2012/07/29 17:58:56 | 000,763,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2012/07/29 17:58:56 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2012/07/29 17:58:56 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2012/07/29 17:58:56 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2012/07/29 17:58:56 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppcomapi.dll
[2012/07/29 17:58:56 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2012/07/29 17:58:56 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2012/07/29 17:58:56 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2012/07/29 17:58:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2012/07/29 17:58:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\proquota.exe
[2012/07/29 17:58:55 | 001,264,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2012/07/29 17:58:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2012/07/29 17:58:55 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshipsec.dll
[2012/07/29 17:58:55 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2012/07/29 17:58:55 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2012/07/29 17:58:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2012/07/29 17:58:55 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2012/07/29 17:58:55 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2012/07/29 17:58:55 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2012/07/29 17:58:55 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2012/07/29 17:58:55 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2012/07/29 17:58:55 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/07/29 17:58:55 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys
[2012/07/29 17:58:55 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2012/07/29 17:58:55 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prntvpt.dll
[2012/07/29 17:58:55 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2012/07/29 17:58:55 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2012/07/29 17:58:55 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/07/29 17:58:54 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2012/07/29 17:58:54 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2012/07/29 17:58:54 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2012/07/29 17:58:54 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2012/07/29 17:58:54 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QAGENT.DLL
[2012/07/29 17:58:54 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2012/07/29 17:58:54 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2012/07/29 17:58:53 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2012/07/29 17:58:53 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2012/07/29 17:58:53 | 000,957,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2012/07/29 17:58:53 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2012/07/29 17:58:53 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2012/07/29 17:58:53 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2012/07/29 17:58:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpsrcwp.dll
[2012/07/29 17:58:53 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprddm.dll
[2012/07/29 17:58:53 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netid.dll
[2012/07/29 17:58:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2012/07/29 17:58:52 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bootres.dll
[2012/07/29 17:58:52 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2012/07/29 17:58:52 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DiagCpl.dll
[2012/07/29 17:58:52 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2012/07/29 17:58:52 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vault.dll
[2012/07/29 17:58:52 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2012/07/29 17:58:52 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2012/07/29 17:58:52 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2012/07/29 17:58:52 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\Robocopy.exe
[2012/07/29 17:58:52 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nci.dll
[2012/07/29 17:58:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012/07/29 17:58:51 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DxpTaskSync.dll
[2012/07/29 17:58:51 | 000,812,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2012/07/29 17:58:51 | 000,433,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MCEWMDRMNDBootstrap.dll
[2012/07/29 17:58:51 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2012/07/29 17:58:51 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskmgr.exe
[2012/07/29 17:58:51 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2012/07/29 17:58:51 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2012/07/29 17:58:51 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSTPager.ax
[2012/07/29 17:58:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2012/07/29 17:58:50 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2012/07/29 17:58:50 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2012/07/29 17:58:50 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2012/07/29 17:58:49 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnfldr.dll
[2012/07/29 17:58:49 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\termmgr.dll
[2012/07/29 17:58:49 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiobj.dll
[2012/07/29 17:58:49 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2012/07/29 17:58:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2012/07/29 17:58:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskmgr.exe
[2012/07/29 17:58:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012/07/29 17:58:49 | 000,155,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2012/07/29 17:58:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/07/29 17:58:49 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2012/07/29 17:58:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2012/07/29 17:58:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\proquota.exe
[2012/07/29 17:58:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\userinit.exe
[2012/07/29 17:58:48 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiadefui.dll
[2012/07/29 17:58:48 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2012/07/29 17:58:48 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2012/07/29 17:58:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2012/07/29 17:58:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2012/07/29 17:58:48 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2012/07/29 17:58:48 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logoncli.dll
[2012/07/29 17:58:48 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2012/07/29 17:58:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userinit.exe
[2012/07/29 17:58:47 | 003,745,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2012/07/29 17:58:47 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SensorsCpl.dll
[2012/07/29 17:58:47 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2012/07/29 17:58:47 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FirewallControlPanel.dll
[2012/07/29 17:58:47 | 000,649,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2012/07/29 17:58:47 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2012/07/29 17:58:47 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slui.exe
[2012/07/29 17:58:47 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2012/07/29 17:58:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012/07/29 17:58:46 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2012/07/29 17:58:46 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2012/07/29 17:58:46 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hgcpl.dll
[2012/07/29 17:58:46 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\defaultlocationcpl.dll
[2012/07/29 17:58:45 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2012/07/29 17:58:45 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2012/07/29 17:58:45 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceCenter.dll
[2012/07/29 17:58:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localsec.dll
[2012/07/29 17:58:45 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprddm.dll
[2012/07/29 17:58:45 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2012/07/29 17:58:45 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2012/07/29 17:58:44 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2012/07/29 17:58:44 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2012/07/29 17:58:44 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
[2012/07/29 17:58:44 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2012/07/29 17:58:44 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2012/07/29 17:58:44 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2012/07/29 17:58:44 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/07/29 17:58:44 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2012/07/29 17:58:44 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2012/07/29 17:58:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskbarcpl.dll
[2012/07/29 17:58:44 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OnLineIDCpl.dll
[2012/07/29 17:58:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVolSSO.dll
[2012/07/29 17:58:44 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twext.dll
[2012/07/29 17:58:43 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2012/07/29 17:58:43 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll
[2012/07/29 17:58:43 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2012/07/29 17:58:43 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsuiext.dll
[2012/07/29 17:58:43 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2012/07/29 17:58:43 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroleui.dll
[2012/07/29 17:58:43 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2012/07/29 17:58:43 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2012/07/29 17:58:43 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2012/07/29 17:58:43 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxlib.dll
[2012/07/29 17:58:43 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recovery.dll
[2012/07/29 17:58:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prntvpt.dll
[2012/07/29 17:58:43 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cca.dll
[2012/07/29 17:58:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe
[2012/07/29 17:58:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w32tm.exe
[2012/07/29 17:58:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sisbkup.dll
[2012/07/29 17:58:42 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2012/07/29 17:58:42 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdcpl.dll
[2012/07/29 17:58:42 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2012/07/29 17:58:42 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizeng.dll
[2012/07/29 17:58:42 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroleui.dll
[2012/07/29 17:58:42 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\efscore.dll
[2012/07/29 17:58:42 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recdisc.exe
[2012/07/29 17:58:42 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syncui.dll
[2012/07/29 17:58:42 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VBICodec.ax
[2012/07/29 17:58:42 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2012/07/29 17:58:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2012/07/29 17:58:42 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzutil.exe
[2012/07/29 17:58:42 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2012/07/29 17:58:41 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2012/07/29 17:58:41 | 001,003,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2012/07/29 17:58:41 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenterCPL.dll
[2012/07/29 17:58:41 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\main.cpl
[2012/07/29 17:58:41 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2012/07/29 17:58:41 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shwebsvc.dll
[2012/07/29 17:58:41 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2012/07/29 17:58:41 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2012/07/29 17:58:41 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2012/07/29 17:58:41 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2012/07/29 17:58:41 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2012/07/29 17:58:41 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldp.dll
[2012/07/29 17:58:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netjoin.dll
[2012/07/29 17:58:41 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2012/07/29 17:58:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2012/07/29 17:58:40 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2012/07/29 17:58:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenter.dll
[2012/07/29 17:58:40 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizeng.dll
[2012/07/29 17:58:40 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnfldr.dll
[2012/07/29 17:58:40 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2012/07/29 17:58:40 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll
[2012/07/29 17:58:40 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2012/07/29 17:58:40 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OnLineIDCpl.dll
[2012/07/29 17:58:40 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2012/07/29 17:58:40 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksxbar.ax
[2012/07/29 17:58:39 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2012/07/29 17:58:39 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2012/07/29 17:58:39 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\termmgr.dll
