Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero access doozy


  • This topic is locked This topic is locked
18 replies to this topic

#1 goingoutofmyhead

goingoutofmyhead

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 18 January 2013 - 05:24 AM

Hi,

as my name no doubt indicates, I'm going out of my head with this one. I've been removing malware from computers for years, but this one's just getting a bit too much for my brain atm (I've been awake for 7 days now, and while I've managed to have some progress, I just don't have the mental capacity left to fight this anymore. The system is running Win7 64bit. Which sucks, cos it looks like there's some awesome tools, which only seem to work on 32bit systems :(
No anti-malware/virus software will detect what I have (not all of it anyway). I've tried malwarebytes and the AR version, combofix, just about every zero access removal tool around, and nothing will do it. They all come back clean.

I have been trying to reverse engineer the thing by tracing files and stuff through registry etc, but the list just gets bigger and bigger. Then I have the problem of actually removing it. :\
I'm not sure if it is 100% zero access, or perhaps some new variant, but zero access is the closest I've seen so far. It differs in that whoever's behind the malware, has made some kind of hard link or.... my brain's not working well enough to think of the name of the other type.. anyway, it's like the computer is logging in to a domain, even though it's in a workgroup. It's now running logon and logoff scripts that come from whatever server it's coming from, and I'm pretty sure they've been replicating the system to their servers. It started out using either flash, or an nvidia driver to put up a dummy desktop which would trick a user in to thinking they are using their own computer, when really it's just a virtual machine made to look like it. I think I've gotten rid of that component, but not 100% sure. There are still services in the system that drive it (Display replication or something), and if you look in device manager, and show hidden devices, there's about 15-20 hidden components which are clearly there to drive a virtual machine and other stuff.
At one point, they were even using some remote terminal service to alter my modem config so I couldn't get online. (Kept putting in a static route that went nowhere [or at least somewhere I couldn't get dns])
I don't know how they managed that yet as my modem is locked down pretty tight, and even a support call to d-link couldn't get that resolved. I ended up stopping that by making another subnet behind the modem using another router.

So yeah... I think I've stopped the frontline attacks, but now I'm left with a system that I just can't seem to clean without breaking windows.
Any help would be greatly appreciated. I've attached a quick scan from OTL so you can see that there is something there, but it goes a LOT deeper than this scan indicates. (I just didn't want to spam this page in case you want a different log to start with. Please advise what you would like to see, and I'll happily provide. I'm not gonna continue this attack on my own as I'm completely brain dead after so many days of no sleep...

[edit]Dunno if it makes a difference or not, but I was running Kaspersky 2012 when I got it. I'm not sure if it may or may not have actually been using the kaspersky "saferun" module at some stage...when I rebooted in to the kaspersky rescue disc environment, it managed to lodge itself inside there too.. I'm REALLY not sure how it managed that.. I was thinking it may have got in to my bios at some stage. I dunno the likely hood of that in this day, but some stuff I was doing gave me suspicions. Is there any way to test? I flashed my bios just in case, but it didn't fill the space available, so I can't be sure.
Another issue I forgot to mention, is my motherboard is an asus with an onboard ssd with expressgate on it. I can see a drive in the rescue disk called ssd. I assume that might be it? It was in there too. Hell it could be back in there again by now. I've given up checking. I just need to find the key to stopping logging on their system without my pc locking up ;)
I have a bunch of reg entries I'm sure contain suspicious entries if that might help.



Here's the scan.

OTL logfile created on: 18/01/2013 7:43:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\$welbot\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 4.70 Gb Available Physical Memory | 78.37% Memory free
11.98 Gb Paging File | 10.63 Gb Available in Paging File | 88.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.43 Gb Total Space | 26.26 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 69.25 Gb Total Space | 23.65 Gb Free Space | 34.15% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1531.39 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
Drive S: | 698.63 Gb Total Space | 116.55 Gb Free Space | 16.68% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 2.07 Gb Free Space | 0.22% Space Free | Partition Type: NTFS
Drive W: | 298.09 Gb Total Space | 179.24 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

Computer Name: WELBOT-PC | User Name: $welbot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 21:43:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\$welbot\Desktop\OTL.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009/02/18 21:31:28 | 000,315,392 | ---- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe
PRC - [2005/04/04 18:58:30 | 003,502,080 | ---- | M] () -- g:\cs2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 18:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- G:\cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- g:\cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 19:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/01/09 18:50:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/05 09:54:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/29 20:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 11:20:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/21 04:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/18 21:31:28 | 000,315,392 | ---- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/15 17:25:32 | 000,036,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys -- (ERmvrDrv)
DRV:64bit: - [2013/01/03 11:24:35 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/04 01:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 09:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/10/21 04:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/01/17 23:21:19 | 000,035,904 | ---- | M] (VirusBlokAda Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\arix1x6e.sys -- (arix1x6e)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/25 11:50:50 | 000,011,848 | ---- | M] (Antiy Labs) [Kernel | On_Demand | Stopped] -- C:\Users\$welbot\Desktop\atool\IRPFile.sys -- (IRPFile)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.tpg.com.au:3128


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage: http://ibrisbanesde/default.aspx
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://ibrisbanesde/default.aspx
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: WGT Golf Challenge = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: Marvel Comics = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: Poppit = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2013/01/15 10:18:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Version Cue CS2] g:\cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKU\S-1-5-21-6954281-1015321383-2352895789-1000..\Run: [SoundMax] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F1D204-4635-4E45-80D6-646A04FA142A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 19:29:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\agl
[2013/01/18 11:30:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/18 10:51:49 | 000,733,296 | ---- | C] (Webroot) -- C:\Users\$welbot\Desktop\wsainstall.exe
[2013/01/18 08:49:25 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\ElevatedDiagnostics
[2013/01/18 00:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
[2013/01/17 23:21:19 | 000,035,904 | ---- | C] (VirusBlokAda Ltd.) -- C:\Windows\SysWow64\drivers\arix1x6e.sys
[2013/01/17 23:07:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/17 23:05:53 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Avg2013
[2013/01/17 23:01:15 | 000,000,000 | ---D | C] -- C:\vba32
[2013/01/17 21:01:31 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\TuneUp Software
[2013/01/17 20:55:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/17 20:55:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\MFAData
[2013/01/17 20:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/17 20:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/17 20:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/15 20:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\$welbot\Desktop\OTL.exe
[2013/01/15 20:36:53 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\Flashfake Removal Tool.app
[2013/01/15 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/01/15 20:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/01/15 20:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2013/01/15 20:03:53 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\atool
[2013/01/15 19:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/15 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tangosoft
[2013/01/15 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Re-Enable V2
[2013/01/15 16:28:51 | 000,864,120 | ---- | C] (ALWIL Software) -- C:\Users\$welbot\Desktop\aswar.exe
[2013/01/15 15:28:13 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\$welbot\Desktop\TDSSKiller.exe
[2013/01/15 15:25:29 | 001,931,088 | ---- | C] (Symantec Corporation) -- C:\Users\$welbot\Desktop\FixTDSS.exe
[2013/01/15 14:36:36 | 000,387,944 | ---- | C] (ESET spol. s r.o.) -- C:\Users\$welbot\Desktop\ESETHfsReader.exe
[2013/01/15 14:01:09 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\$welbot\Desktop\unhide.exe
[2013/01/15 13:03:28 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\$welbot\Desktop\MiniToolBox.exe
[2013/01/15 12:52:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\$welbot\Desktop\HijackThis.exe
[2013/01/15 11:20:56 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\RK_Quarantine
[2013/01/13 22:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/01/13 22:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013/01/13 21:18:50 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/13 20:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/13 15:10:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/13 15:10:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/13 15:10:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/13 07:04:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/13 03:28:42 | 000,000,000 | ---D | C] -- C:\marsscan
[2013/01/13 03:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/13 03:12:21 | 005,023,728 | R--- | C] (Swearware) -- C:\Users\$welbot\Desktop\rainbow_brite.exe
[2013/01/13 02:57:24 | 005,022,206 | R--- | C] (Swearware) -- C:\Users\$welbot\Desktop\combi.exe
[2013/01/13 00:37:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Freedom Scientific
[2013/01/13 00:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Freedom Scientific
[2013/01/13 00:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Scientific Installation Information
[2013/01/13 00:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel
[2013/01/13 00:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Scientific
[2013/01/13 00:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freedom Scientific
[2013/01/12 13:34:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\.swt
[2013/01/12 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Azureus
[2013/01/12 13:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2013/01/11 14:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2013/01/11 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2013/01/11 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013/01/11 05:30:12 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Documents\Adobe
[2013/01/11 04:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
[2013/01/11 04:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Antares Audio Technologies
[2013/01/11 04:24:24 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53 Demo
[2013/01/11 04:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53 Demo
[2013/01/11 04:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2013/01/11 04:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2013/01/11 04:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio
[2013/01/10 20:13:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/01/10 20:05:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013/01/10 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/01/10 19:37:42 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\VS Revo Group
[2013/01/10 19:37:38 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/01/10 19:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/10 19:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/10 17:40:29 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonicProjects
[2013/01/10 17:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonicProjects
[2013/01/10 17:34:24 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013/01/10 17:34:22 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Documents\VirtualDJ
[2013/01/10 13:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoDownloader Lite
[2013/01/10 13:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader Lite
[2013/01/10 13:17:27 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\NeoDownloader
[2013/01/10 05:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2013/01/10 04:15:20 | 000,000,000 | ---D | C] -- C:\Users$welbot
[2013/01/10 03:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
[2013/01/10 01:30:57 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\PACE Anti-Piracy
[2013/01/10 01:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013/01/10 00:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/01/08 13:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013/01/08 13:34:56 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\mIRC
[2013/01/08 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2013/01/06 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\NVIDIA
[2013/01/06 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/05 22:53:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/05 22:29:10 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Audacity
[2013/01/05 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Documents\my games
[2013/01/05 09:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/01/05 09:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/04 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\WinRAR
[2013/01/04 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/04 10:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/04 10:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/01/04 10:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard Professional 4.3.6
[2013/01/04 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2013/01/04 10:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/03 17:46:47 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Adobe
[2013/01/03 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/03 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/03 17:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/01/03 13:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/01/03 13:50:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/01/03 13:28:35 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/01/03 13:28:19 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/01/03 13:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/03 13:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2013/01/03 13:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/03 13:09:36 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/03 13:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/01/03 12:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/01/03 12:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/01/03 12:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/01/03 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Macromedia
[2013/01/03 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Adobe
[2013/01/03 11:57:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/03 11:56:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/03 11:43:17 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Skype
[2013/01/03 11:43:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/01/03 11:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/03 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/03 11:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/01/03 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded
[2013/01/03 10:50:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/01/03 10:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/03 10:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/03 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Google
[2013/01/03 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Deployment
[2013/01/03 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Apps
[2013/01/03 09:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/01/03 03:17:17 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/01/02 22:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/01/02 22:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/01/02 22:21:02 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/01/02 22:21:02 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/01/02 22:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/01/02 22:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/01/02 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/01/02 22:18:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/01/02 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Programs
[2013/01/02 21:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
[2013/01/02 21:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Express Gate
[2013/01/02 21:12:50 | 000,000,000 | ---D | C] -- C:\ASUS.SYS
[2013/01/02 21:12:49 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2013/01/02 21:12:49 | 000,000,000 | ---D | C] -- C:\temp
[2013/01/02 21:12:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/01/02 21:10:16 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2013/01/02 21:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell
[2013/01/02 21:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2013/01/02 21:04:54 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2013/01/02 21:02:05 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/01/02 21:02:05 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/01/02 21:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/01/02 21:02:04 | 001,828,352 | ---- | C] (Creative) -- C:\Windows\SysNative\adi_oal.dll
[2013/01/02 21:02:04 | 001,503,232 | ---- | C] (Creative) -- C:\Windows\SysWow64\adi_oal.dll
[2013/01/02 21:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/01/02 21:01:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
[2013/01/02 21:01:45 | 000,062,464 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll
[2013/01/02 21:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2013/01/02 21:01:12 | 000,174,592 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2013/01/02 21:01:12 | 000,163,840 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFCTPL64.dll
[2013/01/02 21:01:12 | 000,122,880 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFFXCPStr.dll
[2013/01/02 21:01:12 | 000,078,848 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2013/01/02 21:01:12 | 000,078,336 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2013/01/02 21:01:12 | 000,069,120 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2013/01/02 21:01:12 | 000,059,392 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFMAPO64.dll
[2013/01/02 21:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
[2013/01/02 21:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2013/01/02 21:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/01/02 21:00:05 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\InstallShield
[2013/01/02 20:59:55 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/01/02 20:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/01/02 20:59:48 | 000,000,000 | ---D | C] -- C:\Intel
[2013/01/02 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Diagnostics
[2013/01/02 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Malwarebytes
[2013/01/02 19:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/02 17:00:00 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/02 17:00:00 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Searches
[2013/01/02 17:00:00 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/01/02 17:00:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/02 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Identities
[2013/01/02 16:59:52 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Contacts
[2013/01/02 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\VirtualStore
[2013/01/02 16:59:46 | 000,000,000 | --SD | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Videos
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Saved Games
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Pictures
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Music
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Links
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Favorites
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Downloads
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Documents
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Desktop
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\AppData\Local\Temporary Internet Files
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Templates
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Start Menu
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\SendTo
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Recent
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\PrintHood
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\NetHood
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Documents\My Videos
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Documents\My Pictures
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Documents\My Music
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\My Documents
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Local Settings
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\AppData\Local\History
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Cookies
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Application Data
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\AppData\Local\Application Data
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Temp
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Microsoft
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Media Center Programs
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData
[2013/01/02 16:59:41 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/01/02 16:59:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/01/02 15:51:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/01/02 15:51:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/01/18 19:42:36 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/18 19:40:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/18 19:40:21 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 19:38:58 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/01/18 19:09:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/18 18:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 15:59:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 15:59:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 14:47:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/18 14:47:56 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/18 14:47:56 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/18 10:51:50 | 000,733,296 | ---- | M] (Webroot) -- C:\Users\$welbot\Desktop\wsainstall.exe
[2013/01/17 23:21:19 | 000,035,904 | ---- | M] (VirusBlokAda Ltd.) -- C:\Windows\SysWow64\drivers\arix1x6e.sys
[2013/01/17 20:24:02 | 005,023,728 | R--- | M] (Swearware) -- C:\Users\$welbot\Desktop\rainbow_brite.exe
[2013/01/17 20:22:25 | 000,300,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/17 20:13:34 | 000,032,584 | ---- | M] () -- C:\Users\$welbot\Documents\cc_20130117_201324.reg
[2013/01/17 20:06:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/16 11:19:40 | 000,000,000 | -H-- | M] () -- C:\Users\$welbot\Documents\Default.rdp
[2013/01/16 02:10:22 | 000,001,327 | ---- | M] () -- C:\Users\$welbot\Desktop\DownloadHashVerifier.lnk
[2013/01/16 02:03:18 | 000,001,081 | ---- | M] () -- C:\Users\$welbot\Desktop\SXSystemSuite.lnk
[2013/01/16 00:01:31 | 005,022,206 | R--- | M] (Swearware) -- C:\Users\$welbot\Desktop\combi.exe
[2013/01/15 23:58:21 | 000,002,251 | ---- | M] () -- C:\Users\$welbot\Desktop\Google Chrome.lnk
[2013/01/15 20:29:52 | 000,001,795 | ---- | M] () -- C:\Users\$welbot\Desktop\MagicISO.lnk
[2013/01/15 18:13:05 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Re-Enable v2.exe.lnk
[2013/01/15 17:25:32 | 000,036,768 | ---- | M] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/01/15 15:44:55 | 000,864,120 | ---- | M] (ALWIL Software) -- C:\Users\$welbot\Desktop\aswar.exe
[2013/01/15 15:41:03 | 005,562,563 | ---- | M] () -- C:\Users\$welbot\Desktop\atool.rar
[2013/01/15 15:28:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\$welbot\Desktop\TDSSKiller.exe
[2013/01/15 15:25:29 | 001,931,088 | ---- | M] (Symantec Corporation) -- C:\Users\$welbot\Desktop\FixTDSS.exe
[2013/01/15 14:36:36 | 000,387,944 | ---- | M] (ESET spol. s r.o.) -- C:\Users\$welbot\Desktop\ESETHfsReader.exe
[2013/01/15 14:01:09 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\$welbot\Desktop\unhide.exe
[2013/01/15 13:04:19 | 000,881,914 | ---- | M] () -- C:\Users\$welbot\Desktop\SecurityCheck.exe
[2013/01/15 13:03:28 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\$welbot\Desktop\MiniToolBox.exe
[2013/01/15 12:52:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\$welbot\Desktop\HijackThis.exe
[2013/01/15 11:19:46 | 000,764,416 | ---- | M] () -- C:\Users\$welbot\Desktop\winfree.exe
[2013/01/15 10:18:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/13 21:18:50 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/12 13:17:38 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/01/12 13:17:38 | 000,001,844 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/01/11 14:45:06 | 000,001,548 | ---- | M] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013/01/10 23:10:32 | 000,001,611 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2013/01/10 19:37:38 | 000,000,997 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/10 17:34:24 | 000,000,578 | ---- | M] () -- C:\Users\$welbot\Desktop\VirtualDJ Home FREE.lnk
[2013/01/10 13:17:27 | 000,001,122 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\NeoDownloader Lite.lnk
[2013/01/10 13:17:27 | 000,001,098 | ---- | M] () -- C:\Users\$welbot\Desktop\NeoDownloader Lite.lnk
[2013/01/08 13:36:02 | 000,006,811 | ---- | M] () -- C:\Users\$welbot\Documents\mirc.ini
[2013/01/08 13:34:59 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013/01/06 13:42:15 | 000,000,179 | ---- | M] () -- C:\Users\$welbot\Desktop\Cave Story+.url
[2013/01/06 12:19:27 | 000,001,081 | ---- | M] () -- C:\Users\$welbot\Desktop\Doom3BFG.exe - Shortcut.lnk
[2013/01/06 10:36:07 | 000,000,208 | ---- | M] () -- C:\Users\$welbot\Desktop\Half Minute Hero Super Mega Neo Climax Ultimate Boy.url
[2013/01/05 22:29:02 | 000,000,553 | ---- | M] () -- C:\Users\$welbot\Desktop\Audacity.lnk
[2013/01/05 09:53:00 | 000,000,638 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/04 10:15:48 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 4.3.6.lnk
[2013/01/03 17:45:39 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/03 15:49:26 | 000,001,433 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/03 15:44:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/03 15:44:05 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/03 14:48:30 | 000,001,129 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/01/03 13:10:36 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/01/03 11:24:35 | 000,398,112 | ---- | M] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys
[2013/01/03 11:20:58 | 000,001,219 | ---- | M] () -- C:\Users\$welbot\Desktop\StreamArmor.lnk
[2013/01/03 11:16:03 | 000,001,243 | ---- | M] () -- C:\Users\$welbot\Desktop\SpyDLLRemover.lnk
[2013/01/02 21:14:13 | 000,037,289 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2013/01/02 21:12:51 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Express Gate Updater.lnk
[2013/01/02 21:02:05 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/01/02 21:02:05 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/01/02 20:58:59 | 000,026,388 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2013/01/02 15:54:52 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/01/02 15:54:52 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/01/02 15:52:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/12/30 21:43:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\$welbot\Desktop\OTL.exe
[2012/12/29 20:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/12/29 18:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

========== Files Created - No Company Name ==========

[2013/01/17 20:22:17 | 000,300,352 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/17 20:13:30 | 000,032,584 | ---- | C] () -- C:\Users\$welbot\Documents\cc_20130117_201324.reg
[2013/01/17 20:06:49 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/16 11:19:40 | 000,000,000 | -H-- | C] () -- C:\Users\$welbot\Documents\Default.rdp
[2013/01/16 02:10:22 | 000,001,327 | ---- | C] () -- C:\Users\$welbot\Desktop\DownloadHashVerifier.lnk
[2013/01/16 02:03:18 | 000,001,081 | ---- | C] () -- C:\Users\$welbot\Desktop\SXSystemSuite.lnk
[2013/01/15 20:29:52 | 000,001,795 | ---- | C] () -- C:\Users\$welbot\Desktop\MagicISO.lnk
[2013/01/15 18:13:05 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Re-Enable v2.exe.lnk
[2013/01/15 17:25:32 | 000,036,768 | ---- | C] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/01/15 15:40:59 | 005,562,563 | ---- | C] () -- C:\Users\$welbot\Desktop\atool.rar
[2013/01/15 13:42:17 | 000,095,744 | ---- | C] () -- C:\Users\$welbot\Desktop\rku37300509.exe
[2013/01/15 13:03:56 | 000,881,914 | ---- | C] () -- C:\Users\$welbot\Desktop\SecurityCheck.exe
[2013/01/15 11:19:46 | 000,764,416 | ---- | C] () -- C:\Users\$welbot\Desktop\winfree.exe
[2013/01/13 15:10:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/13 15:10:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/13 15:10:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/13 15:10:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/13 15:10:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/12 13:17:38 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/01/12 13:17:38 | 000,001,844 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/01/12 13:17:38 | 000,001,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2013/01/11 14:45:06 | 000,001,548 | ---- | C] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013/01/10 23:10:33 | 000,001,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
[2013/01/10 23:10:32 | 000,001,611 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2013/01/10 20:13:17 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2013/01/10 20:13:03 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2013/01/10 20:11:54 | 000,000,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2013/01/10 20:06:48 | 000,001,647 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013/01/10 20:06:48 | 000,001,642 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013/01/10 20:06:21 | 000,001,631 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013/01/10 19:37:38 | 000,000,997 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/10 17:34:24 | 000,000,578 | ---- | C] () -- C:\Users\$welbot\Desktop\VirtualDJ Home FREE.lnk
[2013/01/10 13:17:27 | 000,001,122 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\NeoDownloader Lite.lnk
[2013/01/10 13:17:27 | 000,001,098 | ---- | C] () -- C:\Users\$welbot\Desktop\NeoDownloader Lite.lnk
[2013/01/08 19:41:48 | 000,118,342 | ---- | C] () -- C:\Users\$welbot\Desktop\xxxxxx.rtf
[2013/01/08 19:41:48 | 000,001,388 | ---- | C] () -- C:\Users\$welbot\Desktop\letter_of_claim.rtf
[2013/01/08 19:41:48 | 000,000,931 | ---- | C] () -- C:\Users\$welbot\Desktop\cover_letter.rtf
[2013/01/08 13:36:02 | 000,006,811 | ---- | C] () -- C:\Users\$welbot\Documents\mirc.ini
[2013/01/08 13:34:59 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013/01/06 13:42:15 | 000,000,179 | ---- | C] () -- C:\Users\$welbot\Desktop\Cave Story+.url
[2013/01/06 12:19:27 | 000,001,081 | ---- | C] () -- C:\Users\$welbot\Desktop\Doom3BFG.exe - Shortcut.lnk
[2013/01/06 10:36:07 | 000,000,208 | ---- | C] () -- C:\Users\$welbot\Desktop\Half Minute Hero Super Mega Neo Climax Ultimate Boy.url
[2013/01/05 22:29:02 | 000,000,553 | ---- | C] () -- C:\Users\$welbot\Desktop\Audacity.lnk
[2013/01/05 22:29:02 | 000,000,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/01/05 09:53:00 | 000,000,638 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/04 10:15:48 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 4.3.6.lnk
[2013/01/03 17:45:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/03 17:45:39 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/03 15:44:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/03 15:44:05 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/03 14:48:30 | 000,001,129 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/01/03 13:29:36 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2013/01/03 13:29:20 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/01/03 13:28:04 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/01/03 13:28:00 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/01/03 13:28:00 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/01/03 13:27:54 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013/01/03 13:27:54 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/01/03 13:10:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/01/03 11:57:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 11:49:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/03 11:36:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/03 11:20:58 | 000,001,219 | ---- | C] () -- C:\Users\$welbot\Desktop\StreamArmor.lnk
[2013/01/03 11:16:03 | 000,001,243 | ---- | C] () -- C:\Users\$welbot\Desktop\SpyDLLRemover.lnk
[2013/01/03 10:05:24 | 000,002,251 | ---- | C] () -- C:\Users\$welbot\Desktop\Google Chrome.lnk
[2013/01/03 10:04:22 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 10:04:20 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/02 22:21:34 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/01/02 21:14:38 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2013/01/02 21:12:51 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Express Gate Updater.lnk
[2013/01/02 20:59:05 | 000,037,289 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/01/02 20:58:51 | 000,026,388 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/01/02 19:31:52 | 000,001,433 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/02 17:00:23 | 000,001,405 | ---- | C] () -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/01/02 17:00:21 | 000,001,439 | ---- | C] () -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/02 16:59:46 | 000,000,290 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/01/02 16:59:46 | 000,000,272 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/01/02 15:54:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/01/02 15:54:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/01/02 15:52:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/01/02 15:51:32 | 529,879,039 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 06:09:26 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\Audacity
[2013/01/17 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\Azureus
[2013/01/13 00:15:17 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\Freedom Scientific
[2013/01/10 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\NeoDownloader
[2013/01/10 01:31:43 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\PACE Anti-Piracy
[2013/01/17 21:01:31 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:2CFDCA54
@Alternate Data Stream - 1545 bytes -> C:\ProgramData\Microsoft:heq5ghJMxF0lrUpCZB
@Alternate Data Stream - 1431 bytes -> C:\ProgramData\Microsoft:pOXaRqcXD7qyQxVkWC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:48A9EADC