[2012/07/29 17:58:39 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2012/07/29 17:58:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2012/07/29 17:58:39 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2012/07/29 17:58:39 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2012/07/29 17:58:39 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2012/07/29 17:58:39 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iprtrmgr.dll
[2012/07/29 17:58:39 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2012/07/29 17:58:39 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2012/07/29 17:58:38 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2012/07/29 17:58:38 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlcese30.dll
[2012/07/29 17:58:38 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2012/07/29 17:58:38 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2012/07/29 17:58:38 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2012/07/29 17:58:38 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iprtrmgr.dll
[2012/07/29 17:58:38 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\defaultlocationcpl.dll
[2012/07/29 17:58:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2012/07/29 17:58:38 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifsutil.dll
[2012/07/29 17:58:38 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntlanman.dll
[2012/07/29 17:58:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2012/07/29 17:58:38 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpd3d.dll
[2012/07/29 17:58:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2012/07/29 17:58:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/07/29 17:58:38 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2012/07/29 17:58:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sisbkup.dll
[2012/07/29 17:58:37 | 000,781,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2012/07/29 17:58:37 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenterCPL.dll
[2012/07/29 17:58:37 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2012/07/29 17:58:37 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ssText3d.scr
[2012/07/29 17:58:37 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2012/07/29 17:58:37 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iTVData.dll
[2012/07/29 17:58:37 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\efscore.dll
[2012/07/29 17:58:37 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syncui.dll
[2012/07/29 17:58:37 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2012/07/29 17:58:37 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserAccountControlSettings.dll
[2012/07/29 17:58:37 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/07/29 17:58:36 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012/07/29 17:58:36 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DeviceCenter.dll
[2012/07/29 17:58:36 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquoui.dll
[2012/07/29 17:58:36 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srvcli.dll
[2012/07/29 17:58:36 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nslookup.exe
[2012/07/29 17:58:36 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSTPager.ax
[2012/07/29 17:58:35 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OobeFldr.dll
[2012/07/29 17:58:35 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2012/07/29 17:58:35 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2012/07/29 17:58:35 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2012/07/29 17:58:35 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2012/07/29 17:58:35 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srrstr.dll
[2012/07/29 17:58:35 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2012/07/29 17:58:35 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wavemsp.dll
[2012/07/29 17:58:35 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingFolder.dll
[2012/07/29 17:58:35 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdboot.exe
[2012/07/29 17:58:35 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2012/07/29 17:58:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2012/07/29 17:58:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPHLPR.DLL
[2012/07/29 17:58:35 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acppage.dll
[2012/07/29 17:58:34 | 001,672,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2012/07/29 17:58:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2012/07/29 17:58:34 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpx.dll
[2012/07/29 17:58:34 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\activeds.dll
[2012/07/29 17:58:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2012/07/29 17:58:34 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpsrcwp.dll
[2012/07/29 17:58:34 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2012/07/29 17:58:34 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPHLPR.DLL
[2012/07/29 17:58:34 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppnp.dll
[2012/07/29 17:58:34 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\migisol.dll
[2012/07/29 17:58:34 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/07/29 17:58:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfrgui.exe
[2012/07/29 17:58:33 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2012/07/29 17:58:33 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshipsec.dll
[2012/07/29 17:58:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2012/07/29 17:58:33 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wavemsp.dll
[2012/07/29 17:58:33 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2012/07/29 17:58:33 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\remotepg.dll
[2012/07/29 17:58:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kstvtune.ax
[2012/07/29 17:58:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabinet.dll
[2012/07/29 17:58:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe
[2012/07/29 17:58:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wkscli.dll
[2012/07/29 17:58:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2012/07/29 17:58:33 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2012/07/29 17:58:32 | 000,840,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2012/07/29 17:58:32 | 000,685,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsuiext.dll
[2012/07/29 17:58:32 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2012/07/29 17:58:32 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2012/07/29 17:58:32 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfrgui.exe
[2012/07/29 17:58:32 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2012/07/29 17:58:32 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
[2012/07/29 17:58:32 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3ui.dll
[2012/07/29 17:58:32 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsqmcons.exe
[2012/07/29 17:58:32 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2012/07/29 17:58:32 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/07/29 17:58:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\net1.exe
[2012/07/29 17:58:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2012/07/29 17:58:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzutil.exe
[2012/07/29 17:58:31 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2012/07/29 17:58:31 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimgapi.dll
[2012/07/29 17:58:31 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2012/07/29 17:58:31 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/07/29 17:58:31 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PkgMgr.exe
[2012/07/29 17:58:31 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstask.dll
[2012/07/29 17:58:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/07/29 17:58:31 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twext.dll
[2012/07/29 17:58:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2012/07/29 17:58:30 | 001,911,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012/07/29 17:58:30 | 000,899,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Bubbles.scr
[2012/07/29 17:58:30 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\main.cpl
[2012/07/29 17:58:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2012/07/29 17:58:30 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcap.dll
[2012/07/29 17:58:30 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/07/29 17:58:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupugc.exe
[2012/07/29 17:58:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2012/07/29 17:58:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2012/07/29 17:58:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdmat.dll
[2012/07/29 17:58:30 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012/07/29 17:58:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsium.dll
[2012/07/29 17:58:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/07/29 17:58:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2012/07/29 17:58:29 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ssText3d.scr
[2012/07/29 17:58:29 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mystify.scr
[2012/07/29 17:58:29 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Ribbons.scr
[2012/07/29 17:58:29 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifsutil.dll
[2012/07/29 17:58:29 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2012/07/29 17:58:29 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\uxlib.dll
[2012/07/29 17:58:29 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2012/07/29 17:58:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/07/29 17:58:28 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2012/07/29 17:58:28 | 000,573,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/07/29 17:58:28 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2012/07/29 17:58:28 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeResults.exe
[2012/07/29 17:58:28 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2012/07/29 17:58:28 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2012/07/29 17:58:28 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/07/29 17:58:28 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingFolder.dll
[2012/07/29 17:58:28 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfmon.exe
[2012/07/29 17:58:28 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpshell.dll
[2012/07/29 17:58:28 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2012/07/29 17:58:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AzSqlExt.dll
[2012/07/29 17:58:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netutils.dll
[2012/07/29 17:58:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2012/07/29 17:58:27 | 001,087,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbghelp.dll
[2012/07/29 17:58:27 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSAPI.dll
[2012/07/29 17:58:27 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2012/07/29 17:58:27 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2012/07/29 17:58:27 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimserv.exe
[2012/07/29 17:58:27 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2012/07/29 17:58:27 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2012/07/29 17:58:27 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionQueue.dll
[2012/07/29 17:58:27 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/07/29 17:58:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfmon.exe
[2012/07/29 17:58:27 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\remotepg.dll
[2012/07/29 17:58:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tlscsp.dll
[2012/07/29 17:58:27 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012/07/29 17:58:27 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\umb.dll
[2012/07/29 17:58:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\runonce.exe
[2012/07/29 17:58:27 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPCRYPT.DLL
[2012/07/29 17:58:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\acppage.dll
[2012/07/29 17:58:26 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2012/07/29 17:58:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2012/07/29 17:58:26 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2012/07/29 17:58:26 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetapi.dll
[2012/07/29 17:58:26 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MdSched.exe
[2012/07/29 17:58:26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiavideo.dll
[2012/07/29 17:58:26 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QUTIL.DLL
[2012/07/29 17:58:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserAccountControlSettings.dll
[2012/07/29 17:58:26 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPCRYPT.DLL
[2012/07/29 17:58:26 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syssetup.dll
[2012/07/29 17:58:25 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onexui.dll
[2012/07/29 17:58:25 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2012/07/29 17:58:25 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nltest.exe
[2012/07/29 17:58:25 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2012/07/29 17:58:25 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2012/07/29 17:58:25 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsadmin.exe
[2012/07/29 17:58:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iTVData.dll
[2012/07/29 17:58:25 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2012/07/29 17:58:25 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2012/07/29 17:58:25 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsbas.dll
[2012/07/29 17:58:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsbas.dll

[2012/07/29 17:58:25 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2012/07/29 17:58:25 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2012/07/29 17:58:25 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2012/07/29 17:58:25 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\runonce.exe
[2012/07/29 17:58:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PrintIsolationProxy.dll
[2012/07/29 17:58:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vpnikeapi.dll
[2012/07/29 17:58:24 | 000,527,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2012/07/29 17:58:24 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2012/07/29 17:58:24 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2012/07/29 17:58:24 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2012/07/29 17:58:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shacct.dll
[2012/07/29 17:58:24 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSVRMGMT.DLL
[2012/07/29 17:58:24 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shacct.dll
[2012/07/29 17:58:24 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tabcal.exe
[2012/07/29 17:58:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2012/07/29 17:58:24 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2012/07/29 17:58:23 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2012/07/29 17:58:23 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Bubbles.scr
[2012/07/29 17:58:23 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2012/07/29 17:58:23 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2012/07/29 17:58:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlcese30.dll
[2012/07/29 17:58:23 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdv.dll
[2012/07/29 17:58:23 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceSyncProvider.dll
[2012/07/29 17:58:23 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsadmin.exe
[2012/07/29 17:58:23 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qcap.dll
[2012/07/29 17:58:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2012/07/29 17:58:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2012/07/29 17:58:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2012/07/29 17:58:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpshell.dll
[2012/07/29 17:58:23 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2012/07/29 17:58:23 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/07/29 17:58:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdmat.dll
[2012/07/29 17:58:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpd3d.dll
[2012/07/29 17:58:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsium.dll
[2012/07/29 17:58:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lsmproxy.dll
[2012/07/29 17:58:22 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012/07/29 17:58:22 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceStatus.dll
[2012/07/29 17:58:22 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceStatus.dll
[2012/07/29 17:58:22 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2012/07/29 17:58:22 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3ui.dll
[2012/07/29 17:58:22 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2012/07/29 17:58:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mystify.scr
[2012/07/29 17:58:22 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Ribbons.scr
[2012/07/29 17:58:22 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceSyncProvider.dll
[2012/07/29 17:58:22 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2012/07/29 17:58:22 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\desk.cpl
[2012/07/29 17:58:22 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fphc.dll
[2012/07/29 17:58:22 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSVRMGMT.DLL
[2012/07/29 17:58:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kstvtune.ax
[2012/07/29 17:58:22 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2012/07/29 17:58:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spbcd.dll
[2012/07/29 17:58:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\olethk32.dll
[2012/07/29 17:58:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\takeown.exe
[2012/07/29 17:58:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2012/07/29 17:58:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2012/07/29 17:58:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/07/29 17:58:21 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2012/07/29 17:58:21 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2012/07/29 17:58:21 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012/07/29 17:58:21 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2012/07/29 17:58:21 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VBICodec.ax
[2012/07/29 17:58:21 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2012/07/29 17:58:21 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2012/07/29 17:58:21 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiavideo.dll
[2012/07/29 17:58:21 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2012/07/29 17:58:21 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fphc.dll
[2012/07/29 17:58:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2012/07/29 17:58:21 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amstream.dll
[2012/07/29 17:58:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2012/07/29 17:58:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\takeown.exe
[2012/07/29 17:58:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\utildll.dll
[2012/07/29 17:58:20 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2012/07/29 17:58:20 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2012/07/29 17:58:20 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdv.dll
[2012/07/29 17:58:20 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2012/07/29 17:58:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/07/29 17:58:20 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmstp.exe
[2012/07/29 17:58:20 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QCLIPROV.DLL
[2012/07/29 17:58:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/07/29 17:58:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertPolEng.dll
[2012/07/29 17:58:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\djoin.exe
[2012/07/29 17:58:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimgvw.dll
[2012/07/29 17:58:20 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HotStartUserAgent.dll
[2012/07/29 17:58:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nrpsrv.dll
[2012/07/29 17:58:19 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2012/07/29 17:58:19 | 000,681,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/07/29 17:58:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppinst.dll
[2012/07/29 17:58:19 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmstp.exe
[2012/07/29 17:58:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2012/07/29 17:58:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QCLIPROV.DLL
[2012/07/29 17:58:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MuiUnattend.exe
[2012/07/29 17:58:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cca.dll
[2012/07/29 17:58:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WavDest.dll
[2012/07/29 17:58:19 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vfwwdm32.dll
[2012/07/29 17:58:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2012/07/29 17:58:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MultiDigiMon.exe
[2012/07/29 17:58:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdhui.dll
[2012/07/29 17:58:18 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2012/07/29 17:58:18 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2012/07/29 17:58:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsicli.exe
[2012/07/29 17:58:18 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2012/07/29 17:58:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2012/07/29 17:58:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mobsync.exe
[2012/07/29 17:58:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\g711codc.ax
[2012/07/29 17:58:18 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2012/07/29 17:58:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AzSqlExt.dll
[2012/07/29 17:58:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2012/07/29 17:58:17 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2012/07/29 17:58:17 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2012/07/29 17:58:17 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itircl.dll
[2012/07/29 17:58:17 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\itircl.dll
[2012/07/29 17:58:17 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsicli.exe
[2012/07/29 17:58:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mydocs.dll
[2012/07/29 17:58:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2012/07/29 17:58:17 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\desk.cpl
[2012/07/29 17:58:17 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2012/07/29 17:58:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2012/07/29 17:58:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2012/07/29 17:58:17 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2012/07/29 17:58:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amstream.dll
[2012/07/29 17:58:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2012/07/29 17:58:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spbcd.dll
[2012/07/29 17:58:17 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/07/29 17:58:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wkscli.dll
[2012/07/29 17:58:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbisurf.ax
[2012/07/29 17:58:17 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2012/07/29 17:58:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdmo.dll
[2012/07/29 17:58:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiougc.exe
[2012/07/29 17:58:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2012/07/29 17:58:17 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BWUnpairElevated.dll
[2012/07/29 17:58:16 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2012/07/29 17:58:16 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSTIFF.dll
[2012/07/29 17:58:16 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2012/07/29 17:58:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2012/07/29 17:58:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2012/07/29 17:58:16 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2012/07/29 17:58:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertPolEng.dll
[2012/07/29 17:58:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksxbar.ax
[2012/07/29 17:58:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciqtz32.dll
[2012/07/29 17:58:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\choice.exe
[2012/07/29 17:58:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/07/29 17:58:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2012/07/29 17:58:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syssetup.dll
[2012/07/29 17:58:15 | 001,080,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onexui.dll
[2012/07/29 17:58:15 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2012/07/29 17:58:15 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2012/07/29 17:58:15 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mobsync.exe
[2012/07/29 17:58:15 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2012/07/29 17:58:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\manage-bde.exe
[2012/07/29 17:58:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tlscsp.dll
[2012/07/29 17:58:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetmib1.dll
[2012/07/29 17:58:15 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2012/07/29 17:58:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\repair-bde.exe