< End of report >

Edited by goingoutofmyhead, 18 January 2013 - 07:41 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 AM

Posted 18 January 2013 - 10:52 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 18 January 2013 - 06:37 PM

Hi! Thanks for the quick reply! Here's the scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 19-01-2013 09:28:29
Running from L:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Version Cue CS2] "g:\cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [x]
HKU\$welbot\...\Run: [SoundMax] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray [3866624 2009-05-17] (Analog Devices, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ===================

2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
2 MDES; C:\ASUS.SYS\CONFIG\DVMExportService.exe [315392 2009-02-18] (DeviceVM)
2 Adobe Version Cue CS2; "C:\cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

3 arix1x6e; C:\Windows\SysWow64\Drivers\arix1x6e.sys [35904 2013-01-17] (VirusBlokAda Ltd.)
3 ERmvrDrv; \??\C:\Windows\system32\drivers\ERKRmvrDrv.sys [36768 2013-01-14] ()
3 IRPFile; \??\C:\Users\$welbot\Desktop\atool\IrpFile.sys [11848 2008-07-24] (Antiy Labs)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
0 mv61xx; C:\Windows\System32\Drivers\mv61xx.sys [181040 2011-02-08] (Marvell Semiconductor, Inc.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 aswArKrn; \??\C:\Users\$welbot\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\2\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-18 15:09 - 2013-01-18 15:09 - 00000000 ____D C:\FRST
2013-01-18 14:58 - 2013-01-18 14:58 - 01464233 ____A (Farbar) C:\Users\$welbot\Desktop\FRST64.exe
2013-01-18 01:54 - 2013-01-18 01:54 - 00688992 ____A (Swearware) C:\Users\$welbot\Desktop\dds.scr
2013-01-18 01:46 - 2013-01-18 01:46 - 00121336 ____A C:\Users\$welbot\Desktop\OTL.Txt
2013-01-17 22:09 - 2013-01-17 22:10 - 00000000 ____D C:\Users\$welbot\Desktop\agl
2013-01-17 16:51 - 2013-01-17 16:51 - 00733296 ____A (Webroot) C:\Users\$welbot\Desktop\wsainstall.exe
2013-01-17 05:22 - 2013-01-17 05:22 - 00066400 ____A C:\Users\$welbot\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-17 05:21 - 2013-01-17 05:21 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\arix1x6e.sys
2013-01-17 05:05 - 2013-01-17 05:05 - 00000000 ____D C:\Users\$welbot\AppData\Local\Avg2013
2013-01-17 05:01 - 2013-01-17 15:02 - 00000000 ____D C:\vba32
2013-01-17 03:28 - 2013-01-17 03:41 - 138450944 ____A C:\Users\$welbot\Downloads\vbarescue.iso
2013-01-17 03:01 - 2013-01-17 03:01 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\TuneUp Software
2013-01-17 02:55 - 2013-01-17 05:06 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-17 02:55 - 2013-01-17 02:55 - 00000000 ____D C:\Users\$welbot\AppData\Local\MFAData
2013-01-17 02:22 - 2013-01-18 15:23 - 00000504 ____A C:\Windows\setupact.log
2013-01-17 02:22 - 2013-01-18 01:40 - 00004024 ____A C:\Windows\PFRO.log
2013-01-17 02:22 - 2013-01-17 02:22 - 00300352 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-17 02:22 - 2013-01-17 02:22 - 00000000 ____A C:\Windows\setuperr.log
2013-01-17 02:13 - 2013-01-17 02:13 - 00032584 ____A C:\Users\$welbot\Documents\cc_20130117_201324.reg
2013-01-17 02:06 - 2013-01-17 02:06 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-01-17 02:06 - 2013-01-17 02:06 - 00000000 ____D C:\Program Files\CCleaner
2013-01-15 17:19 - 2013-01-15 17:19 - 00000000 ___AH C:\Users\$welbot\Documents\Default.rdp
2013-01-15 14:05 - 2013-01-16 05:29 - 00028305 ____A C:\Users\$welbot\Desktop\blah.txt
2013-01-15 08:10 - 2013-01-15 08:10 - 00001327 ____A C:\Users\UpdatusUser\Desktop\DownloadHashVerifier.lnk
2013-01-15 08:10 - 2013-01-15 08:10 - 00001327 ____A C:\Users\$welbot\Desktop\DownloadHashVerifier.lnk
2013-01-15 08:03 - 2013-01-15 08:03 - 00001081 ____A C:\Users\UpdatusUser\Desktop\SXSystemSuite.lnk
2013-01-15 08:03 - 2013-01-15 08:03 - 00001081 ____A C:\Users\$welbot\Desktop\SXSystemSuite.lnk
2013-01-15 02:39 - 2012-12-30 03:43 - 00602112 ____A (OldTimer Tools) C:\Users\$welbot\Desktop\OTL.exe
2013-01-15 02:36 - 2012-04-12 06:47 - 00000000 ____D C:\Users\$welbot\Desktop\Flashfake Removal Tool.app
2013-01-15 02:29 - 2013-01-15 02:29 - 00001795 ____A C:\Users\UpdatusUser\Desktop\MagicISO.lnk
2013-01-15 02:29 - 2013-01-15 02:29 - 00001795 ____A C:\Users\$welbot\Desktop\MagicISO.lnk
2013-01-15 02:29 - 2013-01-15 02:29 - 00000000 ____D C:\Program Files (x86)\MagicISO
2013-01-15 02:03 - 2008-09-17 23:14 - 00000000 ____D C:\Users\$welbot\Desktop\atool
2013-01-15 01:15 - 2013-01-15 01:15 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2013-01-15 00:13 - 2013-01-15 00:13 - 00001157 ____A C:\Users\Public\Desktop\Re-Enable v2.exe.lnk
2013-01-15 00:13 - 2013-01-15 00:13 - 00000000 ____D C:\Program Files (x86)\Tangosoft
2013-01-14 23:25 - 2013-01-14 23:25 - 00036768 ____A C:\Windows\System32\Drivers\ERKRmvrDrv.sys
2013-01-14 22:58 - 2013-01-14 22:58 - 00007439 ____A C:\Users\$welbot\Desktop\hijackthis.log
2013-01-14 22:48 - 2013-01-14 22:51 - 52243384 ____A C:\Users\$welbot\Desktop\aswar.log
2013-01-14 22:28 - 2013-01-14 21:44 - 00864120 ____A (ALWIL Software) C:\Users\$welbot\Desktop\aswar.exe
2013-01-14 22:26 - 2013-01-14 22:27 - 00003989 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
2013-01-14 22:12 - 2013-01-15 07:50 - 00003512 ____A C:\Users\$welbot\Desktop\unhide.txt
2013-01-14 21:40 - 2013-01-14 21:41 - 05562563 ____A C:\Users\$welbot\Desktop\atool.rar
2013-01-14 21:28 - 2013-01-14 21:28 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\$welbot\Desktop\TDSSKiller.exe
2013-01-14 21:25 - 2013-01-14 21:25 - 01931088 ____A (Symantec Corporation) C:\Users\$welbot\Desktop\FixTDSS.exe
2013-01-14 20:36 - 2013-01-14 20:36 - 00387944 ____A (ESET spol. s r.o.) C:\Users\$welbot\Desktop\ESETHfsReader.exe
2013-01-14 20:01 - 2013-01-14 20:01 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\$welbot\Desktop\unhide.exe
2013-01-14 19:42 - 2007-10-03 16:44 - 00095744 ____A () C:\Users\$welbot\Desktop\rku37300509.exe
2013-01-14 19:10 - 2013-01-15 14:01 - 00057137 ____A C:\Users\$welbot\Desktop\Result.txt
2013-01-14 19:03 - 2013-01-14 19:04 - 00881914 ____A C:\Users\$welbot\Desktop\SecurityCheck.exe
2013-01-14 19:03 - 2013-01-14 19:03 - 00752287 ____A (Farbar) C:\Users\$welbot\Desktop\MiniToolBox.exe
2013-01-14 18:52 - 2013-01-14 18:52 - 00388608 ____A (Trend Micro Inc.) C:\Users\$welbot\Desktop\HijackThis.exe
2013-01-14 17:20 - 2013-01-18 14:30 - 00000000 ____D C:\Users\$welbot\Desktop\RK_Quarantine
2013-01-14 17:19 - 2013-01-14 17:19 - 00764416 ____A C:\Users\$welbot\Desktop\winfree.exe
2013-01-14 15:43 - 2013-01-16 04:12 - 00028313 ____A C:\Users\$welbot\Desktop\54646742.txt
2013-01-14 03:14 - 2013-01-14 03:14 - 00008124 ____A C:\Users\$welbot\Downloads\backupsettings (1).conf
2013-01-13 15:42 - 2013-01-15 00:26 - 00001515 ____A C:\Users\$welbot\Desktop\broscos.txt
2013-01-13 04:16 - 2013-01-13 04:16 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-01-13 03:18 - 2013-01-13 03:18 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-01-13 02:53 - 2013-01-13 17:34 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-13 02:50 - 2013-01-13 02:47 - 00011780 ____A C:\Users\$welbot\Desktop\!Default_W7_Ultimate_64_SP1_Start_v100.txt.reg
2013-01-12 22:31 - 2013-01-12 22:31 - 00007177 ____A C:\Users\$welbot\Downloads\backupsettings.conf
2013-01-12 21:10 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-12 21:10 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-12 21:10 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-12 21:10 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-12 21:10 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-01-12 21:10 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-12 21:10 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-12 21:10 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-12 13:12 - 2013-01-12 19:29 - 00000000 ____A C:\Windows\SysWOW64\DllHost.exe.Z-missing.txt
2013-01-12 13:04 - 2013-01-18 14:30 - 00000000 ____D C:\Windows\erdnt
2013-01-12 12:54 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-01-12 12:54 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-01-12 12:54 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-01-12 12:54 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-12 12:54 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-01-12 12:54 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-12 12:54 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-12 12:54 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-01-12 12:54 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-01-12 12:54 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-01-12 12:54 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-01-12 12:54 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-01-12 12:54 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-01-12 12:54 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-01-12 12:54 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-01-12 12:54 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-01-12 12:54 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-12 12:54 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-01-12 12:54 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-01-12 12:54 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-01-12 12:54 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-01-12 12:54 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-01-12 12:54 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-01-12 12:54 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-01-12 09:28 - 2013-01-18 14:30 - 00000000 ____D C:\marsscan
2013-01-12 09:20 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-12 09:12 - 2013-01-17 02:24 - 05023728 ___RA (Swearware) C:\Users\$welbot\Desktop\rainbow_brite.exe
2013-01-12 08:57 - 2013-01-15 06:01 - 05022206 ____R (Swearware) C:\Users\$welbot\Desktop\combi.exe
2013-01-12 06:37 - 2013-01-18 14:30 - 00000000 ____D C:\Qoobox
2013-01-12 06:15 - 2013-01-12 06:15 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Freedom Scientific
2013-01-12 06:13 - 2013-01-12 06:13 - 00000000 ____D C:\Users\All Users\Freedom Scientific
2013-01-12 06:13 - 2013-01-12 06:13 - 00000000 ____D C:\Program Files\Freedom Scientific Installation Information
2013-01-12 06:02 - 2013-01-12 07:09 - 00000000 ____D C:\Program Files\Freedom Scientific
2013-01-12 06:02 - 2013-01-12 06:02 - 00000000 ____D C:\Program Files (x86)\Freedom Scientific
2013-01-11 19:34 - 2013-01-11 19:34 - 00000000 ____D C:\Users\$welbot\.swt
2013-01-11 19:17 - 2013-01-17 02:09 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Azureus
2013-01-11 19:17 - 2013-01-11 19:33 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-01-11 19:17 - 2013-01-11 19:17 - 00001844 ____A C:\Users\Public\Desktop\Vuze.lnk
2013-01-10 20:46 - 2013-01-10 21:10 - 00000000 ____D C:\Program Files (x86)\Screaming Bee
2013-01-10 20:45 - 2013-01-11 21:38 - 00000000 ____D C:\Users\All Users\Screaming Bee
2013-01-10 20:45 - 2013-01-10 20:45 - 00001548 ____A C:\Users\Public\Desktop\MorphVOX Pro.lnk
2013-01-10 11:30 - 2013-01-10 11:30 - 00000000 ____D C:\Users\$welbot\Documents\Adobe
2013-01-10 10:58 - 2013-01-10 10:58 - 00000000 ____D C:\Program Files (x86)\Antares Audio Technologies
2013-01-10 10:24 - 2013-01-10 10:24 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2013-01-10 10:23 - 2013-01-10 10:23 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2013-01-10 05:10 - 2013-01-10 05:10 - 00001611 ____A C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
2013-01-10 02:13 - 2013-01-10 02:13 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-01-10 02:13 - 2004-08-16 16:40 - 00016384 ____A C:\Windows\SysWOW64\FileOps.exe
2013-01-10 02:05 - 2013-01-10 02:05 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-01-10 01:37 - 2013-01-10 01:37 - 00000000 ____D C:\Users\$welbot\AppData\Local\VS Revo Group
2013-01-10 01:37 - 2013-01-10 01:37 - 00000000 ____D C:\Program Files\VS Revo Group
2013-01-10 01:37 - 2009-12-29 18:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2013-01-09 23:34 - 2013-01-09 23:34 - 00000578 ____A C:\Users\$welbot\Desktop\VirtualDJ Home FREE.lnk
2013-01-09 23:34 - 2013-01-09 23:34 - 00000000 ____D C:\Users\$welbot\Documents\VirtualDJ
2013-01-09 19:31 - 2013-01-09 19:32 - 00006623 ____A C:\Users\$welbot\Desktop\url_series.txt
2013-01-09 19:17 - 2013-01-09 19:17 - 00001098 ____A C:\Users\$welbot\Desktop\NeoDownloader Lite.lnk
2013-01-09 19:17 - 2013-01-09 19:17 - 00000000 ____D C:\Users\$welbot\Downloads\NeoDownloader
2013-01-09 19:17 - 2013-01-09 19:17 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\NeoDownloader
2013-01-09 19:17 - 2013-01-09 19:17 - 00000000 ____D C:\Program Files (x86)\NeoDownloader Lite
2013-01-09 10:15 - 2013-01-09 10:15 - 00000000 ____D C:\Users$welbot
2013-01-09 07:30 - 2013-01-09 07:31 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
2013-01-09 07:30 - 2013-01-09 07:31 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\PACE Anti-Piracy
2013-01-09 06:23 - 2013-01-09 06:23 - 00000000 ____D C:\Users\All Users\Sun
2013-01-09 06:22 - 2013-01-11 09:30 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-01-09 06:22 - 2013-01-11 09:30 - 00780192 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-01-09 06:19 - 2013-01-09 06:19 - 09824862 ____A C:\Users\$welbot\Downloads\6918.tmp
2013-01-08 18:51 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 18:51 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-08 18:51 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-08 18:51 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-08 18:51 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-08 18:51 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-08 18:51 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-08 18:51 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-08 18:50 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-08 18:50 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-08 18:49 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-08 18:49 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-08 18:49 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-08 18:49 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-08 18:49 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-08 18:49 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-08 18:49 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-08 18:49 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-08 18:49 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-08 18:49 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-08 18:49 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-08 18:49 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-08 18:49 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-08 18:49 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-08 18:49 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-08 18:49 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-08 18:49 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-08 18:49 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-08 18:49 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-08 18:48 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-08 18:48 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-08 18:48 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-08 18:48 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-08 18:48 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-08 18:48 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-08 18:48 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-08 18:48 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-08 18:48 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-08 18:47 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-08 18:47 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-08 18:47 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-08 18:47 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-08 18:47 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-08 18:47 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-08 18:47 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 18:47 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-08 18:46 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 18:46 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-08 02:55 - 2013-01-14 17:32 - 00000190 ____A C:\Users\$welbot\Desktop\brosco.txt
2013-01-08 01:41 - 2013-01-01 19:09 - 00020416 ____A C:\Users\$welbot\Desktop\Rkill.txt
2013-01-08 01:41 - 2013-01-01 08:04 - 00000288 ____A C:\Users\$welbot\Desktop\RootkitRemover20130102020434.txt
2013-01-08 01:41 - 2012-12-29 14:28 - 00000227 ____A C:\Users\$welbot\Desktop\mbr.log
2013-01-08 01:41 - 2012-12-29 13:17 - 00004843 ____A C:\Users\$welbot\Desktop\svchost.exe.txt
2013-01-08 01:41 - 2012-12-09 04:38 - 00000572 ____A C:\Users\$welbot\Desktop\cover letter.txt
2013-01-08 01:41 - 2012-11-01 19:39 - 00000103 ____A C:\Users\$welbot\Desktop\Julian.txt
2013-01-08 01:41 - 2012-10-14 22:33 - 00000026 ____A C:\Users\$welbot\Desktop\Dr Cunningham.txt
2013-01-08 01:41 - 2012-08-24 22:52 - 00000104 ____A C:\Users\$welbot\Desktop\rego renewal.txt
2013-01-08 01:41 - 2012-08-14 19:38 - 00049599 ____A C:\Users\$welbot\Desktop\DxDiag.txt
2013-01-08 01:41 - 2012-07-25 00:23 - 00000136 ____A C:\Users\$welbot\Desktop\Glenda TRR Auto.txt
2013-01-08 01:41 - 2012-06-10 14:05 - 00000130 ____A C:\Users\$welbot\Desktop\that_bleep_aint_funny.txt
2013-01-08 01:41 - 2012-05-01 05:34 - 00000027 ____A C:\Users\$welbot\Desktop\redchurch minecraft.txt
2013-01-08 01:41 - 2012-04-23 00:31 - 00000054 ____A C:\Users\$welbot\Desktop\lawn mower.txt
2013-01-08 01:41 - 2012-04-15 22:02 - 00000163 ____A C:\Users\$welbot\Desktop\quick and easy finance.txt
2013-01-08 01:41 - 2012-04-15 10:07 - 00000136 ____A C:\Users\$welbot\Desktop\serials.txt
2013-01-08 01:41 - 2012-04-15 00:43 - 00000248 ____A C:\Users\$welbot\Desktop\Natchem Acronis Stuff.txt
2013-01-08 01:41 - 2012-04-13 11:25 - 00000267 ____A C:\Users\$welbot\Desktop\pastry.txt
2013-01-08 01:41 - 2012-04-13 11:23 - 00000141 ____A C:\Users\$welbot\Desktop\JMW Legal.txt
2013-01-08 01:41 - 2012-04-13 11:21 - 00000197 ____A C:\Users\$welbot\Desktop\dynamic customer code.txt
2013-01-08 01:41 - 2012-04-13 11:19 - 00000052 ____A C:\Users\$welbot\Desktop\brian mitchell.txt
2013-01-08 01:41 - 2012-04-13 02:08 - 00000007 ____A C:\Users\$welbot\Desktop\Bank West.txt
2013-01-08 01:41 - 2012-04-11 23:38 - 00000101 ____A C:\Users\$welbot\Desktop\financial ombudsman etc.txt
2013-01-08 01:41 - 2012-03-25 21:54 - 00000044 ____A C:\Users\$welbot\Desktop\DrawSomething.txt
2013-01-08 01:41 - 2011-11-08 23:10 - 00000010 ____A C:\Users\$welbot\Desktop\Joans new number.txt
2013-01-08 01:41 - 2011-10-07 15:44 - 00006739 ____A C:\Users\$welbot\Desktop\japanc_letter.txt
2013-01-08 01:41 - 2011-09-22 14:29 - 00000022 ____A C:\Users\$welbot\Desktop\linda maas - komatsu.txt
2013-01-08 01:41 - 2011-09-01 00:39 - 00001635 ____A C:\Users\$welbot\Desktop\newhouserelated (2).txt
2013-01-08 01:41 - 2011-08-08 18:18 - 00000940 ____A C:\Users\$welbot\Desktop\welbot-it.txt
2013-01-08 01:41 - 2011-08-07 21:00 - 00000017 ____A C:\Users\$welbot\Desktop\xit.txt
2013-01-08 01:41 - 2011-08-01 21:44 - 00000022 ____A C:\Users\$welbot\Desktop\qumulys projector.txt
2013-01-08 01:41 - 2011-08-01 15:18 - 00000085 ____A C:\Users\$welbot\Desktop\natchem hosting.txt
2013-01-08 01:41 - 2011-07-27 17:37 - 00000008 ____A C:\Users\$welbot\Desktop\ftp detials.txt
2013-01-08 01:41 - 2011-06-30 02:52 - 00000057 ____A C:\Users\$welbot\Desktop\tech knight.txt
2013-01-08 01:41 - 2011-06-21 18:45 - 00000682 ____A C:\Users\$welbot\Desktop\amazon_app.txt
2013-01-08 01:41 - 2011-05-30 16:21 - 00000030 ____A C:\Users\$welbot\Desktop\chu-loopa.txt
2013-01-08 01:41 - 2011-05-21 22:00 - 00000078 ____A C:\Users\$welbot\Desktop\haiku.txt
2013-01-08 01:41 - 2011-04-14 19:56 - 00000017 ____A C:\Users\$welbot\Desktop\ABN (1).txt
2013-01-08 01:41 - 2011-04-12 20:03 - 00000023 ____A C:\Users\$welbot\Desktop\next naruto.txt
2013-01-08 01:41 - 2011-02-19 15:34 - 00000014 ____A C:\Users\$welbot\Desktop\jap movie.txt
2013-01-08 01:41 - 2011-02-03 15:18 - 00000046 ____A C:\Users\$welbot\Desktop\super.txt
2013-01-08 01:41 - 2011-01-31 22:34 - 00000147 ____A C:\Users\$welbot\Desktop\tax password.txt
2013-01-08 01:41 - 2010-12-23 01:24 - 00000177 ____A C:\Users\$welbot\Desktop\tech-knight.txt
2013-01-08 01:41 - 2010-12-21 23:12 - 00000192 ____A C:\Users\$welbot\Desktop\pay owing.txt
2013-01-07 19:36 - 2013-01-07 19:36 - 00006811 ____A C:\Users\$welbot\Documents\mirc.ini
2013-01-07 19:34 - 2013-01-13 03:28 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\mIRC
2013-01-07 19:34 - 2013-01-07 19:34 - 00000947 ____A C:\Users\Public\Desktop\mIRC.lnk
2013-01-07 19:34 - 2013-01-07 19:34 - 00000000 ____D C:\Program Files (x86)\mIRC
2013-01-06 21:19 - 2013-01-07 21:27 - 00000089 ____A C:\Users\$welbot\Desktop\Tuesday.txt
2013-01-05 19:42 - 2013-01-05 19:42 - 00000179 ____A C:\Users\$welbot\Desktop\Cave Story+.url
2013-01-05 18:19 - 2013-01-05 18:19 - 00001081 ____A C:\Users\$welbot\Desktop\Doom3BFG.exe - Shortcut.lnk
2013-01-05 18:16 - 2013-01-05 18:16 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\NVIDIA
2013-01-05 17:48 - 2010-06-01 10:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-01-05 17:48 - 2010-06-01 10:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-01-05 17:48 - 2010-05-25 17:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-01-05 17:48 - 2010-05-25 17:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-01-05 17:48 - 2010-05-25 17:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-01-05 17:48 - 2010-05-25 17:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-01-05 17:48 - 2010-05-25 17:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-01-05 17:48 - 2010-05-25 17:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-01-05 17:48 - 2010-02-03 16:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-01-05 17:47 - 2009-09-03 23:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-01-05 17:47 - 2009-09-03 23:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-01-05 17:47 - 2009-09-03 23:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-01-05 17:47 - 2009-09-03 23:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-01-05 17:47 - 2009-09-03 23:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-01-05 17:47 - 2009-09-03 23:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-01-05 17:47 - 2009-09-03 23:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-01-05 17:47 - 2009-03-15 20:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-01-05 17:47 - 2009-03-15 20:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-01-05 17:47 - 2009-03-15 20:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-01-05 17:47 - 2009-03-15 20:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-01-05 17:47 - 2009-03-15 20:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-01-05 17:47 - 2009-03-15 20:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-01-05 17:47 - 2009-03-08 21:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-01-05 17:47 - 2009-03-08 21:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-01-05 17:47 - 2009-03-08 21:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-01-05 17:47 - 2009-03-08 21:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-01-05 17:47 - 2009-03-08 21:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-01-05 17:47 - 2009-03-08 21:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-01-05 17:47 - 2008-10-14 12:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-01-05 17:35 - 2008-10-26 16:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-01-05 17:35 - 2008-10-14 12:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-01-05 17:35 - 2008-10-14 12:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-01-05 17:35 - 2008-10-14 12:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-01-05 17:35 - 2008-10-14 12:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-01-05 17:35 - 2008-10-14 12:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-01-05 17:35 - 2008-07-30 16:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-01-05 17:35 - 2008-07-30 16:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-01-05 17:35 - 2008-07-30 16:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-01-05 17:35 - 2008-07-30 16:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-01-05 17:35 - 2008-07-30 16:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-01-05 17:35 - 2008-07-30 16:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-01-05 17:35 - 2008-07-09 17:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-01-05 17:35 - 2008-07-09 17:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-01-05 17:35 - 2008-07-09 17:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-01-05 17:35 - 2008-07-09 17:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-01-05 17:35 - 2008-07-09 17:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-01-05 17:35 - 2008-07-09 17:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-01-05 17:35 - 2008-05-29 20:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-01-05 17:35 - 2008-05-29 20:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-01-05 17:35 - 2008-05-29 20:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-01-05 17:35 - 2008-05-29 20:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-01-05 17:35 - 2008-05-29 20:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-01-05 17:35 - 2008-05-29 20:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-01-05 17:35 - 2008-05-29 20:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-01-05 17:35 - 2008-05-29 20:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-01-05 17:35 - 2008-05-29 20:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-01-05 17:35 - 2008-05-29 20:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-01-05 17:35 - 2008-05-29 20:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-01-05 17:35 - 2008-05-29 20:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-01-05 17:35 - 2008-05-29 20:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-01-05 17:35 - 2008-05-29 20:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-01-05 17:35 - 2008-03-04 22:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-01-05 17:35 - 2008-03-04 22:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-01-05 17:35 - 2008-03-04 22:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-01-05 17:35 - 2008-03-04 22:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-01-05 17:35 - 2008-03-04 22:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-01-05 17:35 - 2008-03-04 22:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-01-05 17:34 - 2008-03-04 21:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-01-05 17:34 - 2008-03-04 21:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-01-05 17:34 - 2008-03-04 21:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-01-05 17:34 - 2008-03-04 21:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-01-05 17:34 - 2008-02-05 05:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-01-05 17:34 - 2008-02-05 05:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-01-05 17:34 - 2007-10-21 09:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-01-05 17:34 - 2007-10-21 09:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-01-05 17:34 - 2007-10-21 09:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-01-05 17:34 - 2007-10-21 09:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-01-05 17:34 - 2007-10-11 21:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-01-05 17:34 - 2007-10-11 21:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-01-05 17:34 - 2007-10-11 21:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-01-05 17:34 - 2007-10-11 21:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-01-05 17:34 - 2007-10-01 15:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-01-05 17:34 - 2007-10-01 15:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-01-05 17:34 - 2007-07-19 06:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-01-05 17:34 - 2007-07-19 06:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-01-05 17:34 - 2007-07-19 00:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-01-05 17:34 - 2007-07-19 00:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-01-05 17:34 - 2007-07-19 00:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-01-05 17:34 - 2007-07-19 00:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-01-05 17:34 - 2007-07-19 00:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-01-05 17:34 - 2007-07-19 00:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-01-05 17:34 - 2007-06-20 02:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-01-05 17:34 - 2007-06-20 02:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-01-05 17:34 - 2007-05-15 22:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-01-05 17:34 - 2007-05-15 22:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-01-05 17:34 - 2007-05-15 22:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-01-05 17:34 - 2007-05-15 22:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-01-05 17:34 - 2007-05-15 22:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-01-05 17:34 - 2007-05-15 22:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-01-05 17:34 - 2007-04-04 00:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-01-05 17:34 - 2007-04-04 00:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-01-05 17:34 - 2007-03-14 22:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-01-05 17:34 - 2007-03-14 22:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-01-05 17:34 - 2007-03-11 22:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-01-05 17:34 - 2007-03-11 22:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-01-05 17:34 - 2007-03-11 22:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-01-05 17:34 - 2007-03-11 22:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-01-05 17:34 - 2007-03-04 18:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-01-05 17:34 - 2007-03-04 18:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-01-05 17:34 - 2007-01-23 21:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-01-05 17:34 - 2007-01-23 21:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-01-05 17:34 - 2006-12-07 18:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-01-05 17:34 - 2006-12-07 18:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-01-05 17:34 - 2006-11-28 19:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-01-05 17:34 - 2006-11-28 19:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-01-05 17:34 - 2006-11-28 19:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-01-05 17:34 - 2006-11-28 19:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-01-05 17:34 - 2006-09-27 22:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2013-01-05 17:34 - 2006-09-27 22:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-01-05 17:34 - 2006-09-27 22:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-01-05 17:34 - 2006-09-27 22:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-01-05 17:34 - 2006-07-27 15:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-01-05 17:34 - 2006-07-27 15:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-01-05 17:34 - 2006-07-27 15:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-01-05 17:34 - 2006-07-27 15:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-01-05 17:34 - 2006-05-30 13:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-01-05 17:34 - 2006-05-30 13:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-01-05 17:34 - 2006-03-30 18:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-01-05 17:34 - 2006-03-30 18:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-01-05 17:34 - 2006-03-30 18:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-01-05 17:34 - 2006-03-30 18:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-01-05 17:33 - 2006-03-30 18:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2013-01-05 17:33 - 2006-03-30 18:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-01-05 17:33 - 2006-02-02 14:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-01-05 17:33 - 2006-02-02 14:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-01-05 17:33 - 2006-02-02 14:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-01-05 17:33 - 2006-02-02 14:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-01-05 17:33 - 2006-02-02 14:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-01-05 17:33 - 2006-02-02 14:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-01-05 17:33 - 2005-12-05 00:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-01-05 17:33 - 2005-12-05 00:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-01-05 17:33 - 2005-07-22 01:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-01-05 17:33 - 2005-07-22 01:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-01-05 17:33 - 2005-05-25 21:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-01-05 17:33 - 2005-05-25 21:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-01-05 17:33 - 2005-03-17 23:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-01-05 17:33 - 2005-03-17 23:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-01-05 17:33 - 2005-02-05 01:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-01-05 17:33 - 2005-02-05 01:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-01-05 17:24 - 2010-06-01 10:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-01-05 17:24 - 2010-06-01 10:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-01-05 17:24 - 2010-06-01 10:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-01-05 17:24 - 2010-06-01 10:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-01-05 17:24 - 2010-05-25 17:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-01-05 17:24 - 2010-05-25 17:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-01-05 17:24 - 2010-05-25 17:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-01-05 17:24 - 2010-05-25 17:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-01-05 17:24 - 2007-04-04 00:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-01-05 17:24 - 2007-04-04 00:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-01-05 16:36 - 2013-01-05 16:36 - 00000208 ____A C:\Users\$welbot\Desktop\Half Minute Hero Super Mega Neo Climax Ultimate Boy.url
2013-01-05 04:53 - 2013-01-05 04:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-01-05 04:29 - 2013-01-10 12:09 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Audacity
2013-01-05 04:29 - 2013-01-05 04:29 - 00000553 ____A C:\Users\$welbot\Desktop\Audacity.lnk
2013-01-04 16:01 - 2013-01-04 16:01 - 00000000 ____D C:\Users\$welbot\Documents\my games
2013-01-04 15:53 - 2013-01-04 15:53 - 00000638 ____A C:\Users\Public\Desktop\Steam.lnk
2013-01-03 16:23 - 2013-01-07 19:21 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\WinRAR
2013-01-03 16:23 - 2013-01-03 16:23 - 00000000 ____D C:\Program Files\WinRAR
2013-01-03 16:15 - 2013-01-03 16:15 - 00002250 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 4.3.6.lnk
2013-01-03 16:15 - 2013-01-03 16:15 - 00000000 ____D C:\Program Files (x86)\EASEUS
2013-01-02 23:46 - 2013-01-10 11:35 - 00000000 ____D C:\Users\$welbot\AppData\Local\Adobe
2013-01-02 23:45 - 2013-01-02 23:45 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-01-02 23:45 - 2010-12-01 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-01-02 23:43 - 2013-01-10 05:09 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-02 21:44 - 2013-01-02 21:44 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-01-02 21:44 - 2013-01-02 21:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-01-02 21:44 - 2013-01-02 21:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-01-02 21:44 - 2013-01-02 21:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-01-02 21:44 - 2013-01-02 21:44 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-01-02 21:44 - 2013-01-02 21:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-01-02 21:44 - 2013-01-02 21:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-01-02 21:44 - 2013-01-02 21:44 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-01-02 21:44 - 2013-01-02 21:44 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-01-02 21:44 - 2013-01-02 21:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-01-02 21:44 - 2013-01-02 21:44 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-01-02 21:42 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-01-02 21:42 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-01-02 21:42 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-01-02 21:42 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-01-02 21:42 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-01-02 21:42 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-01-02 21:42 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-01-02 21:41 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-01-02 21:41 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-01-02 21:32 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-01-02 21:32 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-01-02 21:32 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-01-02 21:32 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-01-02 21:32 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-01-02 21:32 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-01-02 21:32 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-01-02 21:32 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-01-02 21:32 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-01-02 21:32 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-01-02 21:32 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-01-02 21:32 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-01-02 21:32 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-01-02 21:32 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-01-02 21:31 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-01-02 21:31 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-01-02 21:31 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-01-02 21:31 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-01-02 21:31 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-01-02 21:31 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-01-02 21:31 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-01-02 19:51 - 2013-01-02 19:51 - 00000000 ____D C:\Windows\System32\SPReview
2013-01-02 19:50 - 2013-01-02 19:50 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-02 19:29 - 2010-11-20 05:39 - 05066752 ____A (Microsoft Corporation) C:\Windows\System32\AuthFWSnapin.dll
2013-01-02 19:29 - 2010-11-20 05:33 - 00982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-01-02 19:29 - 2010-11-20 05:33 - 00299392 ____A (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2013-01-02 19:29 - 2010-11-20 05:33 - 00273792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2013-01-02 19:29 - 2010-11-20 05:27 - 14633472 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 03860992 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 03650560 ____A (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 03027968 ____A (Microsoft Corporation) C:\Windows\System32\WMVCORE.DLL
2013-01-02 19:29 - 2010-11-20 05:27 - 03008000 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 02652160 ____A (Microsoft Corporation) C:\Windows\System32\netshell.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 02543616 ____A (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 02086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 02055680 ____A (Microsoft Corporation) C:\Windows\System32\Query.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 02018304 ____A (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01900544 ____A (Microsoft Corporation) C:\Windows\System32\setupapi.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-01-02 19:29 - 2010-11-20 05:27 - 01753088 ____A (Microsoft Corporation) C:\Windows\System32\vssapi.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01743360 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01646080 ____A (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01556992 ____A (Microsoft Corporation) C:\Windows\System32\RacEngn.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01509888 ____A (Microsoft Corporation) C:\Windows\System32\msdtctm.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01326080 ____A (Microsoft Corporation) C:\Windows\System32\NaturalLanguage6.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01281024 ____A (Microsoft Corporation) C:\Windows\System32\werconcpl.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\propsys.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01197056 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01190400 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01110016 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01098240 ____A (Microsoft Corporation) C:\Windows\System32\Vault.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 01008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00867840 ____A (Microsoft Corporation) C:\Windows\System32\SearchFolder.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00849920 ____A (Microsoft Corporation) C:\Windows\System32\qmgr.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00758784 ____A (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00758272 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00750080 ____A (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00695808 ____A (Microsoft Corporation) C:\Windows\System32\netlogon.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00680960 ____A (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00577536 ____A (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\netcfgx.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00512000 ____A (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00488448 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00485888 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00481280 ____A (Microsoft Corporation) C:\Windows\System32\wmpps.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\QAGENTRT.DLL