[2012/07/29 17:58:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\luainstall.dll
[2012/07/29 17:58:15 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdiasqmmodule.dll
[2012/07/29 17:58:15 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz32.dll
[2012/07/29 17:58:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schedcli.dll
[2012/07/29 17:58:15 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2012/07/29 17:58:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2012/07/29 17:58:14 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDPENCDD.dll
[2012/07/29 17:58:14 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2012/07/29 17:58:14 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012/07/29 17:58:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2012/07/29 17:58:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/07/29 17:58:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\luainstall.dll
[2012/07/29 17:58:14 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shimgvw.dll
[2012/07/29 17:58:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unlodctr.exe
[2012/07/29 17:58:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbisurf.ax
[2012/07/29 17:58:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdmo.dll
[2012/07/29 17:58:14 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spopk.dll
[2012/07/29 17:58:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spopk.dll
[2012/07/29 17:58:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetmib1.dll
[2012/07/29 17:58:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\g711codc.ax
[2012/07/29 17:58:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSMON.dll
[2012/07/29 17:58:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/07/29 17:58:13 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2012/07/29 17:58:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elsTrans.dll
[2012/07/29 17:58:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdprefdrvapi.dll
[2012/07/29 17:58:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2012/07/29 17:58:12 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2012/07/29 17:58:12 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2012/07/29 17:58:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsauth.dll
[2012/07/29 17:58:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/07/29 17:58:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LogonUI.exe
[2012/07/29 17:58:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2012/07/29 17:58:12 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TRAPI.dll
[2012/07/29 17:58:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfts.dll
[2012/07/29 17:58:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\napdsnap.dll
[2012/07/29 17:58:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2012/07/29 17:58:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsperf.dll
[2012/07/29 17:58:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdprefdrvapi.dll
[2012/07/29 17:58:11 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elsTrans.dll
[2012/07/29 17:58:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TRAPI.dll
[2012/07/29 17:58:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsperf.dll
[2012/07/29 17:58:11 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSUNATD.exe
[2012/07/29 17:58:10 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\napdsnap.dll
[2012/07/29 17:58:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys
[2012/07/29 17:58:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsauth.dll
[2012/07/29 17:58:10 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schedcli.dll
[2012/07/29 17:58:09 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2012/07/29 17:58:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2012/07/29 17:58:08 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2012/07/29 17:58:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shgina.dll
[2012/07/29 17:58:08 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2012/07/29 17:58:08 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shgina.dll
[2012/07/29 17:58:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012/07/29 17:58:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\riched32.dll
[2012/07/29 17:58:07 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2012/07/29 17:58:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshirda.dll
[2012/07/29 17:58:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshirda.dll
[2012/07/29 17:58:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched32.dll
[2012/07/29 17:58:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcfgex.dll
[2012/07/29 17:58:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\C_ISCII.DLL
[2012/07/29 17:58:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2012/07/29 17:58:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2012/07/29 17:58:03 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012/07/29 17:58:03 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012/07/29 17:58:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shunimpl.dll
[2012/07/29 17:58:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\C_ISCII.DLL
[2012/07/29 17:58:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUQ.DLL
[2012/07/29 17:58:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUF.DLL
[2012/07/29 17:58:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSG.DLL
[2012/07/29 17:58:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdlk41a.dll
[2012/07/29 17:58:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGKL.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUQ.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUF.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSG.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSF.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDPO.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDNEPR.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdlk41a.dll
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGR1.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGR1.DLL
[2012/07/29 17:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGKL.DLL
[2012/07/29 17:58:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2012/07/29 17:58:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2012/07/29 17:58:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2012/07/29 17:58:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2012/07/29 17:58:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-ums-l1-1-0.dll
[2012/07/29 17:58:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2012/07/29 17:58:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2012/07/29 17:58:02 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BlbEvents.dll
[2012/07/29 17:58:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pifmgr.dll
[2012/07/29 17:58:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pifmgr.dll
[2012/07/29 17:58:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDCZ1.DLL
[2012/07/29 17:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizres.dll
[2012/07/29 17:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizres.dll
[2012/07/29 17:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDCZ1.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUS.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUGHR1.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTURME.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAJIK.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSF.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDPO.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDNEPR.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMON.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMAORI.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDLT1.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBULG.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBLR.DLL
[2012/07/29 17:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUS.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUGHR1.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTURME.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAJIK.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMON.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMAORI.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDLT1.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGEO.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGEO.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBULG.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBLR.DLL
[2012/07/29 17:58:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2012/07/29 17:58:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2012/07/29 17:58:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2012/07/29 17:57:57 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpx.dll
[2012/07/29 17:57:57 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2012/07/29 17:57:53 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqmapi.dll
[2012/07/29 17:56:35 | 000,529,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn.dll
[2012/07/29 17:56:28 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqmapi.dll
[2012/07/29 17:55:15 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/07/29 17:55:14 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/07/29 17:55:11 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/07/29 17:55:11 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/07/29 17:55:11 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/07/29 17:55:10 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/07/29 17:55:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/07/29 17:55:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/07/29 17:55:10 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/07/29 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/29 17:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/07/29 17:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/29 17:33:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/07/29 17:33:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/07/29 17:32:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/07/29 16:29:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/29 16:29:55 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/29 16:29:55 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/29 16:29:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/29 16:29:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/29 16:29:54 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/29 16:29:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/29 16:29:54 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/29 16:29:54 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/29 16:29:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/29 16:29:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/29 16:29:54 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/29 16:29:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/29 16:29:54 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/29 16:29:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/29 16:29:54 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/29 16:29:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/29 16:29:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/29 16:29:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/29 16:29:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/29 16:29:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/29 16:29:54 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/29 16:29:54 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/29 16:29:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/29 16:29:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/29 16:29:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/29 16:29:53 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/29 16:29:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/29 16:29:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/29 16:29:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/29 16:29:53 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/29 16:29:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/29 16:29:52 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/29 16:29:52 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/29 16:29:52 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/29 16:29:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/29 16:29:52 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/29 16:29:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/29 16:29:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/29 16:29:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/29 16:29:52 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/29 16:29:52 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/29 16:29:52 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/29 16:29:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/29 16:29:52 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/29 16:29:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/29 16:29:52 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/29 16:29:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/29 16:29:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/29 16:29:52 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/29 16:29:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/29 16:29:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/29 16:29:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/29 16:29:51 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/29 16:29:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/29 16:29:51 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/29 16:29:51 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/29 16:29:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/29 16:29:51 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/29 16:29:51 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/29 16:29:51 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/29 16:29:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/29 16:29:51 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/29 16:29:51 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/29 16:29:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/29 16:29:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/29 16:29:51 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/29 16:29:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/29 16:29:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/29 16:29:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/29 16:29:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/29 16:29:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/29 16:28:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/07/29 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/29 16:19:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/07/29 16:19:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/07/29 16:19:33 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/07/29 16:16:22 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/07/29 16:16:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/07/29 16:16:19 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/07/29 16:15:37 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/07/29 16:15:37 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/07/29 16:15:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/07/29 16:15:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/07/29 16:15:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/07/29 16:15:36 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/07/29 16:15:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/07/29 16:15:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/07/29 16:15:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/07/29 16:15:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/07/29 16:15:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/07/29 16:15:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/07/29 16:15:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/07/29 16:15:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/07/29 16:15:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/07/29 16:15:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/07/29 16:15:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/07/29 16:15:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/07/29 16:15:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/07/29 16:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/07/29 16:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/07/29 16:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/07/29 16:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/07/29 16:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/07/29 16:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/07/29 16:15:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/07/29 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/07/29 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/07/29 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/07/29 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/07/29 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/07/29 16:15:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/07/29 16:15:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/07/29 16:15:30 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/29 16:15:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/07/29 16:15:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/07/29 16:15:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/07/29 16:15:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/07/29 16:15:14 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/07/29 16:15:14 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/07/29 16:15:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/07/29 16:15:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/07/29 16:15:13 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/07/29 16:15:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/07/29 16:15:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/07/29 16:15:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/07/29 16:15:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/07/29 16:15:12 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/07/29 16:15:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/07/29 16:15:11 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/07/29 16:15:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/07/29 16:15:09 | 000,288,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/07/29 16:15:00 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/29 16:14:59 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/29 16:14:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/07/29 16:14:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/07/29 16:14:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/07/29 16:14:49 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/07/29 16:14:48 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/07/29 16:14:47 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/07/29 16:14:47 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/07/29 16:14:46 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/07/29 16:14:46 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/07/29 16:14:24 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/07/29 16:14:23 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/07/29 16:14:23 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/07/29 16:14:23 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/07/29 16:14:23 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/07/29 16:14:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/07/29 16:14:20 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/07/29 16:14:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/07/29 16:14:20 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/07/29 16:14:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/07/29 16:14:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/07/29 16:14:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/07/29 16:14:19 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/07/29 16:14:19 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/07/29 16:14:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/07/29 16:14:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/07/29 16:14:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/07/29 16:14:18 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/07/29 16:14:18 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/07/29 16:14:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/07/29 16:14:17 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/07/29 16:14:17 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/07/29 16:14:16 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/07/29 16:14:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/07/29 16:14:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/07/29 16:14:14 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/07/29 16:14:14 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/07/29 16:14:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/07/29 16:14:14 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/07/29 16:14:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/07/29 16:14:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/07/29 16:14:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/07/29 16:14:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/07/29 16:14:12 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/07/29 16:14:12 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/07/29 16:14:12 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/07/29 16:14:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/07/29 16:14:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/07/29 16:14:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/07/29 16:14:06 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/07/29 16:14:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/07/29 16:14:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/07/29 16:14:03 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/07/29 16:13:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/07/29 16:13:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/07/29 16:13:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/07/29 16:13:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profprov.dll
[2012/07/29 16:13:48 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/07/29 16:13:46 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/07/29 16:13:46 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/07/29 16:13:44 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/07/29 16:13:43 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/07/29 16:13:36 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/07/29 16:13:36 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/07/29 16:13:34 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/07/29 16:13:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/07/29 16:13:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/07/29 16:13:30 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cfgmgr32.dll
[2012/07/29 16:13:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/07/29 16:13:24 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/07/29 16:13:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/07/29 16:13:22 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/07/29 16:13:21 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WFS.exe