2013-01-02 19:29 - 2010-11-20 05:27 - 00457216 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00444416 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00326144 ____A (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00312320 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00299520 ____A (Microsoft Corporation) C:\Windows\System32\tsmf.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\ws2_32.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00266240 ____A (Microsoft Corporation) C:\Windows\System32\QAGENT.DLL
2013-01-02 19:29 - 2010-11-20 05:27 - 00263168 ____A (Microsoft Corporation) C:\Windows\System32\spwizui.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00258560 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\umrdp.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00146944 ____A (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-01-02 19:29 - 2010-11-20 05:27 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\tssrvlic.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 04120064 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 03391488 ____A (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 03205120 ____A (Microsoft Corporation) C:\Windows\System32\mmcndmgr.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 02067456 ____A (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 01866240 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 01838080 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 01632256 ____A (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 01340416 ____A (Microsoft Corporation) C:\Windows\System32\diagperf.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 01244160 ____A (Microsoft Corporation) C:\Windows\System32\imapi2fs.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00853504 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-01-02 19:29 - 2010-11-20 05:26 - 00828416 ____A (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00787968 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00784896 ____A (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00777728 ____A (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00658944 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00422912 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00317952 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00295936 ____A (Microsoft Corporation) C:\Windows\System32\framedynos.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00281600 ____A (Microsoft) C:\Windows\System32\DShowRdpFilter.dll
2013-01-02 19:29 - 2010-11-20 05:26 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\LSCSHostPolicy.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 03957760 ____A (Microsoft Corporation) C:\Windows\System32\WinSAT.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 01975296 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 01927680 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\certmgr.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 01600512 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 01504256 ____A (Microsoft Corporation) C:\Windows\System32\wbengine.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00958464 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 00897536 ____A (Microsoft Corporation) C:\Windows\System32\azroles.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 00705024 ____A (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2013-01-02 19:29 - 2010-11-20 05:25 - 00692224 ____A (Microsoft Corporation) C:\Windows\System32\cscsvc.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 00679424 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 00598016 ____A (Microsoft Corporation) C:\Windows\System32\spinstall.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00594432 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\appmgr.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 00464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00390656 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00359424 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00342016 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2013-01-02 19:29 - 2010-11-20 05:25 - 00301568 ____A (Microsoft Corporation) C:\Windows\System32\spreview.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00299520 ____A (Microsoft Corporation) C:\Windows\System32\rdpshell.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\rdpclip.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00095744 ____A C:\Windows\System32\RDVGHelper.exe
2013-01-02 19:29 - 2010-11-20 05:25 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\PushPrinterConnections.exe
2013-01-02 19:29 - 2010-11-20 05:24 - 00653312 ____A (Microsoft Corporation) C:\Windows\System32\lpksetup.exe
2013-01-02 19:29 - 2010-11-20 05:24 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\cmd.exe
2013-01-02 19:29 - 2010-11-20 05:24 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\lsm.exe
2013-01-02 19:29 - 2010-11-20 04:32 - 05066752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2013-01-02 19:29 - 2010-11-20 04:30 - 00079232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdvgumd32.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 11410432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 01667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 01619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-01-02 19:29 - 2010-11-20 04:21 - 01128448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 01115136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 01010688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 00646144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 00597504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 00505856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 00423936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 00351232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-01-02 19:29 - 2010-11-20 04:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2013-01-02 19:29 - 2010-11-20 04:20 - 01414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-01-02 19:29 - 2010-11-20 04:20 - 00573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2013-01-02 19:29 - 2010-11-20 04:20 - 00563712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2013-01-02 19:29 - 2010-11-20 04:20 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2013-01-02 19:29 - 2010-11-20 04:20 - 00406528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-01-02 19:29 - 2010-11-20 04:19 - 03207680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2013-01-02 19:29 - 2010-11-20 04:19 - 02291712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2013-01-02 19:29 - 2010-11-20 04:19 - 01493504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2013-01-02 19:29 - 2010-11-20 04:19 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2013-01-02 19:29 - 2010-11-20 04:19 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 02522624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 01828352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 01371136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 01334272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 01171456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 00522752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 00342016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 00295936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2013-01-02 19:29 - 2010-11-20 04:18 - 00091136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2013-01-02 19:29 - 2010-11-20 04:17 - 00327168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2013-01-02 19:29 - 2010-11-20 04:17 - 00322048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2013-01-02 19:29 - 2010-11-20 04:17 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PushPrinterConnections.exe
2013-01-02 19:29 - 2010-11-20 03:05 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\rdpdd.dll
2013-01-02 19:29 - 2010-11-20 01:27 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys
2013-01-02 19:29 - 2010-11-20 01:25 - 00753664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-01-02 19:29 - 2010-11-20 01:23 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2013-01-02 19:29 - 2010-11-20 01:21 - 00119296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2013-01-02 19:29 - 2010-11-04 18:20 - 00347904 ____A C:\Windows\System32\systemsf.ebd
2013-01-02 19:29 - 2010-11-04 17:58 - 01130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-01-02 19:29 - 2010-11-04 17:58 - 00297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-01-02 19:29 - 2010-11-04 17:57 - 01942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-01-02 19:29 - 2010-11-04 17:57 - 00444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-01-02 19:29 - 2010-11-04 17:57 - 00048976 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-01-02 19:29 - 2010-11-04 17:53 - 00320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-01-02 19:29 - 2010-11-04 17:53 - 00295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-01-02 19:29 - 2010-11-04 17:53 - 00109928 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-01-02 19:29 - 2010-11-04 17:53 - 00099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-01-02 19:29 - 2009-07-13 17:16 - 00629760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pmcsnap.dll
2013-01-02 19:29 - 2009-07-13 17:16 - 00238080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ppcsnap.dll
2013-01-02 19:29 - 2009-07-13 17:16 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2013-01-02 19:28 - 2010-11-20 05:44 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\Narrator.exe
2013-01-02 19:28 - 2010-11-20 05:44 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\NAPHLPR.DLL
2013-01-02 19:28 - 2010-11-20 05:44 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\NAPCRYPT.DLL
2013-01-02 19:28 - 2010-11-20 05:34 - 00363392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2013-01-02 19:28 - 2010-11-20 05:34 - 00295808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-01-02 19:28 - 2010-11-20 05:34 - 00215936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2013-01-02 19:28 - 2010-11-20 05:34 - 00199552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2013-01-02 19:28 - 2010-11-20 05:34 - 00071552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2013-01-02 19:28 - 2010-11-20 05:34 - 00046464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys
2013-01-02 19:28 - 2010-11-20 05:34 - 00034688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00366976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00289664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00263040 ____A (Microsoft Corporation) C:\Windows\System32\hal.dll
2013-01-02 19:28 - 2010-11-20 05:33 - 00213888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00184704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00171392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00155008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00140672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00103808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00094592 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00078720 ____A (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00063360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00052096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00031104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2013-01-02 19:28 - 2010-11-20 05:33 - 00014720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2013-01-02 19:28 - 2010-11-20 05:32 - 02217856 ____A (Microsoft Corporation) C:\Windows\System32\bootres.dll
2013-01-02 19:28 - 2010-11-20 05:32 - 00334208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2013-01-02 19:28 - 2010-11-20 05:32 - 00179072 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2013-01-02 19:28 - 2010-11-20 05:32 - 00155520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-01-02 19:28 - 2010-11-20 05:32 - 00112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-01-02 19:28 - 2010-11-20 05:29 - 00345600 ____A (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2013-01-02 19:28 - 2010-11-20 05:28 - 00780008 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-01-02 19:28 - 2010-11-20 05:28 - 00298104 ____A (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2013-01-02 19:28 - 2010-11-20 05:28 - 00223248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-01-02 19:28 - 2010-11-20 05:28 - 00166784 ____A (Microsoft Corporation) C:\Windows\System32\basecsp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 02262528 ____A (Microsoft Corporation) C:\Windows\System32\SyncCenter.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 02250752 ____A (Microsoft Corporation) C:\Windows\System32\SensorsCpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 02193920 ____A (Microsoft Corporation) C:\Windows\System32\themecpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 02146816 ____A (Microsoft Corporation) C:\Windows\System32\networkmap.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\WMPEncEn.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01911808 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01808384 ____A (Microsoft Corporation) C:\Windows\System32\pnidui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01689600 ____A (Microsoft Corporation) C:\Windows\System32\netcenter.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01672704 ____A (Microsoft Corporation) C:\Windows\System32\networkexplorer.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\wlanpref.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01389056 ____A (Microsoft Corporation) C:\Windows\System32\pla.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01363968 ____A (Microsoft Corporation) C:\Windows\System32\wdc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01243136 ____A (Microsoft Corporation) C:\Windows\System32\WMNetMgr.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01232896 ____A (Microsoft Corporation) C:\Windows\System32\WMADMOD.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\MSMPEG2ENC.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\webservices.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01120768 ____A (Microsoft Corporation) C:\Windows\System32\sdengin2.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01082880 ____A (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01080320 ____A (Microsoft Corporation) C:\Windows\System32\onexui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01050624 ____A (Microsoft Corporation) C:\Windows\System32\printui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 01024512 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00978944 ____A (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 00933888 ____A (Microsoft Corporation) C:\Windows\System32\sqlsrv32.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00933376 ____A (Microsoft Corporation) C:\Windows\System32\SmiEngine.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00898560 ____A (Microsoft Corporation) C:\Windows\System32\OobeFldr.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00812032 ____A (Microsoft Corporation) C:\Windows\System32\wpccpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00799744 ____A (Microsoft Corporation) C:\Windows\System32\msftedit.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00781312 ____A (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00769536 ____A (Microsoft Corporation) C:\Windows\System32\sud.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\sdcpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00691200 ____A (Microsoft Corporation) C:\Windows\System32\VAN.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00666112 ____A (Microsoft Corporation) C:\Windows\System32\WMVSDECD.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 00658432 ____A (Microsoft Corporation) C:\Windows\System32\PerfCenterCPL.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00641024 ____A (Microsoft Corporation) C:\Windows\System32\msscp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00636416 ____A (Microsoft Corporation) C:\Windows\System32\wmdrmdev.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00633344 ____A (Microsoft Corporation) C:\Windows\System32\riched20.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00625664 ____A (Microsoft Corporation) C:\Windows\System32\usercpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00625664 ____A (Microsoft Corporation) C:\Windows\System32\mscms.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00624128 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00605696 ____A (Microsoft Corporation) C:\Windows\System32\wmpeffects.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00594432 ____A (Microsoft Corporation) C:\Windows\System32\wvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00582656 ____A (Microsoft Corporation) C:\Windows\System32\sxs.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00580096 ____A (Microsoft Corporation) C:\Windows\System32\wiaservc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\mspbda.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00568832 ____A (Microsoft Corporation) C:\Windows\System32\scrptadm.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\msdri.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00527872 ____A (Microsoft Corporation) C:\Windows\System32\wmdrmnet.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00501248 ____A (Microsoft Corporation) C:\Windows\System32\WinSATAPI.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\powercpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00483840 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00475136 ____A (Microsoft Corporation) C:\Windows\System32\wlangpui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00462336 ____A (Microsoft Corporation) C:\Windows\System32\wiadefui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00455168 ____A (Microsoft Corporation) C:\Windows\System32\nshipsec.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00451072 ____A (Microsoft Corporation) C:\Windows\System32\shwebsvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00446976 ____A (Microsoft Corporation) C:\Windows\System32\sqlcese30.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\spwizeng.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00435712 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceStatus.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00431104 ____A (Microsoft Corporation) C:\Windows\System32\WPDSp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00429568 ____A (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\termmgr.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\systemcpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00418816 ____A (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00416256 ____A (Microsoft Corporation) C:\Windows\System32\prnfldr.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00414208 ____A (Microsoft Corporation) C:\Windows\System32\wlanui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00409600 ____A (Microsoft Corporation) C:\Windows\System32\photowiz.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00406016 ____A (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00403968 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00392192 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00372736 ____A (Microsoft Corporation) C:\Windows\System32\mtxclu.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\shsvcs.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00366080 ____A (Microsoft Corporation) C:\Windows\System32\zipfldr.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00358400 ____A (Microsoft Corporation) C:\Windows\System32\wmpdxm.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\sharemediacpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00344576 ____A (Microsoft Corporation) C:\Windows\System32\ntprint.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00344064 ____A (Microsoft Corporation) C:\Windows\System32\rasmans.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\srchadmin.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00337920 ____A (Microsoft Corporation) C:\Windows\System32\raschap.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00335360 ____A (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00325632 ____A (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00324096 ____A (Microsoft Corporation) C:\Windows\System32\netdiagfx.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\tapisrv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00313856 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00312832 ____A (Microsoft Corporation) C:\Windows\System32\Wldap32.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\scansetting.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00300032 ____A (Microsoft Corporation) C:\Windows\System32\pdh.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\srrstr.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00268288 ____A (Microsoft Corporation) C:\Windows\System32\MSAC3ENC.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 00264192 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00263168 ____A (Microsoft Corporation) C:\Windows\System32\vpnike.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00255488 ____A (Microsoft Corporation) C:\Windows\System32\wavemsp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\qasf.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00253440 ____A (Microsoft Corporation) C:\Windows\System32\tcpipcfg.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00250880 ____A (Microsoft Corporation) C:\Windows\System32\qdv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00244224 ____A (Microsoft Corporation) C:\Windows\System32\spp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\taskbarcpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00238080 ____A (Microsoft Corporation) C:\Windows\System32\mstask.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00235520 ____A (Microsoft Corporation) C:\Windows\System32\onex.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\winsta.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\scecli.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00232448 ____A (Microsoft Corporation) C:\Windows\System32\sppcomapi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\SndVolSSO.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00224256 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceSyncProvider.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\wmpsrcwp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\QSHVHOST.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 00222720 ____A (Microsoft Corporation) C:\Windows\System32\wwanconn.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00221696 ____A (Microsoft Corporation) C:\Windows\System32\OnLineIDCpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00217600 ____A (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00215552 ____A (Microsoft Corporation) C:\Windows\System32\netiohlp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\wpdwcn.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00211456 ____A (Microsoft Corporation) C:\Windows\System32\rasppp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00207360 ____A (Microsoft Corporation) C:\Windows\System32\sysclass.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00200192 ____A (Microsoft Corporation) C:\Windows\System32\tscfgwmi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00200192 ____A (Microsoft Corporation) C:\Windows\System32\syncui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00193024 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\vdsbas.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00188928 ____A (Microsoft Corporation) C:\Windows\System32\netjoin.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00187904 ____A (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00187904 ____A (Microsoft Corporation) C:\Windows\System32\provsvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\vdsutil.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\prncache.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00181248 ____A (Microsoft Corporation) C:\Windows\System32\qcap.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\twext.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00170496 ____A (Microsoft Corporation) C:\Windows\System32\sdrsvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\tspubwmi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00165376 ____A (Microsoft Corporation) C:\Windows\System32\netid.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\ocsetapi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\prntvpt.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\uxlib.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00153088 ____A (Microsoft Corporation) C:\Windows\System32\remotepg.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00148992 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00146944 ____A (Microsoft Corporation) C:\Windows\System32\recovery.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\sppc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00143360 ____A (Microsoft Corporation) C:\Windows\System32\mydocs.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\shacct.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\wmpshell.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\shsetup.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\ntlanman.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\srvcli.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00124928 ____A (Microsoft Corporation) C:\Windows\System32\wiavideo.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00124416 ____A (Microsoft Corporation) C:\Windows\System32\QSVRMGMT.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\SessEnv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\wkssvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00115200 ____A (Microsoft Corporation) C:\Windows\System32\WPDShServiceObj.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\thumbcache.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\userenv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\QUTIL.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\sppnp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\regapi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00092672 ____A (Microsoft Corporation) C:\Windows\System32\TabSvc.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00090112 ____A (Microsoft Corporation) C:\Windows\System32\nci.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\UserAccountControlSettings.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\QCLIPROV.DLL
2013-01-02 19:28 - 2010-11-20 05:27 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\spbcd.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\tlscsp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\unimdmat.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\napdsnap.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\wkscli.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\vfwwdm32.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\rdpd3d.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\samcli.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\wsnmp32.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\ncryptui.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\RpcRtRemote.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\WavDest.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\vss_ps.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00059904 ____A (Microsoft Corporation) C:\Windows\System32\umb.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\odbcconf.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\PrintIsolationProxy.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\wshbth.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\vpnikeapi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\shimgvw.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00036352 ____A (Microsoft Corporation) C:\Windows\System32\wdiasqmmodule.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\msdmo.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\seclogon.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\netutils.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\shgina.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\wsdchngr.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\sisbkup.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\schedcli.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\rdprefdrvapi.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\TRAPI.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\spopk.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\syssetup.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\nrpsrv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\wshirda.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\sscore.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\shunimpl.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\riched32.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\rdpcfgex.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2013-01-02 19:28 - 2010-11-20 05:27 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2013-01-02 19:28 - 2010-11-20 05:27 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 01457664 ____A (Microsoft Corporation) C:\Windows\System32\DxpTaskSync.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 01202176 ____A (Microsoft Corporation) C:\Windows\System32\DiagCpl.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 01087488 ____A (Microsoft Corporation) C:\Windows\System32\dbghelp.dll.old
2013-01-02 19:28 - 2010-11-20 05:26 - 01087488 ____A (Microsoft Corporation) C:\Windows\System32\dbghelp.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 01066496 ____A (Microsoft Corporation) C:\Windows\System32\Display.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 01009152 ____A (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00934912 ____A (Microsoft Corporation) C:\Windows\System32\FirewallControlPanel.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\fontext.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00701440 ____A (Microsoft Corporation) C:\Windows\System32\dsuiext.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00675328 ____A (Microsoft Corporation) C:\Windows\System32\DXPTaskRingtone.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\evr.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00584192 ____A (Microsoft Corporation) C:\Windows\System32\ipsmsnap.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00551936 ____A (Microsoft Corporation) C:\Windows\System32\localsec.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00508928 ____A (Microsoft Corporation) C:\Windows\System32\DeviceCenter.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00503296 ____A (Microsoft Corporation) C:\Windows\System32\imapi2.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00501248 ____A (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
2013-01-02 19:28 - 2010-11-20 05:26 - 00495104 ____A (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00459776 ____A (Microsoft Corporation) C:\Windows\System32\DXP.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00434688 ____A (Microsoft Corporation) C:\Windows\System32\FXSTIFF.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00403968 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\mfds.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00355328 ____A (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\eapp3hst.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00345600 ____A (Microsoft Corporation) C:\Windows\System32\MediaMetadataHandler.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\hgcpl.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\dot3ui.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00304128 ____A (Microsoft Corporation) C:\Windows\System32\efscore.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\eapphost.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00282624 ____A (Microsoft Corporation) C:\Windows\System32\iTVData.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\iprtrmgr.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\framedyn.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00252416 ____A (Microsoft Corporation) C:\Windows\System32\dot3svc.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\MFPlay.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00239616 ____A (Microsoft Corporation) C:\Windows\System32\dskquoui.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\hgprint.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00233984 ____A (Microsoft Corporation) C:\Windows\System32\defaultlocationcpl.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00232448 ____A (Microsoft Corporation) C:\Windows\System32\ListSvc.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairingFolder.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\mprapi.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\iasrad.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00211456 ____A (Microsoft Corporation) C:\Windows\System32\mprddm.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\iasrecst.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\itircl.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00186880 ____A (Microsoft Corporation) C:\Windows\System32\logoncli.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\fvecpl.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\ifsutil.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\fde.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00166912 ____A (Microsoft Corporation) C:\Windows\System32\inetpp.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\dps.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\IPHLPAPI.DLL
2013-01-02 19:28 - 2010-11-20 05:26 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\EhStorAPI.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00121344 ____A (Microsoft Corporation) C:\Windows\System32\fphc.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00118272 ____A (Microsoft Corporation) C:\Windows\System32\dnscmmc.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00116224 ____A (Windows ® Codename Longhorn DDK provider) C:\Windows\System32\fms.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\eappgnui.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\dot3msm.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\iasacct.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\mapistub.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\mapi32.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\KMSVC.DLL
2013-01-02 19:28 - 2010-11-20 05:26 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\Mcx2Svc.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\dot3api.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\hbaapi.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\fdProxy.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\fdeploy.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\dot3cfg.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\inetmib1.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\lsmproxy.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\luainstall.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\httpapi.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\FXSMON.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\mimefilt.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\mciqtz32.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\iscsium.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\dsauth.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\HotStartUserAgent.dll
2013-01-02 19:28 - 2010-11-20 05:26 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\elsTrans.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 03745792 ____A (Microsoft Corporation) C:\Windows\System32\accessibilitycpl.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 03524608 ____A (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 01264640 ____A (Microsoft Corporation) C:\Windows\System32\sdclt.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 01065984 ____A (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00840192 ____A (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00780800 ____A (Microsoft Corporation) C:\Windows\System32\ActionCenter.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00749568 ____A (Microsoft Corporation) C:\Windows\System32\batmeter.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00726528 ____A (Microsoft Corporation) C:\Windows\System32\AuxiliaryDisplayCpl.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00633856 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00577024 ____A (Microsoft Corporation) C:\Windows\System32\AdmTmpl.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00549888 ____A (Microsoft Corporation) C:\Windows\System32\ActionCenterCPL.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00533504 ____A (Microsoft Corporation) C:\Windows\System32\vds.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00504320 ____A (Microsoft Corporation) C:\Windows\System32\biocpl.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\cscui.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00472064 ____A (Microsoft Corporation) C:\Windows\System32\azroleui.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00460800 ____A (Microsoft Corporation) C:\Windows\System32\certcli.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00412160 ____A (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00405504 ____A (Microsoft Corporation) C:\Windows\System32\wisptis.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\nltest.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00349696 ____A (Microsoft Corporation) C:\Windows\System32\slui.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00314368 ____A (Microsoft Corporation) C:\Windows\System32\clusapi.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\wusa.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00306688 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00305152 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00296448 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00293888 ____A (Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\sethc.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00273920 ____A (Microsoft Corporation) C:\Windows\System32\SndVol.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\cscobj.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00238080 ____A (Microsoft Corporation) C:\Windows\System32\recdisc.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00213504 ____A (Microsoft Corporation) C:\Windows\System32\ActionQueue.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00199168 ____A (Microsoft Corporation) C:\Windows\System32\PkgMgr.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\ocsetup.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00178176 ____A (Microsoft Corporation) C:\Windows\System32\rdpinit.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\perfmon.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\bcdsrv.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\autoplay.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\net1.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\CscMig.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\AuxiliaryDisplayServices.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00128000 ____A (Microsoft) C:\Windows\System32\Robocopy.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00114688 ____A (Microsoft Corporation) C:\Windows\System32\AxInstSv.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00109568 ____A (Microsoft Corporation) C:\Windows\System32\nslookup.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\cca.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\cabinet.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\amstream.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\setupcl.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\certprop.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\tabcal.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\CertPolEng.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\rdpsign.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\takeown.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\PnPUnattend.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\tzutil.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00056832 ____A (Microsoft Corporation) C:\Windows\System32\runonce.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\acppage.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\repair-bde.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\MultiDigiMon.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00046080 ____A (Microsoft Corporation) C:\Windows\System32\cscapi.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\relog.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\proquota.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\AzSqlExt.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\userinit.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\cscdll.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\qprocess.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\bitsperf.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\tskill.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\qappsrv.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\tscon.exe