[2012/07/29 16:13:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/07/29 16:13:18 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/07/29 16:04:24 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/29 16:04:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/29 16:04:10 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/07/29 16:04:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/29 16:04:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/29 16:03:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/07/29 16:03:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/07/29 16:03:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/07/29 16:03:46 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/07/29 16:03:46 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/07/29 16:03:45 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/07/29 16:03:45 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/07/29 16:03:44 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2012/07/29 16:03:44 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/07/29 16:03:44 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/07/29 16:03:44 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/07/29 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Malwarebytes
[2012/07/29 16:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/29 16:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/29 16:02:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/29 16:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/29 15:59:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/07/29 15:59:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/07/29 15:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/29 15:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/29 15:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/29 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/07/29 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/07/29 15:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/29 15:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/07/29 15:41:11 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\ATI
[2012/07/29 15:41:11 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\ATI
[2012/07/29 15:41:00 | 023,336,960 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/07/29 15:41:00 | 017,940,992 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/07/29 15:41:00 | 009,371,136 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/07/29 15:41:00 | 008,489,472 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/07/29 15:41:00 | 006,847,488 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/07/29 15:41:00 | 005,486,592 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/07/29 15:41:00 | 005,008,384 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2012/07/29 15:41:00 | 004,330,496 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/07/29 15:41:00 | 004,219,904 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/07/29 15:41:00 | 004,017,664 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/07/29 15:41:00 | 003,811,328 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/07/29 15:41:00 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2012/07/29 15:41:00 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2012/07/29 15:41:00 | 000,811,008 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2012/07/29 15:41:00 | 000,688,128 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/07/29 15:41:00 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/07/29 15:41:00 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/07/29 15:41:00 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2012/07/29 15:41:00 | 000,366,592 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/07/29 15:41:00 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2012/07/29 15:41:00 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe
[2012/07/29 15:41:00 | 000,309,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/07/29 15:41:00 | 000,262,144 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/07/29 15:41:00 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/07/29 15:41:00 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/07/29 15:41:00 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/07/29 15:41:00 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/07/29 15:41:00 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/07/29 15:41:00 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/07/29 15:41:00 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/07/29 15:41:00 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/07/29 15:41:00 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2012/07/29 15:41:00 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe
[2012/07/29 15:41:00 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/07/29 15:41:00 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/07/29 15:41:00 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/07/29 15:41:00 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/07/29 15:41:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/07/29 15:41:00 | 000,040,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2012/07/29 15:41:00 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/07/29 15:41:00 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/07/29 15:41:00 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/07/29 15:41:00 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/07/29 15:41:00 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2012/07/29 15:41:00 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/07/29 15:41:00 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/07/29 15:41:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/07/29 15:41:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/07/29 15:39:55 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/07/29 15:39:55 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/07/29 15:39:55 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/07/29 15:39:49 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/07/29 15:39:49 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/07/29 15:39:49 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/07/29 15:39:35 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/07/29 15:39:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/07/29 15:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/07/29 15:36:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/29 15:36:12 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2012/07/29 15:36:12 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/07/29 15:36:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/07/29 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/07/29 15:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/07/29 15:34:23 | 002,813,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/07/29 15:34:23 | 002,186,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/07/29 15:34:23 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/07/29 15:34:23 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/07/29 15:34:23 | 000,626,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/07/29 15:34:23 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/07/29 15:34:23 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/07/29 15:34:23 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/07/29 15:34:23 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/07/29 15:34:23 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/07/29 15:34:23 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/07/29 15:34:23 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/07/29 15:34:23 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/07/29 15:34:23 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/07/29 15:34:23 | 000,083,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012/07/29 15:34:23 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/07/29 15:34:22 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/07/29 15:34:22 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/07/29 15:34:22 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/07/29 15:34:22 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/07/29 15:34:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/07/29 15:34:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/29 15:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/07/29 15:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/07/29 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\WinBatch
[2012/07/29 15:29:02 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/07/29 15:28:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/07/29 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Diagnostics
[2012/07/29 13:38:31 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/29 13:38:31 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Searches
[2012/07/29 13:38:31 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/29 13:38:31 | 000,000,000 | -H-D | C] -- C:\Users\HERGENROEDER\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/29 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Identities
[2012/07/29 13:38:21 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Contacts
[2012/07/29 13:38:19 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\VirtualStore
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\AppData\Local\Temporary Internet Files
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Templates
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Start Menu
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\SendTo
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Recent
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\PrintHood
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\NetHood
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Documents\My Videos
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Documents\My Pictures
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Documents\My Music
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\My Documents
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Local Settings
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\AppData\Local\History
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Cookies
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\Application Data
[2012/07/29 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\HERGENROEDER\AppData\Local\Application Data
[2012/07/29 13:38:12 | 000,000,000 | --SD | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Videos
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Saved Games
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Pictures
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Music
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Links
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Favorites
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Downloads
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Documents
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\Desktop
[2012/07/29 13:38:12 | 000,000,000 | R--D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/29 13:38:12 | 000,000,000 | -H-D | C] -- C:\Users\HERGENROEDER\AppData
[2012/07/29 13:38:12 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Temp
[2012/07/29 13:38:12 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Local\Microsoft
[2012/07/29 13:38:12 | 000,000,000 | ---D | C] -- C:\Users\HERGENROEDER\AppData\Roaming\Media Center Programs
[2012/07/29 13:38:08 | 000,000,000 | ---D | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/08/01 23:30:42 | 000,000,512 | ---- | M] () -- C:\Users\HERGENROEDER\Desktop\MBR.dat
[2012/08/01 23:18:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\HERGENROEDER\Desktop\aswMBR.exe
[2012/08/01 23:17:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\HERGENROEDER\Desktop\OTL.exe