2013-01-02 19:28 - 2010-11-20 05:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\tsdiscon.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\credssp.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\shadow.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\rwinsta.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\reset.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\query.exe
2013-01-02 19:28 - 2010-11-20 05:25 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\BWUnpairElevated.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\browseui.dll
2013-01-02 19:28 - 2010-11-20 05:25 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\C_ISCII.DLL
2013-01-02 19:28 - 2010-11-20 05:24 - 00957440 ____A (Microsoft Corporation) C:\Windows\System32\mblctr.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00899584 ____A (Microsoft Corporation) C:\Windows\System32\Bubbles.scr
2013-01-02 19:28 - 2010-11-20 05:24 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\mmsys.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\System32\autoconv.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00777728 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00763904 ____A (Microsoft Corporation) C:\Windows\System32\autofmt.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00726528 ____A (Microsoft Corporation) C:\Windows\System32\appwiz.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00721408 ____A (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00689152 ____A (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00684032 ____A (Microsoft Corporation) C:\Windows\System32\TabletPC.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\dfrgui.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00497664 ____A (Microsoft Corporation) C:\Windows\System32\main.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00477696 ____A (Microsoft Corporation) C:\Windows\System32\PhotoScreensaver.scr
2013-01-02 19:28 - 2010-11-20 05:24 - 00474112 ____A (Microsoft Corporation) C:\Windows\System32\sysmon.ocx
2013-01-02 19:28 - 2010-11-20 05:24 - 00442368 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2013-01-02 19:28 - 2010-11-20 05:24 - 00378880 ____A (Microsoft Corporation) C:\Windows\System32\msinfo32.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00373248 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00363520 ____A (Microsoft Corporation) C:\Windows\System32\diskraid.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00359936 ____A (Microsoft Corporation) C:\Windows\System32\eudcedit.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00352768 ____A (Microsoft Corporation) C:\Windows\System32\sysdm.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00346112 ____A (Microsoft Corporation) C:\Windows\System32\bcdedit.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00333824 ____A (Microsoft Corporation) C:\Windows\System32\ssText3d.scr
2013-01-02 19:28 - 2010-11-20 05:24 - 00321536 ____A (Microsoft Corporation) C:\Windows\System32\unimdm.tsp
2013-01-02 19:28 - 2010-11-20 05:24 - 00300032 ____A (Microsoft Corporation) C:\Windows\System32\msconfig.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00272896 ____A (Microsoft Corporation) C:\Windows\System32\mcbuilder.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00250880 ____A (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00242688 ____A (Microsoft Corporation) C:\Windows\System32\Mystify.scr
2013-01-02 19:28 - 2010-11-20 05:24 - 00241664 ____A (Microsoft Corporation) C:\Windows\System32\Ribbons.scr
2013-01-02 19:28 - 2010-11-20 05:24 - 00232448 ____A (Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\wdmaud.drv
2013-01-02 19:28 - 2010-11-20 05:24 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\VBICodec.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\bcdboot.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\powercfg.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00166400 ____A (Microsoft Corporation) C:\Windows\System32\diskpart.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\iscsicli.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00146944 ____A (Microsoft Corporation) C:\Windows\System32\MdSched.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\Kswdmcap.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\BdeHdCfg.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\desk.cpl
2013-01-02 19:28 - 2010-11-20 05:24 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\msiexec.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\aitagent.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00104448 ____A (Microsoft Corporation) C:\Windows\System32\logman.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\kstvtune.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\mobsync.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\WSTPager.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\cmstp.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\isoburn.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\manage-bde.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\findstr.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00071168 ____A (Microsoft Corporation) C:\Windows\bfsvc.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\ksxbar.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\djoin.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\g711codc.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\ftp.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\vbisurf.ax
2013-01-02 19:28 - 2010-11-20 05:24 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\choice.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\chgport.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\chglogon.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\logoff.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\chgusr.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\FXSUNATD.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\fixmapi.exe
2013-01-02 19:28 - 2010-11-20 05:24 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\change.exe
2013-01-02 19:28 - 2010-11-20 05:16 - 12625920 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-01-02 19:28 - 2010-11-20 05:15 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2013-01-02 19:28 - 2010-11-20 05:14 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\spwizres.dll
2013-01-02 19:28 - 2010-11-20 05:13 - 00147456 ____A (Microsoft Corporation) C:\Windows\System32\RDPENCDD.dll
2013-01-02 19:28 - 2010-11-20 05:13 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\nlsbres.dll
2013-01-02 19:28 - 2010-11-20 05:12 - 00035328 ____A (Microsoft Corporation) C:\Windows\System32\pifmgr.dll
2013-01-02 19:28 - 2010-11-20 05:09 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\vmicres.dll
2013-01-02 19:28 - 2010-11-20 05:09 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\vmbusres.dll
2013-01-02 19:28 - 2010-11-20 05:09 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\vmstorfltres.dll
2013-01-02 19:28 - 2010-11-20 05:02 - 01148416 ____A (Microsoft Corporation) C:\Windows\System32\IMJP10.IME
2013-01-02 19:28 - 2010-11-20 05:02 - 00457216 ____A (Microsoft Corporation) C:\Windows\System32\imkr80.ime
2013-01-02 19:28 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDTUQ.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDTUF.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDSG.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\kbdlk41a.dll
2013-01-02 19:28 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDGKL.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDCZ1.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDSF.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDPO.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDNEPR.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDGR1.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDUS.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDUGHR1.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDTURME.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDTAJIK.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDMON.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDMAORI.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDLT1.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDBULG.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDBLR.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2013-01-02 19:28 - 2010-11-20 05:02 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\KBDGEO.DLL
2013-01-02 19:28 - 2010-11-20 04:55 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-01-02 19:28 - 2010-11-20 04:54 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\BlbEvents.dll
2013-01-02 19:28 - 2010-11-20 04:51 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2013-01-02 19:28 - 2010-11-20 04:51 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-ums-l1-1-0.dll
2013-01-02 19:28 - 2010-11-20 04:36 - 00107008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2013-01-02 19:28 - 2010-11-20 04:36 - 00046080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2013-01-02 19:28 - 2010-11-20 04:23 - 00144768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 02983424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 02311168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 02202624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 02157568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 02146304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 01712640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 01624064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 01363456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 01326592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 01227776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 01175040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 01003008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00933376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00902656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2013-01-02 19:28 - 2010-11-20 04:21 - 00782336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00778240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00755200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00739328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2013-01-02 19:28 - 2010-11-20 04:21 - 00738816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00638976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00616960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00600064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00560128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2013-01-02 19:28 - 2010-11-20 04:21 - 00507392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00473600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00464896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00458752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00444928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00436736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00428544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00416768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00411648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00410112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00406528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00380416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00372224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00363520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00352768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00352768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00352256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00350720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00346624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00335872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00328192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00327680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00318976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00318464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese30.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00307712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00301568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00299520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00276992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00246272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00242176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00228352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00222208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00198144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00194048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00186368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00182272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00181760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00175616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00160256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vdsbas.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00146944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00146432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00144384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00140800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00134656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00113664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00111104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00109568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wiavideo.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00108032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00105984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00105472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00090112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00087552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00082944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QUTIL.DLL
2013-01-02 19:28 - 2010-11-20 04:21 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00071168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00056832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfwwdm32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpd3d.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00051712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00051712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00051200 ____A (Twain Working Group) C:\Windows\twain_32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00047104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00046080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00040448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimgvw.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00020992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00019968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00019456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00017408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00014848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2013-01-02 19:28 - 2010-11-20 04:21 - 00004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2013-01-02 19:28 - 2010-11-20 04:21 - 00004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 02504192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2013-01-02 19:28 - 2010-11-20 04:20 - 02494464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 02130944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 01750528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 01661440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 01644032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 01508864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 01111552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\onexui.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00988160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00932352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00859648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00801280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00656384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00600576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00547840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00395264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00346112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00324608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00297472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00295424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00283136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00236544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00225792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00218112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00190976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00183296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00175616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00174592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00171520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2013-01-02 19:28 - 2010-11-20 04:20 - 00167936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2013-01-02 19:28 - 2010-11-20 04:20 - 00166400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00165376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00136192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mydocs.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00121344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00120320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00116736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00099328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2013-01-02 19:28 - 2010-11-20 04:20 - 00090112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00077824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QCLIPROV.DLL
2013-01-02 19:28 - 2010-11-20 04:20 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00068096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\napdsnap.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00060928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00040960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00022528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netutils.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00017408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2013-01-02 19:28 - 2010-11-20 04:20 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 02151936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00856576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00830464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2013-01-02 19:28 - 2010-11-20 04:19 - 00828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00732160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00592384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00584192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00504320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00488448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00481792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00429056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00400896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00392192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00341504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00320512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00320512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00312832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00301568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00296448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00271360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00266752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00265216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00257024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00232448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00226304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2013-01-02 19:28 - 2010-11-20 04:19 - 00219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iTVData.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00216576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-01-02 19:28 - 2010-11-20 04:19 - 00213504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00206336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00202752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00176128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00176128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00167936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00148992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00127488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00124416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00120320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2013-01-02 19:28 - 2010-11-20 04:19 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00093696 ____A (Windows ® Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00084480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00082944 ____A (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00052736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00050176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00042496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\luainstall.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz32.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00030720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdmo.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00022528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-01-02 19:28 - 2010-11-20 04:19 - 00013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 03727872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 01555456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 01400320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 01040384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 01003520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00854016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00762880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00744448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00743424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00685056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00665600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00630784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00537600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00530432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00508416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00484864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00438272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00402944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00339968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00333824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00323072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00257024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00254464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00252928 ____A (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00243712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00242176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00230912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00222208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00220672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00211456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingFolder.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00210432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00205312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00202752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00195584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00168960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00146944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00128512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00115200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00094208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00091648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cabinet.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\amstream.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00045568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00030208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dsauth.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00028160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AzSqlExt.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00022528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00019456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bitsperf.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00017408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2013-01-02 19:28 - 2010-11-20 04:18 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
2013-01-02 19:28 - 2010-11-20 04:18 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2013-01-02 19:28 - 2010-11-20 04:17 - 00586752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00327680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wimserv.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00303104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00280064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00278016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00276480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00227328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00220672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00197632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00157184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00144896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00142336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00133632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00113152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00101376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00098816 ____A (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00095232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00084992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00082944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00062976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00047616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00042496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00037888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00026624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00024064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2013-01-02 19:28 - 2010-11-20 04:17 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-01-02 19:28 - 2010-11-20 04:16 - 00905216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00878592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2013-01-02 19:28 - 2010-11-20 04:16 - 00776192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2013-01-02 19:28 - 2010-11-20 04:16 - 00692736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00679424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2013-01-02 19:28 - 2010-11-20 04:16 - 00668160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-01-02 19:28 - 2010-11-20 04:16 - 00658944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2013-01-02 19:28 - 2010-11-20 04:16 - 00649216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00516096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00413696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2013-01-02 19:28 - 2010-11-20 04:16 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-01-02 19:28 - 2010-11-20 04:16 - 00345088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00326656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00320000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2013-01-02 19:28 - 2010-11-20 04:16 - 00293888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2013-01-02 19:28 - 2010-11-20 04:16 - 00281088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2013-01-02 19:28 - 2010-11-20 04:16 - 00221184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2013-01-02 19:28 - 2010-11-20 04:16 - 00220672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2013-01-02 19:28 - 2010-11-20 04:16 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2013-01-02 19:28 - 2010-11-20 04:16 - 00186368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2013-01-02 19:28 - 2010-11-20 04:16 - 00172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2013-01-02 19:28 - 2010-11-20 04:16 - 00153600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2013-01-02 19:28 - 2010-11-20 04:16 - 00142336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00128000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\desk.cpl
2013-01-02 19:28 - 2010-11-20 04:16 - 00107008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2013-01-02 19:28 - 2010-11-20 04:16 - 00084480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2013-01-02 19:28 - 2010-11-20 04:16 - 00068608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSTPager.ax
2013-01-02 19:28 - 2010-11-20 04:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2013-01-02 19:28 - 2010-11-20 04:16 - 00045568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
2013-01-02 19:28 - 2010-11-20 04:16 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbisurf.ax
2013-01-02 19:28 - 2010-11-20 04:08 - 12625408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-01-02 19:28 - 2010-11-20 04:08 - 00663040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-01-02 19:28 - 2010-11-20 04:08 - 00311296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-01-02 19:28 - 2010-11-20 04:08 - 00119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2013-01-02 19:28 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDSG.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kbdlk41a.dll
2013-01-02 19:28 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDGR1.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDGKL.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDPO.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDNEPR.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDUS.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDUGHR1.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTURME.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAJIK.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDMON.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDMAORI.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDGEO.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDBULG.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDBLR.DLL
2013-01-02 19:28 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2013-01-02 19:28 - 2010-11-20 04:07 - 01164800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2013-01-02 19:28 - 2010-11-20 04:07 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwizres.dll
2013-01-02 19:28 - 2010-11-20 04:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2013-01-02 19:28 - 2010-11-20 04:05 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pifmgr.dll