[2012/08/01 23:07:38 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 23:07:38 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 23:04:36 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/01 23:04:36 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/01 23:04:36 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/01 23:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 23:00:18 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 22:53:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/01 21:11:00 | 000,814,903 | ---- | M] (Farbar) -- C:\Users\HERGENROEDER\Desktop\ListParts64.exe
[2012/08/01 19:08:50 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\HERGENROEDER\Desktop\ComboFix.exe
[2012/08/01 19:08:22 | 000,881,494 | ---- | M] () -- C:\Users\HERGENROEDER\Desktop\SecurityCheck.exe
[2012/08/01 19:05:09 | 000,000,000 | ---- | M] () -- C:\Users\HERGENROEDER\defogger_reenable
[2012/08/01 19:02:45 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HERGENROEDER\Desktop\tdsskiller.exe
[2012/08/01 18:58:24 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\HostsMan.lnk
[2012/08/01 18:56:35 | 000,000,765 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.ehm.bak
[2012/07/30 22:40:16 | 000,002,556 | ---- | M] () -- C:\Users\HERGENROEDER\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/07/30 19:40:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\HERGENROEDER\Desktop\dds.scr
[2012/07/30 19:40:15 | 000,050,477 | ---- | M] () -- C:\Users\HERGENROEDER\Desktop\Defogger.exe
[2012/07/30 18:25:48 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2012/07/30 18:25:14 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Seasons.lnk
[2012/07/30 18:24:44 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2012/07/30 18:22:06 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/07/29 21:46:08 | 000,304,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/29 21:19:33 | 005,967,745 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.old
[2012/07/29 21:05:43 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/29 21:03:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/29 21:03:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/29 20:46:34 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/29 20:26:51 | 000,001,345 | ---- | M] () -- C:\Users\HERGENROEDER\Desktop\Media Center.lnk
[2012/07/29 18:14:03 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/07/29 18:14:02 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/07/29 17:30:20 | 000,001,433 | ---- | M] () -- C:\Users\HERGENROEDER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/29 16:43:22 | 005,263,304 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.bak
[2012/07/29 16:29:55 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/29 16:29:55 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/29 16:29:55 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/29 16:29:55 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/29 16:29:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/29 16:29:55 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/29 16:29:54 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/29 16:29:54 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/29 16:29:54 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/29 16:29:54 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/29 16:29:54 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/29 16:29:54 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/29 16:29:54 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/29 16:29:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/29 16:29:54 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/29 16:29:54 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/29 16:29:54 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/29 16:29:54 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/29 16:29:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/29 16:29:54 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/29 16:29:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/29 16:29:54 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/29 16:29:54 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/29 16:29:54 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/29 16:29:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/29 16:29:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/29 16:29:54 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/29 16:29:53 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/29 16:29:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/29 16:29:53 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/29 16:29:53 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/29 16:29:53 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/29 16:29:53 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/29 16:29:52 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/29 16:29:52 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/29 16:29:52 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/29 16:29:52 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/29 16:29:52 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/29 16:29:52 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/29 16:29:52 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/29 16:29:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/29 16:29:52 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/29 16:29:52 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/29 16:29:52 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/29 16:29:52 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/29 16:29:52 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/29 16:29:52 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/29 16:29:52 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/29 16:29:52 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/29 16:29:52 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/29 16:29:52 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/29 16:29:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/29 16:29:52 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/29 16:29:52 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/29 16:29:51 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/29 16:29:51 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/29 16:29:51 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/29 16:29:51 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/29 16:29:51 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/29 16:29:51 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/29 16:29:51 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/29 16:29:51 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/29 16:29:51 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/29 16:29:51 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/29 16:29:51 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/29 16:29:51 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/29 16:29:51 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/29 16:29:51 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/29 16:29:51 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/29 16:29:51 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/29 16:29:51 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/29 16:29:51 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/29 16:29:51 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/29 16:29:51 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/29 16:20:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/29 16:20:27 | 000,730,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/29 16:02:07 | 000,001,129 | ---- | M] () -- C:\Users\HERGENROEDER\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/29 16:02:07 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/29 15:44:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/07/29 15:31:26 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/07/29 15:31:26 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/07/29 15:29:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/08 07:19:18 | 000,101,464 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 23:30:42 | 000,000,512 | ---- | C] () -- C:\Users\HERGENROEDER\Desktop\MBR.dat
[2012/08/01 19:09:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/01 19:09:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/01 19:09:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/01 19:09:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/01 19:09:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/01 19:08:20 | 000,881,494 | ---- | C] () -- C:\Users\HERGENROEDER\Desktop\SecurityCheck.exe
[2012/08/01 19:05:09 | 000,000,000 | ---- | C] () -- C:\Users\HERGENROEDER\defogger_reenable
[2012/08/01 18:58:24 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\HostsMan.lnk
[2012/07/30 22:40:16 | 000,002,556 | ---- | C] () -- C:\Users\HERGENROEDER\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/07/30 19:40:15 | 000,050,477 | ---- | C] () -- C:\Users\HERGENROEDER\Desktop\Defogger.exe
[2012/07/30 18:25:48 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2012/07/30 18:25:14 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Seasons.lnk
[2012/07/30 18:24:43 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2012/07/30 18:22:06 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/07/29 21:05:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/29 21:05:43 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/29 20:46:34 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/29 20:46:34 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/29 20:26:51 | 000,001,345 | ---- | C] () -- C:\Users\HERGENROEDER\Desktop\Media Center.lnk
[2012/07/29 17:59:42 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/07/29 17:58:15 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/07/29 17:58:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/07/29 17:58:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/07/29 17:57:53 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/07/29 16:29:54 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/29 16:29:51 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/29 16:02:07 | 000,001,129 | ---- | C] () -- C:\Users\HERGENROEDER\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/29 16:02:07 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/29 15:52:16 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/29 15:50:30 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/29 15:50:21 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/29 15:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/29 15:41:00 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/07/29 15:41:00 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/07/29 15:41:00 | 000,233,765 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/07/29 15:41:00 | 000,166,704 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/07/29 15:41:00 | 000,032,635 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/07/29 15:41:00 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/29 15:41:00 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2012/07/29 15:31:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/29 15:31:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/29 15:29:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/29 15:28:34 | 3019,333,632 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/29 13:57:07 | 000,001,433 | ---- | C] () -- C:\Users\HERGENROEDER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/29 13:38:35 | 000,001,405 | ---- | C] () -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/29 13:38:32 | 000,001,439 | ---- | C] () -- C:\Users\HERGENROEDER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/29 13:38:12 | 000,000,290 | ---- | C] () -- C:\Users\HERGENROEDER\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/29 13:38:12 | 000,000,272 | ---- | C] () -- C:\Users\HERGENROEDER\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/10 23:45:16 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