2013-01-02 19:28 - 2010-11-20 04:00 - 01027584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2013-01-02 19:28 - 2010-11-20 04:00 - 00430080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2013-01-02 19:28 - 2010-11-20 03:37 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2013-01-02 19:28 - 2010-11-20 03:06 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2013-01-02 19:28 - 2010-11-20 03:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-01-02 19:28 - 2010-11-20 02:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2013-01-02 19:28 - 2010-11-20 02:52 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2013-01-02 19:28 - 2010-11-20 02:52 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2013-01-02 19:28 - 2010-11-20 02:52 - 00111104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2013-01-02 19:28 - 2010-11-20 02:52 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-01-02 19:28 - 2010-11-20 02:52 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2013-01-02 19:28 - 2010-11-20 02:52 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-01-02 19:28 - 2010-11-20 02:51 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2013-01-02 19:28 - 2010-11-20 02:50 - 00056832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2013-01-02 19:28 - 2010-11-20 02:49 - 00146432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2013-01-02 19:28 - 2010-11-20 02:44 - 00350208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2013-01-02 19:28 - 2010-11-20 02:44 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2013-01-02 19:28 - 2010-11-20 02:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2013-01-02 19:28 - 2010-11-20 02:44 - 00032896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2013-01-02 19:28 - 2010-11-20 02:43 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2013-01-02 19:28 - 2010-11-20 02:43 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-01-02 19:28 - 2010-11-20 02:43 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-01-02 19:28 - 2010-11-20 02:34 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2013-01-02 19:28 - 2010-11-20 02:33 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-01-02 19:28 - 2010-11-20 02:33 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2013-01-02 19:28 - 2010-11-20 02:33 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2013-01-02 19:28 - 2010-11-20 02:14 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2013-01-02 19:28 - 2010-11-20 02:09 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2013-01-02 19:28 - 2010-11-20 02:04 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2013-01-02 19:28 - 2010-11-20 01:58 - 00244224 ____A (Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
2013-01-02 19:28 - 2010-11-20 01:57 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\VmbusCoinstaller.dll
2013-01-02 19:28 - 2010-11-20 01:57 - 00129024 ____A (Microsoft Corporation) C:\Windows\System32\VmdCoinstall.dll
2013-01-02 19:28 - 2010-11-20 01:57 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\IcCoinstall.dll
2013-01-02 19:28 - 2010-11-20 01:57 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\vmictimeprovider.dll
2013-01-02 19:28 - 2010-11-20 01:57 - 00021760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys
2013-01-02 19:28 - 2010-11-20 01:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\vmbuspipe.dll
2013-01-02 19:28 - 2010-11-20 01:57 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys
2013-01-02 19:28 - 2010-11-20 01:49 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-01-02 19:28 - 2010-11-20 01:30 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2013-01-02 19:28 - 2010-11-20 01:27 - 00309248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-01-02 19:28 - 2010-11-20 01:26 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2013-01-02 19:28 - 2010-11-20 01:26 - 00140800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-01-02 19:28 - 2010-11-20 01:26 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2013-01-02 19:28 - 2010-11-20 01:22 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2013-01-02 19:28 - 2010-11-20 01:19 - 00147456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2013-01-02 19:28 - 2010-11-09 17:48 - 00010429 ____A C:\Windows\System32\ScavengeSpace.xml
2013-01-02 19:28 - 2010-11-04 18:20 - 00105559 ____A C:\Windows\SysWOW64\RacRules.xml
2013-01-02 19:28 - 2010-11-04 18:20 - 00105559 ____A C:\Windows\System32\RacRules.xml
2013-01-02 19:28 - 2010-11-04 18:11 - 00433512 ____A (Microsoft Corporation) C:\Windows\System32\MCEWMDRMNDBootstrap.dll
2013-01-02 19:28 - 2010-11-04 18:11 - 00312168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2013-01-02 19:28 - 2010-11-04 17:58 - 00155472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2013-01-02 19:28 - 2010-11-04 17:58 - 00080720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2013-01-02 19:28 - 2010-11-04 17:58 - 00049488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-01-02 19:28 - 2010-11-04 17:57 - 00154960 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2013-01-02 19:27 - 2010-11-20 05:26 - 00399872 ____A (Microsoft Corporation) C:\Windows\System32\dpx.dll
2013-01-02 19:27 - 2010-11-20 04:21 - 00363008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2013-01-02 19:27 - 2010-11-20 04:21 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2013-01-02 19:27 - 2010-11-20 04:21 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2013-01-02 19:27 - 2009-06-10 13:40 - 00146389 ____A C:\Windows\SysWOW64\printmanagement.msc
2013-01-02 19:27 - 2009-06-10 13:39 - 00001041 ____A C:\Windows\SysWOW64\tcpbidi.xml
2013-01-02 19:26 - 2010-11-20 05:27 - 00529408 ____A (Microsoft Corporation) C:\Windows\System32\wbemcomn.dll
2013-01-02 19:26 - 2010-11-20 05:27 - 00244736 ____A (Microsoft Corporation) C:\Windows\System32\sqmapi.dll
2013-01-02 19:13 - 2011-03-24 19:29 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-01-02 19:13 - 2011-03-24 19:29 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-01-02 19:13 - 2011-03-24 19:29 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-01-02 19:13 - 2011-03-24 19:29 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-01-02 19:13 - 2011-03-24 19:29 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-01-02 19:13 - 2011-03-24 19:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-01-02 19:13 - 2011-03-24 19:28 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-01-02 19:13 - 2011-03-10 22:41 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2013-01-02 19:13 - 2011-03-10 22:41 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-01-02 19:13 - 2011-03-10 22:41 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2013-01-02 19:13 - 2011-03-10 22:41 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2013-01-02 19:13 - 2011-03-10 22:41 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2013-01-02 19:13 - 2011-03-10 22:41 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2013-01-02 19:13 - 2011-03-10 22:33 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-01-02 19:13 - 2011-03-10 22:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2013-01-02 19:13 - 2011-03-10 21:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-01-02 19:13 - 2011-03-10 21:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2013-01-02 19:13 - 2011-03-10 20:37 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2013-01-02 19:10 - 2013-01-02 19:10 - 00000376 ____A C:\Windows\ODBC.INI
2013-01-02 19:09 - 2013-01-02 19:09 - 00000000 ____D C:\Windows\PCHEALTH
2013-01-02 19:09 - 2013-01-02 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-01-02 19:09 - 2013-01-02 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-01-02 18:40 - 2013-01-02 18:40 - 00000174 ___SH C:\Users\Public\desktop.ini
2013-01-02 17:57 - 2013-01-18 14:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-02 17:57 - 2013-01-10 11:30 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Adobe
2013-01-02 17:57 - 2013-01-09 00:50 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-02 17:57 - 2013-01-09 00:50 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-02 17:57 - 2013-01-02 17:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-01-02 17:57 - 2013-01-02 17:57 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Macromedia
2013-01-02 17:56 - 2013-01-02 17:56 - 00000000 ____D C:\Windows\System32\Macromed
2013-01-02 17:49 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-01-02 17:49 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-01-02 17:49 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-01-02 17:49 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-01-02 17:43 - 2013-01-12 04:39 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Skype
2013-01-02 17:43 - 2013-01-02 17:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-02 17:43 - 2013-01-02 17:43 - 00000000 ____D C:\Users\All Users\Skype
2013-01-02 17:37 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-02 17:37 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-01-02 17:37 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-01-02 17:37 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-01-02 17:37 - 2010-09-30 02:41 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-01-02 17:37 - 2010-09-29 22:47 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-01-02 17:36 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-01-02 17:36 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-01-02 17:36 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-01-02 17:36 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-01-02 17:36 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-01-02 17:36 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-01-02 17:36 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-01-02 17:36 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-01-02 17:34 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2013-01-02 17:34 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-01-02 17:34 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2013-01-02 17:34 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-01-02 17:34 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-01-02 17:31 - 2011-02-19 04:05 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-01-02 17:31 - 2011-02-19 04:04 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-01-02 17:31 - 2011-02-18 22:30 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-01-02 17:20 - 2013-01-02 17:20 - 00001219 ____A C:\Users\UpdatusUser\Desktop\StreamArmor.lnk
2013-01-02 17:20 - 2013-01-02 17:20 - 00001219 ____A C:\Users\$welbot\Desktop\StreamArmor.lnk
2013-01-02 17:16 - 2013-01-15 08:10 - 00000000 ____D C:\Program Files (x86)\SecurityXploded
2013-01-02 17:16 - 2013-01-02 17:16 - 00001243 ____A C:\Users\UpdatusUser\Desktop\SpyDLLRemover.lnk
2013-01-02 17:16 - 2013-01-02 17:16 - 00001243 ____A C:\Users\$welbot\Desktop\SpyDLLRemover.lnk
2013-01-02 16:50 - 2013-01-17 02:09 - 00000000 ____D C:\Windows\Panther
2013-01-02 16:05 - 2013-01-15 05:58 - 00002251 ____A C:\Users\$welbot\Desktop\Google Chrome.lnk
2013-01-02 16:04 - 2013-01-18 15:19 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-02 16:04 - 2013-01-18 14:09 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-02 16:04 - 2013-01-02 16:05 - 00000000 ____D C:\Users\$welbot\AppData\Local\Google
2013-01-02 16:04 - 2013-01-02 16:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-01-02 16:04 - 2013-01-02 16:04 - 00000000 ____D C:\Users\$welbot\AppData\Local\Deployment
2013-01-02 16:04 - 2013-01-02 16:04 - 00000000 ____D C:\Users\$welbot\AppData\Local\Apps\2.0
2013-01-02 15:55 - 2013-01-09 07:40 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-02 09:17 - 2013-01-15 14:27 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-01-02 08:16 - 2010-12-01 02:34 - 00009095 ____A C:\Users\$welbot\Desktop\xmas TAY.txt
2013-01-02 04:23 - 2013-01-02 04:23 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-01-02 04:22 - 2013-01-18 15:23 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-02 04:22 - 2013-01-02 04:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-01-02 04:21 - 2012-12-29 00:40 - 06382008 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-01-02 04:21 - 2012-12-29 00:40 - 03455416 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-01-02 04:21 - 2012-12-29 00:40 - 02923201 ____A C:\Windows\System32\nvcoproc.bin
2013-01-02 04:21 - 2012-12-29 00:40 - 00884152 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-01-02 04:21 - 2012-12-29 00:40 - 00118712 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-01-02 04:21 - 2012-12-29 00:40 - 00063928 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-01-02 04:21 - 2012-12-03 07:47 - 00060776 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2013-01-02 04:21 - 2012-12-03 07:47 - 00052584 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-01-02 04:21 - 2012-11-30 21:49 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-01-02 04:20 - 2013-01-02 04:20 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2013-01-02 04:20 - 2010-12-01 02:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-01-02 04:19 - 2013-01-02 04:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-01-02 04:19 - 2012-12-29 02:34 - 15052368 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-01-02 04:19 - 2012-12-29 02:34 - 02824656 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-01-02 04:19 - 2012-12-29 02:34 - 01813432 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2013-01-02 04:19 - 2012-12-29 02:34 - 01504696 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2013-01-02 04:19 - 2012-12-29 02:34 - 01107592 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-01-02 04:19 - 2012-07-03 07:25 - 00189288 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-01-02 04:19 - 2012-07-03 07:25 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-01-02 04:19 - 2012-07-02 23:37 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2013-01-02 04:18 - 2013-01-02 04:18 - 00000000 ____D C:\NVIDIA
2013-01-02 04:13 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-01-02 04:13 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-01-02 04:13 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-01-02 04:13 - 2011-06-15 21:49 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2013-01-02 04:13 - 2011-06-15 20:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2013-01-02 04:13 - 2011-06-15 02:02 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2013-01-02 04:13 - 2011-06-15 02:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2013-01-02 04:13 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2013-01-02 04:13 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2013-01-02 04:13 - 2011-06-15 00:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2013-01-02 04:13 - 2011-06-15 00:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2013-01-02 04:13 - 2011-06-15 00:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2013-01-02 04:13 - 2011-06-15 00:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2013-01-02 04:13 - 2011-06-15 00:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2013-01-02 04:12 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-01-02 04:12 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-01-02 04:12 - 2011-04-08 22:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-01-02 04:12 - 2011-04-08 21:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-01-02 04:12 - 2011-02-24 22:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2013-01-02 04:12 - 2011-02-24 21:30 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-01-02 04:12 - 2010-12-23 02:42 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2013-01-02 04:12 - 2010-12-23 02:42 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2013-01-02 04:12 - 2010-12-23 02:36 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2013-01-02 04:12 - 2010-12-22 21:54 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2013-01-02 04:12 - 2010-12-22 21:54 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2013-01-02 04:12 - 2010-12-22 21:50 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2013-01-02 04:11 - 2012-01-04 02:44 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2013-01-02 04:11 - 2012-01-04 00:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-01-02 04:11 - 2011-10-25 21:25 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-01-02 04:11 - 2011-10-25 20:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2013-01-02 04:11 - 2011-07-08 18:46 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2013-01-02 04:11 - 2011-05-03 21:25 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-01-02 04:11 - 2011-05-03 21:22 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-01-02 04:11 - 2011-05-03 21:22 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-01-02 04:11 - 2011-05-03 21:22 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-01-02 04:11 - 2011-05-03 21:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2013-01-02 04:11 - 2011-05-03 21:22 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-01-02 04:11 - 2011-05-03 21:19 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-01-02 04:11 - 2011-05-03 21:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-01-02 04:11 - 2011-05-03 21:19 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-01-02 04:11 - 2011-05-03 20:34 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-01-02 04:11 - 2011-05-03 20:32 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-01-02 04:11 - 2011-05-03 20:32 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-01-02 04:11 - 2011-05-03 20:32 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-01-02 04:11 - 2011-05-03 20:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-01-02 04:11 - 2011-05-03 20:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-01-02 04:11 - 2011-05-03 20:28 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-01-02 04:11 - 2011-05-03 20:28 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-01-02 04:11 - 2011-05-03 20:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-01-02 04:11 - 2011-04-26 18:40 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-01-02 04:11 - 2011-04-26 18:39 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-01-02 04:10 - 2011-11-16 22:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2013-01-02 04:10 - 2011-11-16 21:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-01-02 04:10 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-01-02 04:10 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-01-02 04:09 - 2011-12-29 22:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2013-01-02 04:09 - 2011-12-29 21:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-01-02 04:09 - 2011-10-25 21:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-01-02 04:09 - 2011-02-23 22:15 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-01-02 04:09 - 2011-02-23 21:38 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-01-02 04:08 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-01-02 04:08 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-01-02 04:08 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-01-02 04:08 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-01-02 04:08 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-01-02 04:08 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-01-02 04:08 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-01-02 04:08 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-01-02 04:08 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2013-01-02 04:08 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2013-01-02 04:08 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2013-01-02 04:08 - 2011-11-16 22:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-01-02 04:08 - 2011-11-16 22:35 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-01-02 04:08 - 2011-11-16 22:35 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-01-02 04:08 - 2011-11-16 22:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-01-02 04:08 - 2011-04-22 14:15 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2013-01-02 04:08 - 2011-03-12 04:08 - 01465344 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-01-02 04:08 - 2011-03-12 03:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-01-02 04:08 - 2011-03-10 22:34 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2013-01-02 04:08 - 2011-03-10 22:34 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2013-01-02 04:08 - 2011-03-10 21:33 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2013-01-02 04:08 - 2011-03-10 21:33 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2013-01-02 04:07 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-01-02 04:07 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-01-02 04:07 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-01-02 04:07 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-01-02 04:07 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2013-01-02 04:07 - 2011-04-28 19:06 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2013-01-02 04:07 - 2011-04-28 19:05 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-01-02 04:07 - 2011-04-28 19:05 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-01-02 04:07 - 2011-03-02 22:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2013-01-02 04:07 - 2011-03-02 22:24 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2013-01-02 04:07 - 2011-03-02 22:21 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe.bak
2013-01-02 04:07 - 2011-03-02 21:38 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2013-01-02 04:07 - 2011-03-02 21:36 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2013-01-02 04:07 - 2011-01-17 03:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-01-02 04:07 - 2011-01-16 21:47 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-01-02 04:07 - 2010-11-20 05:27 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\profprov.dll
2013-01-02 04:07 - 2010-11-20 05:26 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-01-02 04:07 - 2010-11-20 04:58 - 00003072 ____A (Microsoft Corporation) C:\Windows\System32\dpnaddr.dll
2013-01-02 04:07 - 2010-11-20 04:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-01-02 04:07 - 2010-11-20 03:57 - 00002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-01-02 04:06 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-01-02 04:06 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-01-02 04:06 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-01-02 04:06 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-01-02 04:06 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-01-02 04:06 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2013-01-02 04:06 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-01-02 04:06 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-01-02 04:06 - 2011-12-27 19:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-01-02 04:06 - 2011-08-16 21:26 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2013-01-02 04:06 - 2011-08-16 21:25 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2013-01-02 04:06 - 2011-08-16 20:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2013-01-02 04:06 - 2011-08-16 20:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2013-01-02 04:06 - 2011-02-05 09:10 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-01-02 04:06 - 2011-02-05 09:10 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2013-01-02 04:06 - 2011-02-05 09:10 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2013-01-02 04:06 - 2011-02-05 09:10 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2013-01-02 04:06 - 2011-02-05 09:06 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-01-02 04:06 - 2011-02-05 09:06 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-01-02 04:06 - 2011-02-05 09:06 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-01-02 04:06 - 2010-11-20 05:27 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2013-01-02 04:06 - 2010-11-20 05:24 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2013-01-02 04:06 - 2010-11-20 05:24 - 00104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2013-01-02 04:06 - 2010-11-20 05:24 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2013-01-02 04:06 - 2010-11-20 04:16 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2013-01-02 04:06 - 2010-11-20 04:16 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2013-01-02 04:06 - 2010-11-20 04:16 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2013-01-02 04:05 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-01-02 04:05 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-01-02 04:05 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-01-02 04:05 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-01-02 04:05 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-01-02 04:05 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-01-02 04:05 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-01-02 04:05 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-01-02 04:05 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-01-02 04:05 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-01-02 04:05 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-01-02 04:05 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2013-01-02 04:05 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-01-02 04:05 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2013-01-02 04:05 - 2011-05-24 03:42 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2013-01-02 04:05 - 2011-05-24 02:40 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2013-01-02 04:05 - 2011-05-24 02:40 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2013-01-02 04:05 - 2011-05-24 02:39 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2013-01-02 04:05 - 2011-05-24 02:37 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-01-02 04:05 - 2011-02-22 20:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-01-02 04:05 - 2011-02-18 02:51 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2013-01-02 04:05 - 2011-02-17 21:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-01-02 04:05 - 2011-02-12 03:34 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2013-01-02 04:05 - 2010-11-20 05:25 - 00974336 ____A (Microsoft Corporation) C:\Windows\System32\WFS.exe
2013-01-02 04:05 - 2010-11-20 05:25 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2013-01-02 04:05 - 2010-11-20 05:25 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\cfgmgr32.dll
2013-01-02 04:04 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-01-02 04:04 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-01-02 04:04 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-01-02 04:04 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-01-02 04:04 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-01-02 04:04 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-01-02 04:04 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-01-02 04:04 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-01-02 04:04 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-01-02 04:04 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-01-02 04:04 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-01-02 04:04 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-01-02 04:04 - 2011-05-02 21:29 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2013-01-02 04:04 - 2011-05-02 20:30 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2013-01-02 04:03 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2013-01-02 04:03 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-01-02 03:14 - 2013-01-18 15:23 - 00000177 ____H C:\dvmexp.idx
2013-01-02 03:12 - 2013-01-18 14:30 - 00000000 ___HD C:\dvmexp
2013-01-02 03:12 - 2013-01-02 03:12 - 00002114 ____A C:\Users\Public\Desktop\Express Gate Updater.lnk
2013-01-02 03:12 - 2013-01-02 03:12 - 00000000 ____D C:\Program Files (x86)\Express Gate
2013-01-02 03:12 - 2013-01-02 03:12 - 00000000 ____D C:\ASUS.SYS
2013-01-02 03:09 - 2013-01-14 00:46 - 00000000 ____D C:\Program Files (x86)\Marvell
2013-01-02 03:04 - 2013-01-02 03:04 - 00000000 ____D C:\Windows\AsusInstAll
2013-01-02 03:02 - 2013-01-02 03:02 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00133632 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00110592 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00000000 ____D C:\Program Files (x86)\Creative
2013-01-02 03:02 - 2008-09-16 21:11 - 01828352 ____A (Creative) C:\Windows\System32\adi_oal.dll
2013-01-02 03:02 - 2008-09-16 21:07 - 01503232 ____N (Creative) C:\Windows\SysWOW64\adi_oal.dll
2013-01-02 03:01 - 2013-01-02 03:01 - 00000000 ____D C:\Users\All Users\SonicFocus
2013-01-02 03:01 - 2013-01-02 03:01 - 00000000 ____D C:\Program Files (x86)\Analog Devices
2013-01-02 03:01 - 2009-06-05 01:42 - 00475136 ____A (Analog Devices, Inc.) C:\Windows\System32\Drivers\ADIHdAud.sys
2013-01-02 03:01 - 2009-06-05 01:42 - 00428544 ____A (Andrea Electronics Corporation) C:\Windows\System32\AEADIExt.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00174592 ____A (Sonic Focus, Inc.) C:\Windows\System32\SFProc64.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00163840 ____A (Sonic Focus, Inc.) C:\Windows\System32\SFCTPL64.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00161280 ____A (Andrea Electronics Corporation) C:\Windows\System32\AEADIAPO.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00122880 ____A (Sonic Focus, Inc.) C:\Windows\System32\SFFXCPStr.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00111616 ____A (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
2013-01-02 03:01 - 2009-06-05 01:42 - 00078848 ____A (Sonic Focus, Inc.) C:\Windows\System32\SFSAPO64.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00078336 ____A (Sonic Focus, Inc.) C:\Windows\System32\SFHAPO64.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00069120 ____A (Sonic Focus, Inc.) C:\Windows\System32\SFComm64.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00059392 ____A (Sonic Focus, Inc.) C:\Windows\System32\SFMAPO64.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00056320 ____A (Andrea Electronics Corporation) C:\Windows\System32\AEADIAPR.dll
2013-01-02 03:01 - 2009-06-05 01:42 - 00041472 ____A (Analog Devices, Inc.) C:\Windows\System32\SmaxCo.dll
2013-01-02 03:01 - 2009-04-21 15:53 - 00062464 ____A (Sonic Focus, Inc.) C:\Windows\SysWOW64\SFFXComm.dll
2013-01-02 03:00 - 2013-01-10 02:03 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-01-02 03:00 - 2013-01-02 03:00 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\InstallShield
2013-01-02 03:00 - 2009-06-04 00:54 - 00408600 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2013-01-02 02:59 - 2013-01-18 14:30 - 00000000 ____D C:\Program Files (x86)\Intel
2013-01-02 02:59 - 2013-01-02 03:14 - 00037289 ____A C:\Windows\Ascd_log.ini
2013-01-02 02:59 - 2013-01-02 02:59 - 00000000 ____D C:\Intel
2013-01-02 02:59 - 2009-06-15 20:05 - 00053248 ___RA (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-01-02 02:58 - 2013-01-02 02:58 - 00026388 ____A C:\Windows\Ascd_tmp.ini
2013-01-02 01:49 - 2013-01-02 01:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-02 01:49 - 2013-01-02 01:49 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Malwarebytes
2013-01-02 01:43 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2013-01-02 01:43 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2013-01-02 01:36 - 2012-05-30 17:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-01-02 01:31 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-01-02 01:31 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-01-02 01:31 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-01-02 01:30 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-01-02 01:30 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-01-02 01:30 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-01-02 01:30 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-01-02 01:29 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-01-02 01:29 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-01-02 01:29 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-01-02 01:29 - 2012-06-01 21:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-01-02 01:29 - 2012-06-01 21:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-01-01 22:59 - 2013-01-18 15:21 - 02024833 ____A C:\Windows\WindowsUpdate.log
2013-01-01 22:59 - 2013-01-17 20:32 - 00000000 ____D C:\users\$welbot
2013-01-01 22:59 - 2013-01-01 22:59 - 00000020 ___SH C:\Users\$welbot\ntuser.ini
2013-01-01 22:59 - 2013-01-01 22:59 - 00000000 ____D C:\Recovery
2013-01-01 22:59 - 2010-12-01 03:08 - 00000000 ____D C:\Users\$welbot\AppData\Local\VirtualStore
2013-01-01 21:52 - 2013-01-01 21:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-12-28 08:54 - 2012-12-28 08:54 - 00550328 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

==================== One Month Modified Files and Folders =======

2013-01-18 15:23 - 2013-01-17 02:22 - 00000504 ____A C:\Windows\setupact.log
2013-01-18 15:23 - 2013-01-02 04:22 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-18 15:23 - 2013-01-02 03:14 - 00000177 ____H C:\dvmexp.idx
2013-01-18 15:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-18 15:21 - 2013-01-01 22:59 - 02024833 ____A C:\Windows\WindowsUpdate.log
2013-01-18 15:21 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-18 15:21 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-18 15:19 - 2013-01-02 16:04 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-18 15:11 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-18 15:09 - 2013-01-18 15:09 - 00000000 ____D C:\FRST
2013-01-18 14:58 - 2013-01-18 14:58 - 01464233 ____A (Farbar) C:\Users\$welbot\Desktop\FRST64.exe
2013-01-18 14:50 - 2013-01-02 17:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-18 14:30 - 2013-01-14 17:20 - 00000000 ____D C:\Users\$welbot\Desktop\RK_Quarantine
2013-01-18 14:30 - 2013-01-12 13:04 - 00000000 ____D C:\Windows\erdnt
2013-01-18 14:30 - 2013-01-12 09:28 - 00000000 ____D C:\marsscan
2013-01-18 14:30 - 2013-01-12 06:37 - 00000000 ____D C:\Qoobox
2013-01-18 14:30 - 2013-01-02 03:12 - 00000000 ___HD C:\dvmexp
2013-01-18 14:30 - 2013-01-02 02:59 - 00000000 ____D C:\Program Files (x86)\Intel
2013-01-18 14:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-18 14:09 - 2013-01-02 16:04 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-18 01:54 - 2013-01-18 01:54 - 00688992 ____A (Swearware) C:\Users\$welbot\Desktop\dds.scr
2013-01-18 01:46 - 2013-01-18 01:46 - 00121336 ____A C:\Users\$welbot\Desktop\OTL.Txt
2013-01-18 01:40 - 2013-01-17 02:22 - 00004024 ____A C:\Windows\PFRO.log
2013-01-17 22:10 - 2013-01-17 22:09 - 00000000 ____D C:\Users\$welbot\Desktop\agl
2013-01-17 21:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-17 20:32 - 2013-01-01 22:59 - 00000000 ____D C:\users\$welbot
2013-01-17 16:51 - 2013-01-17 16:51 - 00733296 ____A (Webroot) C:\Users\$welbot\Desktop\wsainstall.exe
2013-01-17 15:02 - 2013-01-17 05:01 - 00000000 ____D C:\vba32
2013-01-17 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-01-17 05:22 - 2013-01-17 05:22 - 00066400 ____A C:\Users\$welbot\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-17 05:21 - 2013-01-17 05:21 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\arix1x6e.sys
2013-01-17 05:06 - 2013-01-17 02:55 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-17 05:05 - 2013-01-17 05:05 - 00000000 ____D C:\Users\$welbot\AppData\Local\Avg2013
2013-01-17 03:41 - 2013-01-17 03:28 - 138450944 ____A C:\Users\$welbot\Downloads\vbarescue.iso
2013-01-17 03:01 - 2013-01-17 03:01 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\TuneUp Software
2013-01-17 02:55 - 2013-01-17 02:55 - 00000000 ____D C:\Users\$welbot\AppData\Local\MFAData
2013-01-17 02:29 - 2009-07-13 18:34 - 00000164 ____A C:\Windows\system.ini
2013-01-17 02:24 - 2013-01-12 09:12 - 05023728 ___RA (Swearware) C:\Users\$welbot\Desktop\rainbow_brite.exe
2013-01-17 02:22 - 2013-01-17 02:22 - 00300352 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-17 02:22 - 2013-01-17 02:22 - 00000000 ____A C:\Windows\setuperr.log
2013-01-17 02:13 - 2013-01-17 02:13 - 00032584 ____A C:\Users\$welbot\Documents\cc_20130117_201324.reg
2013-01-17 02:09 - 2013-01-11 19:17 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Azureus
2013-01-17 02:09 - 2013-01-02 16:50 - 00000000 ____D C:\Windows\Panther
2013-01-17 02:06 - 2013-01-17 02:06 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-01-17 02:06 - 2013-01-17 02:06 - 00000000 ____D C:\Program Files\CCleaner
2013-01-16 05:29 - 2013-01-15 14:05 - 00028305 ____A C:\Users\$welbot\Desktop\blah.txt
2013-01-16 04:12 - 2013-01-14 15:43 - 00028313 ____A C:\Users\$welbot\Desktop\54646742.txt
2013-01-15 17:19 - 2013-01-15 17:19 - 00000000 ___AH C:\Users\$welbot\Documents\Default.rdp
2013-01-15 14:27 - 2013-01-02 09:17 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-01-15 14:01 - 2013-01-14 19:10 - 00057137 ____A C:\Users\$welbot\Desktop\Result.txt
2013-01-15 08:10 - 2013-01-15 08:10 - 00001327 ____A C:\Users\UpdatusUser\Desktop\DownloadHashVerifier.lnk
2013-01-15 08:10 - 2013-01-15 08:10 - 00001327 ____A C:\Users\$welbot\Desktop\DownloadHashVerifier.lnk
2013-01-15 08:10 - 2013-01-02 17:16 - 00000000 ____D C:\Program Files (x86)\SecurityXploded
2013-01-15 08:03 - 2013-01-15 08:03 - 00001081 ____A C:\Users\UpdatusUser\Desktop\SXSystemSuite.lnk
2013-01-15 08:03 - 2013-01-15 08:03 - 00001081 ____A C:\Users\$welbot\Desktop\SXSystemSuite.lnk
2013-01-15 07:50 - 2013-01-14 22:12 - 00003512 ____A C:\Users\$welbot\Desktop\unhide.txt
2013-01-15 06:01 - 2013-01-12 08:57 - 05022206 ____R (Swearware) C:\Users\$welbot\Desktop\combi.exe
2013-01-15 05:58 - 2013-01-02 16:05 - 00002251 ____A C:\Users\$welbot\Desktop\Google Chrome.lnk
2013-01-15 02:29 - 2013-01-15 02:29 - 00001795 ____A C:\Users\UpdatusUser\Desktop\MagicISO.lnk
2013-01-15 02:29 - 2013-01-15 02:29 - 00001795 ____A C:\Users\$welbot\Desktop\MagicISO.lnk
2013-01-15 02:29 - 2013-01-15 02:29 - 00000000 ____D C:\Program Files (x86)\MagicISO
2013-01-15 01:15 - 2013-01-15 01:15 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2013-01-15 00:26 - 2013-01-13 15:42 - 00001515 ____A C:\Users\$welbot\Desktop\broscos.txt
2013-01-15 00:13 - 2013-01-15 00:13 - 00001157 ____A C:\Users\Public\Desktop\Re-Enable v2.exe.lnk
2013-01-15 00:13 - 2013-01-15 00:13 - 00000000 ____D C:\Program Files (x86)\Tangosoft
2013-01-14 23:25 - 2013-01-14 23:25 - 00036768 ____A C:\Windows\System32\Drivers\ERKRmvrDrv.sys
2013-01-14 22:58 - 2013-01-14 22:58 - 00007439 ____A C:\Users\$welbot\Desktop\hijackthis.log
2013-01-14 22:51 - 2013-01-14 22:48 - 52243384 ____A C:\Users\$welbot\Desktop\aswar.log
2013-01-14 22:27 - 2013-01-14 22:26 - 00003989 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
2013-01-14 21:44 - 2013-01-14 22:28 - 00864120 ____A (ALWIL Software) C:\Users\$welbot\Desktop\aswar.exe
2013-01-14 21:41 - 2013-01-14 21:40 - 05562563 ____A C:\Users\$welbot\Desktop\atool.rar
2013-01-14 21:28 - 2013-01-14 21:28 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\$welbot\Desktop\TDSSKiller.exe
2013-01-14 21:25 - 2013-01-14 21:25 - 01931088 ____A (Symantec Corporation) C:\Users\$welbot\Desktop\FixTDSS.exe
2013-01-14 20:36 - 2013-01-14 20:36 - 00387944 ____A (ESET spol. s r.o.) C:\Users\$welbot\Desktop\ESETHfsReader.exe
2013-01-14 20:01 - 2013-01-14 20:01 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\$welbot\Desktop\unhide.exe
2013-01-14 19:04 - 2013-01-14 19:03 - 00881914 ____A C:\Users\$welbot\Desktop\SecurityCheck.exe
2013-01-14 19:03 - 2013-01-14 19:03 - 00752287 ____A (Farbar) C:\Users\$welbot\Desktop\MiniToolBox.exe
2013-01-14 18:52 - 2013-01-14 18:52 - 00388608 ____A (Trend Micro Inc.) C:\Users\$welbot\Desktop\HijackThis.exe
2013-01-14 17:32 - 2013-01-08 02:55 - 00000190 ____A C:\Users\$welbot\Desktop\brosco.txt
2013-01-14 17:19 - 2013-01-14 17:19 - 00764416 ____A C:\Users\$welbot\Desktop\winfree.exe
2013-01-14 04:09 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-01-14 03:14 - 2013-01-14 03:14 - 00008124 ____A C:\Users\$welbot\Downloads\backupsettings (1).conf
2013-01-14 00:46 - 2013-01-02 03:09 - 00000000 ____D C:\Program Files (x86)\Marvell
2013-01-14 00:34 - 2013-01-12 09:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-14 00:34 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\winrm
2013-01-14 00:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NetworkList
2013-01-14 00:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2013-01-13 17:34 - 2013-01-13 02:53 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-13 04:16 - 2013-01-13 04:16 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-01-13 03:28 - 2013-01-07 19:34 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\mIRC
2013-01-13 03:18 - 2013-01-13 03:18 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-01-13 02:47 - 2013-01-13 02:50 - 00011780 ____A C:\Users\$welbot\Desktop\!Default_W7_Ultimate_64_SP1_Start_v100.txt.reg
2013-01-13 01:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-12 22:31 - 2013-01-12 22:31 - 00007177 ____A C:\Users\$welbot\Downloads\backupsettings.conf
2013-01-12 19:29 - 2013-01-12 13:12 - 00000000 ____A C:\Windows\SysWOW64\DllHost.exe.Z-missing.txt
2013-01-12 12:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-12 07:09 - 2013-01-12 06:02 - 00000000 ____D C:\Program Files\Freedom Scientific
2013-01-12 06:15 - 2013-01-12 06:15 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Freedom Scientific
2013-01-12 06:13 - 2013-01-12 06:13 - 00000000 ____D C:\Users\All Users\Freedom Scientific
2013-01-12 06:13 - 2013-01-12 06:13 - 00000000 ____D C:\Program Files\Freedom Scientific Installation Information
2013-01-12 06:02 - 2013-01-12 06:02 - 00000000 ____D C:\Program Files (x86)\Freedom Scientific
2013-01-12 04:39 - 2013-01-02 17:43 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Skype
2013-01-11 21:38 - 2013-01-10 20:45 - 00000000 ____D C:\Users\All Users\Screaming Bee
2013-01-11 19:34 - 2013-01-11 19:34 - 00000000 ____D C:\Users\$welbot\.swt
2013-01-11 19:33 - 2013-01-11 19:17 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-01-11 19:17 - 2013-01-11 19:17 - 00001844 ____A C:\Users\Public\Desktop\Vuze.lnk
2013-01-11 09:30 - 2013-01-09 06:22 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-01-11 09:30 - 2013-01-09 06:22 - 00780192 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-01-10 21:10 - 2013-01-10 20:46 - 00000000 ____D C:\Program Files (x86)\Screaming Bee
2013-01-10 20:45 - 2013-01-10 20:45 - 00001548 ____A C:\Users\Public\Desktop\MorphVOX Pro.lnk
2013-01-10 12:09 - 2013-01-05 04:29 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Audacity
2013-01-10 11:35 - 2013-01-02 23:46 - 00000000 ____D C:\Users\$welbot\AppData\Local\Adobe
2013-01-10 11:30 - 2013-01-10 11:30 - 00000000 ____D C:\Users\$welbot\Documents\Adobe
2013-01-10 11:30 - 2013-01-02 17:57 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Adobe
2013-01-10 10:58 - 2013-01-10 10:58 - 00000000 ____D C:\Program Files (x86)\Antares Audio Technologies
2013-01-10 10:24 - 2013-01-10 10:24 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2013-01-10 10:23 - 2013-01-10 10:23 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2013-01-10 05:10 - 2013-01-10 05:10 - 00001611 ____A C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
2013-01-10 05:09 - 2013-01-02 23:43 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-10 02:13 - 2013-01-10 02:13 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-01-10 02:05 - 2013-01-10 02:05 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-01-10 02:03 - 2013-01-02 03:00 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-01-10 01:37 - 2013-01-10 01:37 - 00000000 ____D C:\Users\$welbot\AppData\Local\VS Revo Group
2013-01-10 01:37 - 2013-01-10 01:37 - 00000000 ____D C:\Program Files\VS Revo Group
2013-01-09 23:34 - 2013-01-09 23:34 - 00000578 ____A C:\Users\$welbot\Desktop\VirtualDJ Home FREE.lnk
2013-01-09 23:34 - 2013-01-09 23:34 - 00000000 ____D C:\Users\$welbot\Documents\VirtualDJ
2013-01-09 19:32 - 2013-01-09 19:31 - 00006623 ____A C:\Users\$welbot\Desktop\url_series.txt
2013-01-09 19:17 - 2013-01-09 19:17 - 00001098 ____A C:\Users\$welbot\Desktop\NeoDownloader Lite.lnk
2013-01-09 19:17 - 2013-01-09 19:17 - 00000000 ____D C:\Users\$welbot\Downloads\NeoDownloader
2013-01-09 19:17 - 2013-01-09 19:17 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\NeoDownloader
2013-01-09 19:17 - 2013-01-09 19:17 - 00000000 ____D C:\Program Files (x86)\NeoDownloader Lite
2013-01-09 10:15 - 2013-01-09 10:15 - 00000000 ____D C:\Users$welbot
2013-01-09 07:40 - 2013-01-02 15:55 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 07:31 - 2013-01-09 07:30 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
2013-01-09 07:31 - 2013-01-09 07:30 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\PACE Anti-Piracy
2013-01-09 06:23 - 2013-01-09 06:23 - 00000000 ____D C:\Users\All Users\Sun
2013-01-09 06:19 - 2013-01-09 06:19 - 09824862 ____A C:\Users\$welbot\Downloads\6918.tmp
2013-01-09 00:50 - 2013-01-02 17:57 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 00:50 - 2013-01-02 17:57 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-07 21:27 - 2013-01-06 21:19 - 00000089 ____A C:\Users\$welbot\Desktop\Tuesday.txt
2013-01-07 19:36 - 2013-01-07 19:36 - 00006811 ____A C:\Users\$welbot\Documents\mirc.ini
2013-01-07 19:34 - 2013-01-07 19:34 - 00000947 ____A C:\Users\Public\Desktop\mIRC.lnk
2013-01-07 19:34 - 2013-01-07 19:34 - 00000000 ____D C:\Program Files (x86)\mIRC
2013-01-07 19:21 - 2013-01-03 16:23 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\WinRAR
2013-01-05 19:42 - 2013-01-05 19:42 - 00000179 ____A C:\Users\$welbot\Desktop\Cave Story+.url
2013-01-05 18:19 - 2013-01-05 18:19 - 00001081 ____A C:\Users\$welbot\Desktop\Doom3BFG.exe - Shortcut.lnk
2013-01-05 18:16 - 2013-01-05 18:16 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\NVIDIA
2013-01-05 16:36 - 2013-01-05 16:36 - 00000208 ____A C:\Users\$welbot\Desktop\Half Minute Hero Super Mega Neo Climax Ultimate Boy.url
2013-01-05 04:53 - 2013-01-05 04:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-01-05 04:29 - 2013-01-05 04:29 - 00000553 ____A C:\Users\$welbot\Desktop\Audacity.lnk
2013-01-04 16:01 - 2013-01-04 16:01 - 00000000 ____D C:\Users\$welbot\Documents\my games
2013-01-04 15:53 - 2013-01-04 15:53 - 00000638 ____A C:\Users\Public\Desktop\Steam.lnk
2013-01-03 16:23 - 2013-01-03 16:23 - 00000000 ____D C:\Program Files\WinRAR
2013-01-03 16:15 - 2013-01-03 16:15 - 00002250 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 4.3.6.lnk
2013-01-03 16:15 - 2013-01-03 16:15 - 00000000 ____D C:\Program Files (x86)\EASEUS
2013-01-02 23:45 - 2013-01-02 23:45 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-01-02 21:44 - 2013-01-02 21:44 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-01-02 21:44 - 2013-01-02 21:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-01-02 21:44 - 2013-01-02 21:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-01-02 21:44 - 2013-01-02 21:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-01-02 21:44 - 2013-01-02 21:44 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-01-02 21:44 - 2013-01-02 21:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-01-02 21:44 - 2013-01-02 21:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-01-02 21:44 - 2013-01-02 21:44 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-01-02 21:44 - 2013-01-02 21:44 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-01-02 21:44 - 2013-01-02 21:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-01-02 21:44 - 2013-01-02 21:44 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-01-02 21:44 - 2013-01-02 21:44 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-01-02 21:44 - 2013-01-02 21:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-01-02 21:02 - 2009-07-13 23:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2013-01-02 21:02 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-01-02 21:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-01-02 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-01-02 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2013-01-02 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-01-02 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-01-02 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-01-02 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-01-02 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-01-02 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-01-02 20:57 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-01-02 20:57 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-01-02 20:11 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Public\Libraries
2013-01-02 19:51 - 2013-01-02 19:51 - 00000000 ____D C:\Windows\System32\SPReview
2013-01-02 19:50 - 2013-01-02 19:50 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-02 19:10 - 2013-01-02 19:10 - 00000376 ____A C:\Windows\ODBC.INI
2013-01-02 19:10 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
2013-01-02 19:09 - 2013-01-02 19:09 - 00000000 ____D C:\Windows\PCHEALTH
2013-01-02 19:09 - 2013-01-02 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-01-02 19:09 - 2013-01-02 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-01-02 19:09 - 2009-07-13 23:46 - 00000000 ____D C:\Windows\ShellNew
2013-01-02 19:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2013-01-02 18:40 - 2013-01-02 18:40 - 00000174 ___SH C:\Users\Public\desktop.ini
2013-01-02 17:57 - 2013-01-02 17:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-01-02 17:57 - 2013-01-02 17:57 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Macromedia
2013-01-02 17:56 - 2013-01-02 17:56 - 00000000 ____D C:\Windows\System32\Macromed
2013-01-02 17:43 - 2013-01-02 17:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-02 17:43 - 2013-01-02 17:43 - 00000000 ____D C:\Users\All Users\Skype
2013-01-02 17:24 - 2009-06-10 12:35 - 00398112 ____A (Marvell) C:\Windows\System32\Drivers\yk62x64.sys
2013-01-02 17:20 - 2013-01-02 17:20 - 00001219 ____A C:\Users\UpdatusUser\Desktop\StreamArmor.lnk
2013-01-02 17:20 - 2013-01-02 17:20 - 00001219 ____A C:\Users\$welbot\Desktop\StreamArmor.lnk
2013-01-02 17:16 - 2013-01-02 17:16 - 00001243 ____A C:\Users\UpdatusUser\Desktop\SpyDLLRemover.lnk
2013-01-02 17:16 - 2013-01-02 17:16 - 00001243 ____A C:\Users\$welbot\Desktop\SpyDLLRemover.lnk
2013-01-02 16:50 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-01-02 16:50 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2013-01-02 16:05 - 2013-01-02 16:04 - 00000000 ____D C:\Users\$welbot\AppData\Local\Google
2013-01-02 16:05 - 2013-01-02 16:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-01-02 16:04 - 2013-01-02 16:04 - 00000000 ____D C:\Users\$welbot\AppData\Local\Deployment
2013-01-02 16:04 - 2013-01-02 16:04 - 00000000 ____D C:\Users\$welbot\AppData\Local\Apps\2.0
2013-01-02 04:23 - 2013-01-02 04:23 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-01-02 04:22 - 2013-01-02 04:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-01-02 04:22 - 2013-01-02 04:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-01-02 04:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-01-02 04:20 - 2013-01-02 04:20 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2013-01-02 04:18 - 2013-01-02 04:18 - 00000000 ____D C:\NVIDIA
2013-01-02 03:14 - 2013-01-02 02:59 - 00037289 ____A C:\Windows\Ascd_log.ini
2013-01-02 03:12 - 2013-01-02 03:12 - 00002114 ____A C:\Users\Public\Desktop\Express Gate Updater.lnk
2013-01-02 03:12 - 2013-01-02 03:12 - 00000000 ____D C:\Program Files (x86)\Express Gate
2013-01-02 03:12 - 2013-01-02 03:12 - 00000000 ____D C:\ASUS.SYS
2013-01-02 03:04 - 2013-01-02 03:04 - 00000000 ____D C:\Windows\AsusInstAll
2013-01-02 03:02 - 2013-01-02 03:02 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00133632 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00110592 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-01-02 03:02 - 2013-01-02 03:02 - 00000000 ____D C:\Program Files (x86)\Creative
2013-01-02 03:01 - 2013-01-02 03:01 - 00000000 ____D C:\Users\All Users\SonicFocus
2013-01-02 03:01 - 2013-01-02 03:01 - 00000000 ____D C:\Program Files (x86)\Analog Devices
2013-01-02 03:00 - 2013-01-02 03:00 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\InstallShield
2013-01-02 02:59 - 2013-01-02 02:59 - 00000000 ____D C:\Intel
2013-01-02 02:58 - 2013-01-02 02:58 - 00026388 ____A C:\Windows\Ascd_tmp.ini
2013-01-02 01:49 - 2013-01-02 01:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-02 01:49 - 2013-01-02 01:49 - 00000000 ____D C:\Users\$welbot\AppData\Roaming\Malwarebytes
2013-01-02 01:29 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-01-01 22:59 - 2013-01-01 22:59 - 00000020 ___SH C:\Users\$welbot\ntuser.ini
2013-01-01 22:59 - 2013-01-01 22:59 - 00000000 ____D C:\Recovery
2013-01-01 21:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-01-01 21:52 - 2013-01-01 21:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-01-01 21:51 - 2009-07-13 23:46 - 00000000 ____D C:\Windows\CSC
2013-01-01 19:09 - 2013-01-08 01:41 - 00020416 ____A C:\Users\$welbot\Desktop\Rkill.txt
2013-01-01 08:04 - 2013-01-08 01:41 - 00000288 ____A C:\Users\$welbot\Desktop\RootkitRemover20130102020434.txt
2012-12-30 03:43 - 2013-01-15 02:39 - 00602112 ____A (OldTimer Tools) C:\Users\$welbot\Desktop\OTL.exe
2012-12-29 14:28 - 2013-01-08 01:41 - 00000227 ____A C:\Users\$welbot\Desktop\mbr.log
2012-12-29 13:17 - 2013-01-08 01:41 - 00004843 ____A C:\Users\$welbot\Desktop\svchost.exe.txt
2012-12-29 02:34 - 2013-01-02 04:19 - 15052368 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-12-29 02:34 - 2013-01-02 04:19 - 02824656 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-12-29 02:34 - 2013-01-02 04:19 - 01813432 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-12-29 02:34 - 2013-01-02 04:19 - 01504696 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-12-29 02:34 - 2013-01-02 04:19 - 01107592 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 26931128 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 25256376 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 20450232 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 18054312 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 17560504 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 15129064 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 12641120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 10997176 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-12-29 02:34 - 2010-12-01 02:53 - 09389888 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 07931896 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 07565240 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 06263784 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 02904504 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 02720696 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 02504248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 02344888 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 01985976 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 00958272 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 00246024 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 00201728 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-12-29 02:34 - 2010-12-01 02:53 - 00017266 ____A C:\Windows\System32\nvinfo.pb
2012-12-29 00:40 - 2013-01-02 04:21 - 06382008 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-12-29 00:40 - 2013-01-02 04:21 - 03455416 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-12-29 00:40 - 2013-01-02 04:21 - 02923201 ____A C:\Windows\System32\nvcoproc.bin
2012-12-29 00:40 - 2013-01-02 04:21 - 00884152 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-12-29 00:40 - 2013-01-02 04:21 - 00118712 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-12-29 00:40 - 2013-01-02 04:21 - 00063928 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-12-28 08:54 - 2012-12-28 08:54 - 00550328 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-17 05:02:03
Restore point made on: 2013-01-17 05:03:46
Restore point made on: 2013-01-17 05:05:57
Restore point made on: 2013-01-17 05:22:48
Restore point made on: 2013-01-17 15:01:35
Restore point made on: 2013-01-17 16:48:50
Restore point made on: 2013-01-17 17:14:25