< End of report >



Attached Files

  • Attached File  MBR.zip   595bytes   0 downloads

Edited by herg62123, 02 August 2012 - 12:58 AM.

Posted Image

#8 herg62123

herg62123
  • Topic Starter

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 02 August 2012 - 01:02 AM

double post - deleted

Edited by herg62123, 02 August 2012 - 01:04 AM.

Posted Image

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:49 AM

Posted 02 August 2012 - 12:48 PM

----------Step 1----------------
Your system appears to be clean. Please run this online scan to verify there aren't any remnants left that we may have missed:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


----------Step 2----------------

The other issue is boot up till login screen takes 3 to 4 minutes. I know this is not correct. I just not sure what the issue could be.

Let's see if we can speed up your computer a little:

I have provided some information that I think you may find useful regarding slow computers. Take a look, and let me know if there's anything else I can help you with.

1. Take a look at this page created by miekiemoes on slow systems, and some things you can try to do to try to improve it. Help! My computer is slow!

2. You may have a lot of processes running at startup that are unnecessary, and can cause a system slowdown.
  • Please download Malwarebytes' StartUpLite and save it to your Desktop.
  • Double-click StartUpLite.exe to run the program.
  • This will display all unnecessary startup entries.
  • Select all options you would like executed, then select Continue.
  • I recommend you disable them all, and see if there is any improvement in the computer's speed.
3. I recommend that you uninstall and delete any old/unused applications:
  • I'd use Revo Uninstaller (Freeware) to do so. You can find it here. Then please run Revo Uninstaller.
  • Please click Uninstall icon to uninstall the selected program.
    Posted Image
  • Please choose Advanced.
    Posted Image
  • Then click Next and follow the prompts.
  • Please click Select All (1.) and Delete (2.)
    Posted Image
  • to delete all Registry items, folders and files listed by Revo.
  • If asked to restart the computer, please do so immediately.
4. You may also want to look into increasing the pagefile size for your system.
  • These links should provide you with the information you need to do so:
  • http://windows.microsoft.com/en-us/windows-vista/Change-the-size-of-virtual-memory
  • http://www.vistax64.com/tutorials/132201-virtual-memory-paging-file-change.html
  • http://www.howtogeek.com/?post_type=post&p=243

If you have any questions, don't hesitate to ask. :)

#10 herg62123

herg62123
  • Topic Starter

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 03 August 2012 - 08:39 PM

I have already done 1 thru 3 before we talked but number 4 I did not.

I increased the pagefile size and the slow boot time has stopped.

Now for the freezing I am still looking into.

So for now I will say this is closed and thank you for your time and effort.
Posted Image

#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:49 AM

Posted 04 August 2012 - 11:33 AM

Do you have the ESET scanner log? I'd like to at least confirm that you're clean before we wrap things up.

#12 herg62123

herg62123
  • Topic Starter

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 04 August 2012 - 12:24 PM

I am at work right now for another 5 more hours and I will run eset and post it when it is finished.
Posted Image

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:49 AM

Posted 04 August 2012 - 03:59 PM

Sounds good. Keep me posted.

#14 herg62123

herg62123
  • Topic Starter

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:49 AM

Posted 05 August 2012 - 10:08 PM

I was taking to long to fix my fathers computer so he asked me to use a hard drive wipe tool and do a fresh install. Sorry I could not do anything. That was his wish and since it is his computer I did just that.
Posted Image

#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:49 AM

Posted 05 August 2012 - 10:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users