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6135.11 MB
Available physical RAM: 5372.71 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5368.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:59.43 GB) (Free:26.16 GB) NTFS
2 Drive d: (WORKSPACE) (Fixed) (Total:1863.01 GB) (Free:1531.39 GB) NTFS
3 Drive e: (Raptor) (Fixed) (Total:69.25 GB) (Free:23.65 GB) NTFS
4 Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Fixed) (Total:698.63 GB) (Free:116.55 GB) NTFS
6 Drive h: (Big_Bertha) (Fixed) (Total:931.51 GB) (Free:2.07 GB) NTFS
8 Drive k: (GRMCULXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
9 Drive l: () (Removable) (Total:1.87 GB) (Free:0.43 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (New Volume) (Fixed) (Total:298.09 GB) (Free:179.24 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 Online 69 GB 0 B
Disk 3 Online 59 GB 0 B
Disk 4 Online 698 GB 0 B
Disk 5 Online 931 GB 0 B
Disk 6 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y New Volume NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D WORKSPACE NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 69 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Raptor NTFS Partition 69 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 100 MB 101 MB
Partition 3 Primary 59 GB 201 MB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 I RAW Partition 100 MB Healthy

=========================================================

Disk: 3
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 3
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C NTFS Partition 59 GB Healthy

=========================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

==================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 G NTFS Partition 698 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 H Big_Bertha NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1921 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L FAT Removable 1921 MB Healthy

=========================================================

Last Boot: 2013-01-13 08:48

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 AM

Posted 18 January 2013 - 07:02 PM

There are no signs that your machine was ever infected with zero access

Please run the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKU\S-1-5-21-6954281-1015321383-2352895789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.tpg.com.au:3128
    [2013/01/17 23:01:15 | 000,000,000 | ---D | C] -- C:\vba32
    @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:2CFDCA54
    @Alternate Data Stream - 1545 bytes -> C:\ProgramData\Microsoft:heq5ghJMxF0lrUpCZB
    @Alternate Data Stream - 1431 bytes -> C:\ProgramData\Microsoft:pOXaRqcXD7qyQxVkWC
    
    :Files
    ipconfig /flushdns /c
    C:\Users\$welbot\Downloads\6918.tmp
    
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 18 January 2013 - 07:23 PM

Thanks for that. I think I said in my first post, I wasn't 100% sure if it was Zero Access, but whatever it was/is, that's the closest match I could find. It's possible it's not technically all there or active due to what I've done, but I'm worried about the leftovers. There's definitely something still going on though as most changes I have been making were reverting themselves back to what it wanted to be.

Here's the OTL log.

All processes killed
========== OTL ==========
HKU\S-1-5-21-6954281-1015321383-2352895789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\vba32 folder moved successfully.
ADS C:\ProgramData\TEMP:2CFDCA54 deleted successfully.
ADS C:\ProgramData\Microsoft:heq5ghJMxF0lrUpCZB deleted successfully.
ADS C:\ProgramData\Microsoft:pOXaRqcXD7qyQxVkWC deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\$welbot\Desktop\cmd.bat deleted successfully.
C:\Users\$welbot\Desktop\cmd.txt deleted successfully.
C:\Users\$welbot\Downloads\6918.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: $welbot
->Temp folder emptied: 91107 bytes
->Temporary Internet Files folder emptied: 137874443 bytes
->Java cache emptied: 958730 bytes
->Google Chrome cache emptied: 29682217 bytes
->Flash cache emptied: 619 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26228 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46450468 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01192013_100814

Files\Folders moved on Reboot...
C:\Users\$welbot\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_WELBOT-PC$\1400 not found!
File move failed. C:\Windows\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib4 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




Here's a picture of some of the hidden hardware in my device manager (there's a few more below as they wouldn't fit on the screen) [edit] I should add that the 2 marvel yukon net adaptors at the top are actually legit. [/edit]
http://www.welbot-it.com/stuff/hidden_hardware.jpg

Edited by goingoutofmyhead, 18 January 2013 - 07:25 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 AM

Posted 18 January 2013 - 07:30 PM

what you are seeing there is normal.

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 18 January 2013 - 09:21 PM

I'd like to think that it is all gone..It's possible I did manage to get rid of it, but I'm just a bit suspicious of a few things (like services restarting when I put them on disabled (namely related to remote control) - haven't tested this in a while though) It would appear as though the online profiles are gone. There used to be user profiles named s-1xxxxxxxxxxxxxxx (x's being random numbers). There was one for each user. Now they are gone, and there's a folder in the c: called user$welbot which was not there prior. This may have happened before I came here?

Whatever it was/is, I'm glad to be able to get a second opinion on it being gone. The reason I suspected those hidden hardware bits, was because the second time I ran Kaspersky's TDSSKiller, it actually brought all of them up as threats. I just skippped everything at that point as I was still trying to figure out how it was all tied together, but subsequent scans never showed them again. I'm glad to know they're ok though. I haven't really needed to look at hidden hardware since xp, so I wasn't familiar with what's there by default.

The eset scan will take a while by the looks of it. Going through all drives I think, so in the meantime, here are the results from the other scans. Looks promising, but I guess I'm just paranoid.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Ultimate x64
Ran by $welbot on Sat 19/01/2013 at 10:49:15.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 19/01/2013 at 10:54:00.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v2.106 - Logfile created 01/19/2013 at 10:55:40
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : $welbot - WELBOT-PC
# Boot Mode : Normal
# Running from : C:\Users\$welbot\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [659 octets] - [19/01/2013 10:55:40]

########## EOF - C:\AdwCleaner[S1].txt - [718 octets] ##########






Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.18.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
$welbot :: WELBOT-PC [administrator]

19/01/2013 11:02:02 AM
mbam-log-2013-01-19 (11-02-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230246
Time elapsed: 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Will post the eset scan when it's done.

#8 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 19 January 2013 - 10:01 AM

Ok Here's the result of the eset scan.

C:\Program Files (x86)\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe a variant of Win32/SecurityXploded.A application
C:\Program Files (x86)\SecurityXploded\SXSystemSuite\AdvancedWinServiceManager.exe a variant of Win32/SecurityXploded.A application
C:\Program Files (x86)\SecurityXploded\SXSystemSuite\DownloadHashVerifier.exe a variant of Win32/SecurityXploded.A application
C:\Program Files (x86)\SecurityXploded\SXSystemSuite\ProcNetMonitor.exe a variant of Win32/SecurityXploded.A application
G:\temp\MD5HashVerifier\Portable Version\DownloadHashVerifier.exe a variant of Win32/SecurityXploded.A application
G:\temp\MD5HashVerifier\Setup_DownloadHashVerifier.exe a variant of Win32/SecurityXploded.A application
G:\temp\SXSystemSuite\Setup_SXSystemSuite.exe a variant of Win32/SecurityXploded.A application
G:\temp\welbot\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\281e7c9f-7017b599 a variant of Java/Exploit.CVE-2010-0094.O trojan
G:\temp\AdvancedWinServiceManager.zip a variant of Win32/SecurityXploded.A application

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 AM

Posted 19 January 2013 - 11:19 AM

empty Java cache

Click Start > Control Panel.
Double-click the Java icon in the control panel.
The Java Control Panel appears.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

There are three options on this window to clear the cache.

  • Delete Files
  • View Applications
  • View Applets


Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on Temporary Files Settings window.



NEXT

It seems to me you have way too many security programs on board, they may be conflicting with one another and causing some of the issues you are reporting.

as an example, on my machine I use Microsoft Security Essentials as my AV, the Pro version of Malwarebytes Anti Malware, the Windows Firewall and I'm behind a secure router, that's it.

So I suggest uninstalling the remaining security programs

choose 1 antivirus

1 Firewall (if you would prefer a third party option over the Windows Firewall, but it's not necessary) and one antimalware program and set a secure password on your router.


Delete all the malware removal tools you have used except ComboFix and OTL, they have special clean-up routines (I will give you the instructions for that when we are done)


Run a fresh scan with OTL and post the log

please describe any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 19 January 2013 - 12:20 PM

I don't actually have Java installed atm. I removed it a few days ago. That files on G: are just the downloaded files btw (installers for what you see in c:) . With the exception of the one from the profile folder. That's from a backup I made of the profile before I began messing with it.
Originally, I only had Kaspersky and Windows Defender running. (Firewall through Kaspersky) The abundance of tools is just a result of me trying to find bits of it. I've been careful to remove as much as I can once I've finished using a particular tool though. Currently the only realtime protection running would be Win Defender I think (and I even disabled that when I ran the eset and other scans as I know interference can happen).

Here's a quick OTL Scan. I can provide a full if you like. Wasn't sure what you would prefer. I will try a few things in the next couple of hours to try and sus out what's left (if anything).
A couple of things I'm curious about, is firstly, the reg key HKLM\System\CurrentControlSet\services\tcpip\Parameters - ICSDomain. What's the default value for that entry?
Also, under HKLM, Above HARDWARE, I have a folder called BDC00000000. I honestly don't recall if it was there before this or not.
I do have a question about some stuff I saw in process explorer too, but I'll have to nab a screenshot for that one.. too hard to explain. I'll come back and post that and anything else I find soon :) Many thanks again for the assistance. Muchly appreciated!


OTL logfile created on: 20/01/2013 3:08:39 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\$welbot\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 53.68% Memory free
11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.43 Gb Total Space | 27.03 Gb Free Space | 45.49% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 69.25 Gb Total Space | 23.65 Gb Free Space | 34.15% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1531.38 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 0.43 Gb Free Space | 22.67% Space Free | Partition Type: FAT
Drive S: | 698.63 Gb Total Space | 116.55 Gb Free Space | 16.68% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 2.07 Gb Free Space | 0.22% Space Free | Partition Type: NTFS
Drive W: | 298.09 Gb Total Space | 179.24 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

Computer Name: WELBOT-PC | User Name: $welbot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 10:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/30 21:43:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\$welbot\Desktop\OTL.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/20 22:33:42 | 003,281,528 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mIRC\mirc.exe
PRC - [2010/11/20 22:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009/02/18 21:31:28 | 000,315,392 | ---- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe
PRC - [2005/04/04 18:58:30 | 003,502,080 | ---- | M] () -- g:\cs2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 18:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- G:\cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- g:\cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/08 10:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/08 10:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/08 10:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/08 10:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/08 10:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/08 10:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 19:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/01/09 18:50:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/05 09:54:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/29 20:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 11:20:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/21 04:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/18 21:31:28 | 000,315,392 | ---- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/15 17:25:32 | 000,036,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys -- (ERmvrDrv)
DRV:64bit: - [2013/01/03 11:24:35 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/04 01:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 09:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/10/21 04:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/01/17 23:21:19 | 000,035,904 | ---- | M] (VirusBlokAda Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\arix1x6e.sys -- (arix1x6e)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/25 11:50:50 | 000,011,848 | ---- | M] (Antiy Labs) [Kernel | On_Demand | Stopped] -- C:\Users\$welbot\Desktop\atool\IRPFile.sys -- (IRPFile)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage: http://ibrisbanesde/default.aspx
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://ibrisbanesde/default.aspx
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: WGT Golf Challenge = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: Marvel Comics = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: Poppit = C:\Users\$welbot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2013/01/19 10:08:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Version Cue CS2] g:\cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKCU..\Run: [SoundMax] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F1D204-4635-4E45-80D6-646A04FA142A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 19:29:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/19 11:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/19 11:01:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/19 11:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/19 10:49:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/19 10:49:08 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/19 10:42:23 | 000,499,025 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\$welbot\Desktop\JRT.exe
[2013/01/19 10:08:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/19 09:09:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/19 08:58:48 | 001,464,233 | ---- | C] (Farbar) -- C:\Users\$welbot\Desktop\FRST64.exe
[2013/01/18 19:54:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\$welbot\Desktop\dds.scr
[2013/01/18 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\agl
[2013/01/18 11:30:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/18 10:51:49 | 000,733,296 | ---- | C] (Webroot) -- C:\Users\$welbot\Desktop\wsainstall.exe
[2013/01/18 08:49:25 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\ElevatedDiagnostics
[2013/01/18 00:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
[2013/01/17 23:21:19 | 000,035,904 | ---- | C] (VirusBlokAda Ltd.) -- C:\Windows\SysWow64\drivers\arix1x6e.sys
[2013/01/17 23:07:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/17 23:05:53 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Avg2013
[2013/01/17 21:01:31 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\TuneUp Software
[2013/01/17 20:55:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/17 20:55:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\MFAData
[2013/01/17 20:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/17 20:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/17 20:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/15 20:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\$welbot\Desktop\OTL.exe
[2013/01/15 20:36:53 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\Flashfake Removal Tool.app
[2013/01/15 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/01/15 20:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/01/15 20:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2013/01/15 20:03:53 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\atool
[2013/01/15 19:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/15 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tangosoft
[2013/01/15 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Re-Enable V2
[2013/01/15 16:28:51 | 000,864,120 | ---- | C] (ALWIL Software) -- C:\Users\$welbot\Desktop\aswar.exe
[2013/01/15 15:28:13 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\$welbot\Desktop\TDSSKiller.exe
[2013/01/15 15:25:29 | 001,931,088 | ---- | C] (Symantec Corporation) -- C:\Users\$welbot\Desktop\FixTDSS.exe
[2013/01/15 14:36:36 | 000,387,944 | ---- | C] (ESET spol. s r.o.) -- C:\Users\$welbot\Desktop\ESETHfsReader.exe
[2013/01/15 14:01:09 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\$welbot\Desktop\unhide.exe
[2013/01/15 13:03:28 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\$welbot\Desktop\MiniToolBox.exe
[2013/01/15 12:52:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\$welbot\Desktop\HijackThis.exe
[2013/01/15 11:20:56 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Desktop\RK_Quarantine
[2013/01/13 22:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/01/13 22:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013/01/13 21:18:50 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/13 20:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/13 15:10:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/13 15:10:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/13 15:10:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/13 07:04:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/13 03:28:42 | 000,000,000 | ---D | C] -- C:\marsscan
[2013/01/13 03:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/13 03:12:21 | 005,023,728 | R--- | C] (Swearware) -- C:\Users\$welbot\Desktop\rainbow_brite.exe
[2013/01/13 02:57:24 | 005,022,206 | R--- | C] (Swearware) -- C:\Users\$welbot\Desktop\combi.exe
[2013/01/13 00:37:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Freedom Scientific
[2013/01/13 00:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Freedom Scientific
[2013/01/13 00:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Scientific Installation Information
[2013/01/13 00:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel
[2013/01/13 00:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Scientific
[2013/01/13 00:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freedom Scientific
[2013/01/12 13:34:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\.swt
[2013/01/12 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Azureus
[2013/01/12 13:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2013/01/11 14:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2013/01/11 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2013/01/11 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013/01/11 05:30:12 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Documents\Adobe
[2013/01/11 04:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
[2013/01/11 04:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Antares Audio Technologies
[2013/01/11 04:24:24 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53 Demo
[2013/01/11 04:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53 Demo
[2013/01/11 04:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2013/01/11 04:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2013/01/11 04:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio
[2013/01/10 20:13:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/01/10 20:05:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013/01/10 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/01/10 19:37:42 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\VS Revo Group
[2013/01/10 19:37:38 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/01/10 19:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/10 19:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/10 17:40:29 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonicProjects
[2013/01/10 17:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonicProjects
[2013/01/10 17:34:24 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013/01/10 17:34:22 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Documents\VirtualDJ
[2013/01/10 13:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoDownloader Lite
[2013/01/10 13:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader Lite
[2013/01/10 13:17:27 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\NeoDownloader
[2013/01/10 05:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2013/01/10 04:15:20 | 000,000,000 | ---D | C] -- C:\Users$welbot
[2013/01/10 03:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
[2013/01/10 01:30:57 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\PACE Anti-Piracy
[2013/01/10 01:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013/01/10 00:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/01/08 13:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013/01/08 13:34:56 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\mIRC
[2013/01/08 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2013/01/06 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\NVIDIA
[2013/01/06 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/05 22:53:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/05 22:29:10 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Audacity
[2013/01/05 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Documents\my games
[2013/01/05 09:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/01/05 09:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/04 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\WinRAR
[2013/01/04 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/04 10:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/04 10:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/01/04 10:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard Professional 4.3.6
[2013/01/04 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2013/01/04 10:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/03 17:46:47 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Adobe
[2013/01/03 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/03 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/03 17:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/01/03 13:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/01/03 13:50:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/01/03 13:28:35 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/01/03 13:28:19 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/01/03 13:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/03 13:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2013/01/03 13:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/03 13:09:36 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/03 13:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/01/03 12:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/01/03 12:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/01/03 12:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/01/03 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Macromedia
[2013/01/03 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Adobe
[2013/01/03 11:57:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/03 11:56:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/03 11:43:17 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Skype
[2013/01/03 11:43:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/01/03 11:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/03 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/03 11:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/01/03 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded
[2013/01/03 10:50:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/01/03 10:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/03 10:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/03 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Google
[2013/01/03 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Deployment
[2013/01/03 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Apps
[2013/01/03 09:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/01/03 03:17:17 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/01/02 22:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/01/02 22:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/01/02 22:21:02 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/01/02 22:21:02 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/01/02 22:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/01/02 22:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/01/02 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/01/02 22:18:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/01/02 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Programs
[2013/01/02 21:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
[2013/01/02 21:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Express Gate
[2013/01/02 21:12:50 | 000,000,000 | ---D | C] -- C:\ASUS.SYS
[2013/01/02 21:12:49 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2013/01/02 21:12:49 | 000,000,000 | ---D | C] -- C:\temp
[2013/01/02 21:12:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/01/02 21:10:16 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2013/01/02 21:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell
[2013/01/02 21:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2013/01/02 21:04:54 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2013/01/02 21:02:05 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/01/02 21:02:05 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/01/02 21:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/01/02 21:02:04 | 001,828,352 | ---- | C] (Creative) -- C:\Windows\SysNative\adi_oal.dll
[2013/01/02 21:02:04 | 001,503,232 | ---- | C] (Creative) -- C:\Windows\SysWow64\adi_oal.dll
[2013/01/02 21:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/01/02 21:01:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
[2013/01/02 21:01:45 | 000,062,464 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll
[2013/01/02 21:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2013/01/02 21:01:12 | 000,174,592 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2013/01/02 21:01:12 | 000,163,840 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFCTPL64.dll
[2013/01/02 21:01:12 | 000,122,880 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFFXCPStr.dll
[2013/01/02 21:01:12 | 000,078,848 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2013/01/02 21:01:12 | 000,078,336 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2013/01/02 21:01:12 | 000,069,120 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2013/01/02 21:01:12 | 000,059,392 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFMAPO64.dll
[2013/01/02 21:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
[2013/01/02 21:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2013/01/02 21:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/01/02 21:00:05 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\InstallShield
[2013/01/02 20:59:55 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/01/02 20:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/01/02 20:59:48 | 000,000,000 | ---D | C] -- C:\Intel
[2013/01/02 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Diagnostics
[2013/01/02 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Malwarebytes
[2013/01/02 19:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/02 17:00:00 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/02 17:00:00 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Searches
[2013/01/02 17:00:00 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/01/02 17:00:00 | 000,000,000 | ---D | C] -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/02 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Identities
[2013/01/02 16:59:52 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Contacts
[2013/01/02 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\VirtualStore
[2013/01/02 16:59:46 | 000,000,000 | --SD | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Videos
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Saved Games
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Pictures
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Music
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Links
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Favorites
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Downloads
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Documents
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\Desktop
[2013/01/02 16:59:46 | 000,000,000 | R--D | C] -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\AppData\Local\Temporary Internet Files
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Templates
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Start Menu
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\SendTo
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Recent
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\PrintHood
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\NetHood
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Documents\My Videos
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Documents\My Pictures
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Documents\My Music
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\My Documents
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Local Settings
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\AppData\Local\History
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Cookies
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\Application Data
[2013/01/02 16:59:46 | 000,000,000 | -HSD | C] -- C:\Users\$welbot\AppData\Local\Application Data
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Temp
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Local\Microsoft
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData\Roaming\Media Center Programs
[2013/01/02 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\$welbot\AppData
[2013/01/02 16:59:41 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/01/02 16:59:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/01/02 15:51:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/01/02 15:51:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/01/20 03:09:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 03:07:28 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/01/20 02:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/19 13:27:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/19 11:04:33 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 11:04:33 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 11:01:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/19 11:01:46 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/19 11:01:46 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/19 11:01:12 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 10:57:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 10:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 10:57:23 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 10:46:01 | 000,574,677 | ---- | M] () -- C:\Users\$welbot\Desktop\adwcleaner.exe
[2013/01/19 10:43:00 | 000,499,025 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\$welbot\Desktop\JRT.exe
[2013/01/19 10:08:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/19 08:58:50 | 001,464,233 | ---- | M] (Farbar) -- C:\Users\$welbot\Desktop\FRST64.exe
[2013/01/18 19:54:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\$welbot\Desktop\dds.scr
[2013/01/18 10:51:50 | 000,733,296 | ---- | M] (Webroot) -- C:\Users\$welbot\Desktop\wsainstall.exe
[2013/01/17 23:21:19 | 000,035,904 | ---- | M] (VirusBlokAda Ltd.) -- C:\Windows\SysWow64\drivers\arix1x6e.sys
[2013/01/17 20:24:02 | 005,023,728 | R--- | M] (Swearware) -- C:\Users\$welbot\Desktop\rainbow_brite.exe
[2013/01/17 20:22:25 | 000,300,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/17 20:13:34 | 000,032,584 | ---- | M] () -- C:\Users\$welbot\Documents\cc_20130117_201324.reg
[2013/01/17 20:06:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/16 11:19:40 | 000,000,000 | -H-- | M] () -- C:\Users\$welbot\Documents\Default.rdp
[2013/01/16 02:10:22 | 000,001,327 | ---- | M] () -- C:\Users\$welbot\Desktop\DownloadHashVerifier.lnk
[2013/01/16 02:03:18 | 000,001,081 | ---- | M] () -- C:\Users\$welbot\Desktop\SXSystemSuite.lnk
[2013/01/16 00:01:31 | 005,022,206 | R--- | M] (Swearware) -- C:\Users\$welbot\Desktop\combi.exe
[2013/01/15 23:58:21 | 000,002,251 | ---- | M] () -- C:\Users\$welbot\Desktop\Google Chrome.lnk
[2013/01/15 20:29:52 | 000,001,795 | ---- | M] () -- C:\Users\$welbot\Desktop\MagicISO.lnk
[2013/01/15 18:13:05 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Re-Enable v2.exe.lnk
[2013/01/15 17:25:32 | 000,036,768 | ---- | M] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/01/15 15:44:55 | 000,864,120 | ---- | M] (ALWIL Software) -- C:\Users\$welbot\Desktop\aswar.exe
[2013/01/15 15:41:03 | 005,562,563 | ---- | M] () -- C:\Users\$welbot\Desktop\atool.rar
[2013/01/15 15:28:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\$welbot\Desktop\TDSSKiller.exe
[2013/01/15 15:25:29 | 001,931,088 | ---- | M] (Symantec Corporation) -- C:\Users\$welbot\Desktop\FixTDSS.exe
[2013/01/15 14:36:36 | 000,387,944 | ---- | M] (ESET spol. s r.o.) -- C:\Users\$welbot\Desktop\ESETHfsReader.exe
[2013/01/15 14:01:09 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\$welbot\Desktop\unhide.exe
[2013/01/15 13:04:19 | 000,881,914 | ---- | M] () -- C:\Users\$welbot\Desktop\SecurityCheck.exe
[2013/01/15 13:03:28 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\$welbot\Desktop\MiniToolBox.exe
[2013/01/15 12:52:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\$welbot\Desktop\HijackThis.exe
[2013/01/15 11:19:46 | 000,764,416 | ---- | M] () -- C:\Users\$welbot\Desktop\winfree.exe
[2013/01/13 21:18:50 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/12 13:17:38 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/01/12 13:17:38 | 000,001,844 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/01/11 14:45:06 | 000,001,548 | ---- | M] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013/01/10 23:10:32 | 000,001,611 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2013/01/10 19:37:38 | 000,000,997 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/10 17:34:24 | 000,000,578 | ---- | M] () -- C:\Users\$welbot\Desktop\VirtualDJ Home FREE.lnk
[2013/01/10 13:17:27 | 000,001,122 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\NeoDownloader Lite.lnk
[2013/01/10 13:17:27 | 000,001,098 | ---- | M] () -- C:\Users\$welbot\Desktop\NeoDownloader Lite.lnk
[2013/01/08 13:36:02 | 000,006,811 | ---- | M] () -- C:\Users\$welbot\Documents\mirc.ini
[2013/01/08 13:34:59 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013/01/06 13:42:15 | 000,000,179 | ---- | M] () -- C:\Users\$welbot\Desktop\Cave Story+.url
[2013/01/06 12:19:27 | 000,001,081 | ---- | M] () -- C:\Users\$welbot\Desktop\Doom3BFG.exe - Shortcut.lnk
[2013/01/06 10:36:07 | 000,000,208 | ---- | M] () -- C:\Users\$welbot\Desktop\Half Minute Hero Super Mega Neo Climax Ultimate Boy.url
[2013/01/05 22:29:02 | 000,000,553 | ---- | M] () -- C:\Users\$welbot\Desktop\Audacity.lnk
[2013/01/05 09:53:00 | 000,000,638 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/04 10:15:48 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 4.3.6.lnk
[2013/01/03 17:45:39 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/03 15:49:26 | 000,001,433 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/03 15:44:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/03 15:44:05 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/03 14:48:30 | 000,001,129 | ---- | M] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/01/03 13:10:36 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/01/03 11:24:35 | 000,398,112 | ---- | M] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys
[2013/01/03 11:20:58 | 000,001,219 | ---- | M] () -- C:\Users\$welbot\Desktop\StreamArmor.lnk
[2013/01/03 11:16:03 | 000,001,243 | ---- | M] () -- C:\Users\$welbot\Desktop\SpyDLLRemover.lnk
[2013/01/02 21:14:13 | 000,037,289 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2013/01/02 21:12:51 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Express Gate Updater.lnk
[2013/01/02 21:02:05 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/01/02 21:02:05 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/01/02 20:58:59 | 000,026,388 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2013/01/02 15:54:52 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/01/02 15:54:52 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/01/02 15:52:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/12/30 21:43:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\$welbot\Desktop\OTL.exe
[2012/12/29 20:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/12/29 18:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

========== Files Created - No Company Name ==========

[2013/01/19 13:27:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/19 11:01:12 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 10:45:51 | 000,574,677 | ---- | C] () -- C:\Users\$welbot\Desktop\adwcleaner.exe
[2013/01/17 20:22:17 | 000,300,352 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/17 20:13:30 | 000,032,584 | ---- | C] () -- C:\Users\$welbot\Documents\cc_20130117_201324.reg
[2013/01/17 20:06:49 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/16 11:19:40 | 000,000,000 | -H-- | C] () -- C:\Users\$welbot\Documents\Default.rdp
[2013/01/16 02:10:22 | 000,001,327 | ---- | C] () -- C:\Users\$welbot\Desktop\DownloadHashVerifier.lnk
[2013/01/16 02:03:18 | 000,001,081 | ---- | C] () -- C:\Users\$welbot\Desktop\SXSystemSuite.lnk
[2013/01/15 20:29:52 | 000,001,795 | ---- | C] () -- C:\Users\$welbot\Desktop\MagicISO.lnk
[2013/01/15 18:13:05 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Re-Enable v2.exe.lnk
[2013/01/15 17:25:32 | 000,036,768 | ---- | C] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/01/15 15:40:59 | 005,562,563 | ---- | C] () -- C:\Users\$welbot\Desktop\atool.rar
[2013/01/15 13:03:56 | 000,881,914 | ---- | C] () -- C:\Users\$welbot\Desktop\SecurityCheck.exe
[2013/01/15 11:19:46 | 000,764,416 | ---- | C] () -- C:\Users\$welbot\Desktop\winfree.exe
[2013/01/13 15:10:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/13 15:10:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/13 15:10:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/13 15:10:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/13 15:10:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/12 13:17:38 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/01/12 13:17:38 | 000,001,844 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/01/12 13:17:38 | 000,001,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2013/01/11 14:45:06 | 000,001,548 | ---- | C] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013/01/10 23:10:33 | 000,001,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
[2013/01/10 23:10:32 | 000,001,611 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2013/01/10 20:13:17 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2013/01/10 20:13:03 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2013/01/10 20:11:54 | 000,000,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2013/01/10 20:06:48 | 000,001,647 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013/01/10 20:06:48 | 000,001,642 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013/01/10 20:06:21 | 000,001,631 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013/01/10 19:37:38 | 000,000,997 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/10 17:34:24 | 000,000,578 | ---- | C] () -- C:\Users\$welbot\Desktop\VirtualDJ Home FREE.lnk
[2013/01/10 13:17:27 | 000,001,122 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\NeoDownloader Lite.lnk
[2013/01/10 13:17:27 | 000,001,098 | ---- | C] () -- C:\Users\$welbot\Desktop\NeoDownloader Lite.lnk
[2013/01/08 19:41:48 | 000,118,342 | ---- | C] () -- C:\Users\$welbot\Desktop\xxxxxxx.rtf
[2013/01/08 19:41:48 | 000,001,388 | ---- | C] () -- C:\Users\$welbot\Desktop\letter_of_claim.rtf
[2013/01/08 19:41:48 | 000,000,931 | ---- | C] () -- C:\Users\$welbot\Desktop\cover_letter.rtf
[2013/01/08 13:36:02 | 000,006,811 | ---- | C] () -- C:\Users\$welbot\Documents\mirc.ini
[2013/01/08 13:34:59 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013/01/06 13:42:15 | 000,000,179 | ---- | C] () -- C:\Users\$welbot\Desktop\Cave Story+.url
[2013/01/06 12:19:27 | 000,001,081 | ---- | C] () -- C:\Users\$welbot\Desktop\Doom3BFG.exe - Shortcut.lnk
[2013/01/06 10:36:07 | 000,000,208 | ---- | C] () -- C:\Users\$welbot\Desktop\Half Minute Hero Super Mega Neo Climax Ultimate Boy.url
[2013/01/05 22:29:02 | 000,000,553 | ---- | C] () -- C:\Users\$welbot\Desktop\Audacity.lnk
[2013/01/05 22:29:02 | 000,000,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/01/05 09:53:00 | 000,000,638 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/04 10:15:48 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 4.3.6.lnk
[2013/01/03 17:45:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/03 17:45:39 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/03 15:44:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/03 15:44:05 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/03 14:48:30 | 000,001,129 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/01/03 13:29:36 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2013/01/03 13:29:20 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/01/03 13:28:04 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/01/03 13:28:00 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/01/03 13:28:00 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/01/03 13:27:54 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013/01/03 13:27:54 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/01/03 13:10:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/01/03 11:57:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 11:49:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/03 11:36:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/03 11:20:58 | 000,001,219 | ---- | C] () -- C:\Users\$welbot\Desktop\StreamArmor.lnk
[2013/01/03 11:16:03 | 000,001,243 | ---- | C] () -- C:\Users\$welbot\Desktop\SpyDLLRemover.lnk
[2013/01/03 10:05:24 | 000,002,251 | ---- | C] () -- C:\Users\$welbot\Desktop\Google Chrome.lnk
[2013/01/03 10:04:22 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 10:04:20 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/02 22:21:34 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/01/02 21:14:38 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2013/01/02 21:12:51 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Express Gate Updater.lnk
[2013/01/02 20:59:05 | 000,037,289 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/01/02 20:58:51 | 000,026,388 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/01/02 19:31:52 | 000,001,433 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/02 17:00:23 | 000,001,405 | ---- | C] () -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/01/02 17:00:21 | 000,001,439 | ---- | C] () -- C:\Users\$welbot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/02 16:59:46 | 000,000,290 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/01/02 16:59:46 | 000,000,272 | ---- | C] () -- C:\Users\$welbot\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/01/02 15:54:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/01/02 15:54:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/01/02 15:52:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/01/02 15:51:32 | 529,879,039 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 06:09:26 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\Audacity
[2013/01/17 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\Azureus
[2013/01/13 00:15:17 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\Freedom Scientific
[2013/01/10 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\NeoDownloader
[2013/01/10 01:31:43 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\PACE Anti-Piracy
[2013/01/17 21:01:31 | 000,000,000 | ---D | M] -- C:\Users\$welbot\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:48A9EADC

< End of report >

#11 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 19 January 2013 - 01:24 PM

Ok. Just opened GMER to gather more info, and on it's initial scan, (before pressing scan) it's come up with the following.



GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-20 03:48:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4 Kingston rev.B090 59.63GB
Running: nq8xnlpy.exe; Driver: C:\Users\$welbot\AppData\Local\Temp\ugdiqpog.sys

---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4320] 000007fefbcd0000

---- EOF - GMER 2.0 ----



I looked at svchost with pid 4320 in process explorer, and it mentions session manager. I'm pretty sure that's one of the places that was tied in to having me log on to the other system at some stage. I wont do anything with it for now, as I'm not totally sure if it's dodgy, but given that it says suspicious, it's worth a look in to I think. Any idea how I can tell if this is legit or not?

Also, as mentioned earlier, I had a question about process explorer. When I was investigating various bits of this, in some processes, I noticed on the Strings tab, there was a lot of jargon like this....

xRich
.text
`FE_TEXT
`.rdata
@.data
.pdata
@.rsrc
@.reloc
A_A^A]A\_
xLH
Ajf9Ajt
UVWATAUAVAWH
A_A^A]A\_^][
f9{ju
YhE3
AbD+
VHL
t$pH
L$pH
WATAVH
SHL
KXD
CpA
l$HH
t$PH
UVWATAUH
`IcX`E
HXH
UVWH
D$JI
fD;C
fD;C
T$HD
\$ UVATAUAWH
AHH
tkD
A_A]A\^]
VWATH
CbfD
\$pfE
D$rfD+
D$vfD
T$pH
c`fD
Cbf
T$pE3
Cju
fA9R
L$0fA
fA9B
fE9J
T$2fE
D$4fD
L$6|8fD;
UVWATAUAVAWH
L$HM
T$pH
L$HM
D$PA9
fD;c
L$HA9
CbM
L$HE
L$HA9
Cju
D$hL;
A_A^A]A\_^][
Cju
CbfD
\$XfD
T$XH
D$Zf
D$^fD
CbD
L$HE3
CbM
T$HfD
fD;c
L$Lf
l$TD+
D$HA
D$PH
L$HA
L$dD
xA_A^A]A\_^][
UVWATAUAVAWH
x ATAUAVAW
qXD
fD+Q
xzA
SHIc
fF9t
fF9t
xHE+
SXH
t$8A_A^A]A\
SUVWATAUAVAW
GpD
D$hE
T$dH
WHA
GXA
L$LH
D$pH;
d$Lf;
L$XE;
L$PfD
L$HL
d$LfD
oD$HI
d$LH;\$p
A_A^A]A\_^][
UVWATAUAVAWH


There's literally hundreds of them. (That example I just pulled out of conhost.exe that's running on my system right now (which I've been sus on for a while, cos it wasn't in my task manager last week. The reason I'm a bit sus of these is, that during the main crux of this infection, when those s-1-xxxxxx profiles were in the system, there was a bunch of very similar entries in the registry. Possibly in several spots, but I'm pretty sure most of them were under ClassesRoot. All of those weird reg entries seem to be gone now, which I'm pleased about, but I'm just curious about these processes that show that kind of stuff. There's a few like csrss and lsass that show it in the list, and then there's others that just seem to have normal sort of string entries. Is this something that should be looked in to, or is that all normal? (just curious due to it being so similar to what used to be in the registry)

It's actually kind of weird. It's almost like this thing is cleaning itself up to some degree. Still seems to have little residual bits about though.

One thing I found in my travels, is in my system32 folder, I have a file called winrm.vbs Is it supposed to be there? Contents looks like it was used as part of this at some point (I can post it if you need to see)


[Edit] just a bit more info.. I looked at the other tabs in GMER, and it's flagged a few reg entries (highlighted in red) which I think are leftover from the domain policy system that it was locked in to. It looks as though they might be empty, but I'm guessing they shouldn't really be there anyway since I'm not on a domain. Anyway, I'll leave it open in case you want me to export the data or do a scan. [/Edit]

Edited by goingoutofmyhead, 19 January 2013 - 01:37 PM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 AM

Posted 19 January 2013 - 02:18 PM

A couple of things I'm curious about, is firstly, the reg key HKLM\System\CurrentControlSet\services\tcpip\Parameters - ICSDomain. What's the default value for that entry?


That would depend if you are using the Internet Connection Sharing or not.

On my Win 7 64 bit machine, the entry reads "mshome.net" but I have several computers using one internet connection

http://windows.microsoft.com/en-US/windows-vista/Using-ICS-Internet-Connection-Sharing

Also, under HKLM, Above HARDWARE, I have a folder called BDC00000000.


This is normal - my advice is to stay out of the registry, there is no reason to "tweak" the registry, you can do more harm than good. (don't use the registry cleaner feature of CCleaner)

I have a file called winrm.vbs Is it supposed to be there? Contents looks like it was used as part of this at some point (I can post it if you need to see)

yes please post the content of this file.

a "suspicious" file with GMER, doesn't necessarily mean it is infected, but is something that can be exploited.

FRST would have alerted to an infected svchost.exe


how is the computer running now?



please run the following:

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 19 January 2013 - 02:44 PM

I'm never one to muck about with the registry too much unless I know what I'm doing. And certainly not without making a backup first ;) I found a few things I wasn't quite sure of in my investigation of this issue, which is why I came for a second opinion. Only way to learn :)
The computer has been running better since I set my modem to bridging and popped myself on a different router behind that. There was a hell of a lot of network traffic prior to that, and a lot of harddrive activity.
I'm still getting weird HDD activity on my W:, but I'm not sure what's going on. It's in an e-sata dock, and every so often it will just light up and stay lit up for a while before the power saving kicks in and powers it down. There are no services that run from that drive or anything, so I'm unsure as to why it does it.. dunno if the system just wakes it up every so often or if it's something running, but the drive doesn't spin up really fast. Just kinda turns on and sits there.. :|
Apart from that though, most of the background activity has stopped.


RogueKiller put out 4 logs. They are as follows.

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : $welbot [Admin rights]
Mode : Scan -- Date : 01/20/2013 01:24:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

’ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EACS-00D6B0 +++++
--- User ---
[MBR] 3754bfdd1ad6c5d62b8e6e77b3f40f97
[BSP] b2687caf05cabe9234862ed18a04c6e6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD7500AACS-00D6B1 +++++
--- User ---
[MBR] cbe5051acb0be83136a54f69b7b1fc06
[BSP] 08f6627a37c15199603e4c8d217d3469 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715409 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD740ADFD-00NLR1 +++++
--- User ---
[MBR] 858c1e87e39f8f722926f909aeaa7ff3
[BSP] 47ebd7e49d1a6053d41179f7d11adae1 : Standard MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 70908 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Kingston SSDNow V Series +++++
--- User ---
[MBR] 85bae41ad61ef733d22dbc27e8398600
[BSP] f09332d94e95ce55114c3b92f45f4fbd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 60855 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 80939c2dd161f38207d7e4fdd20ebdb7
[BSP] 04bc427f91d2d5ba4ceb6de80d1f5bac : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907733 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01202013_02d0124.txt >>
RKreport[1]_S_01202013_02d0124.txt




RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : $welbot [Admin rights]
Mode : Scan -- Date : 01/20/2013 05:29:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

’ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EACS-00D6B0 +++++
--- User ---
[MBR] 3754bfdd1ad6c5d62b8e6e77b3f40f97
[BSP] b2687caf05cabe9234862ed18a04c6e6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD7500AACS-00D6B1 +++++
--- User ---
[MBR] cbe5051acb0be83136a54f69b7b1fc06
[BSP] 08f6627a37c15199603e4c8d217d3469 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715409 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD740ADFD-00NLR1 +++++
--- User ---
[MBR] 858c1e87e39f8f722926f909aeaa7ff3
[BSP] 47ebd7e49d1a6053d41179f7d11adae1 : Standard MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 70908 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Kingston SSDNow V Series +++++
--- User ---
[MBR] 85bae41ad61ef733d22dbc27e8398600
[BSP] f09332d94e95ce55114c3b92f45f4fbd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 60855 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 80939c2dd161f38207d7e4fdd20ebdb7
[BSP] 04bc427f91d2d5ba4ceb6de80d1f5bac : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907733 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_01202013_02d0529.txt >>
RKreport[1]_S_01202013_02d0124.txt ; RKreport[2]_S_01202013_02d0529.txt



RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : $welbot [Admin rights]
Mode : Remove -- Date : 01/20/2013 05:30:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

’ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EACS-00D6B0 +++++
--- User ---
[MBR] 3754bfdd1ad6c5d62b8e6e77b3f40f97
[BSP] b2687caf05cabe9234862ed18a04c6e6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD7500AACS-00D6B1 +++++
--- User ---
[MBR] cbe5051acb0be83136a54f69b7b1fc06
[BSP] 08f6627a37c15199603e4c8d217d3469 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715409 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD740ADFD-00NLR1 +++++
--- User ---
[MBR] 858c1e87e39f8f722926f909aeaa7ff3
[BSP] 47ebd7e49d1a6053d41179f7d11adae1 : Standard MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 70908 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Kingston SSDNow V Series +++++
--- User ---
[MBR] 85bae41ad61ef733d22dbc27e8398600
[BSP] f09332d94e95ce55114c3b92f45f4fbd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 60855 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 80939c2dd161f38207d7e4fdd20ebdb7
[BSP] 04bc427f91d2d5ba4ceb6de80d1f5bac : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907733 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_01202013_02d0530.txt >>
RKreport[1]_S_01202013_02d0124.txt ; RKreport[2]_S_01202013_02d0529.txt ; RKreport[3]_D_01202013_02d0530.txt



RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : $welbot [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/20/2013 05:32:15

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 2 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 57 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1969 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume8 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume5 -- 0x3 --> Restored
[G:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[I:] \Device\HarddiskVolume9 -- 0x2 --> Restored
[S:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[T:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[W:] \Device\HarddiskVolume2 -- 0x3 --> Restored

Finished : << RKreport[4]_SC_01202013_02d0532.txt >>
RKreport[1]_S_01202013_02d0124.txt ; RKreport[2]_S_01202013_02d0529.txt ; RKreport[3]_D_01202013_02d0530.txt ; RKreport[4]_SC_01202013_02d0532.txt

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 AM

Posted 19 January 2013 - 03:02 PM

the logs look good, the external hard drive is probably just performing an internal check that's it's ready to go if needed, you'd have to check that out for certain by contacting the manufacturer.

I would say that you are good to go, (I'd still like to see the content of that .vbs file before we wrap up to make sure it is ok)

we just have some house keeping to do now


Note: I suggest disabling Java in your browsers as well as there is an issue with Java being easily exploited:

more info here:

http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html



NEXT



You can delete all the malware removal tools logs and programs from your desktop except Combofix,OTL and adwcleaner, please follow the steps below for those:


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


NEXT


Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

If you have any further questions before we close this topic, please feel free to ask :)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 goingoutofmyhead

goingoutofmyhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 19 January 2013 - 03:31 PM

Thanks many times for the assistance. I'll keep an eye on things for a couple of days and make sure nothing weird happens :)

I know if posting the code here would be an issue, so I uploaded it as a txt file. http://www.welbot-it.com/stuff/winrm.txt

Hopefully it turns out to be normal, but you never know.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users