Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.AZlyrics.A


  • This topic is locked This topic is locked
15 replies to this topic

#1 mstap42

mstap42

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 02 December 2014 - 11:31 PM

Hello,

 

MBAM Premium detected PUP.Optional.AZlyrics.A and warned me, per Settings > Detection and Protection > Non-Malware Protection > PUP detections =  "Warn user".

 

After the warning, I changed the PUP detection action to "treat as malware" so it will quarantine it on the next scan.

 

I'm asking for help because of a previous experience with a PUP variant.  Last summer, on a different computer, MBAM quarantined a couple of PUP variants.  Some further cleanup was needed to make things right, and I got the help I needed after posting to this forum.

 

DDS.txt posted below.  Attach.zip attached.

 

Thanks!

--mstap42

 

# == DDS.txt == #

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.71.2
Run by Stapletons at 23:01:54 on 2014-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1671 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PassportLearning\Academy\apache\bin\Apache.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PassportLearning\Academy\apache\bin\Apache.exe
C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\PassportLearning\Academy\bin\wrapper.exe
C:\PassportLearning\Academy\j2sdk\bin\java.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Stapletons\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Stapletons\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Windows\sysWOW64\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windstream\Service Agent\Windstream Service AgentComHandler.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.windstream.net
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files 
 
(x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root
 
\office15\ochelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search 
 
Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar
 
\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root
 
\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root
 
\office15\grooveex.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [f.lux] "C:\Users\Stapletons\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [DellSystemDetect] C:\Users\Stapletons\AppData\Local\Apps\2.0\PQ1Y38BA.HKT
 
\QYXXN68G.4A2\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
mRun: [Windstream Service Agent.exe] "C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe" /AUTORUN
mRun: [DiagnosticTools.exe] "C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?
 
LinkID=122915" /build:7601
StartupFolder: C:\Users\STAPLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stapletons
 
\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\STAPLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files
 
\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute 
 
Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan
 
\CrashPlanTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component
 
\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 
 
15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 
 
15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 
 
15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: dell.com
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - 
 
hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://vpn.louisville.edu/prx/000/http/localhost/arr_x.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{0B2AD027-D7C9-4BDB-989B-31FA59FF296B} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{18F1F89D-B001-445B-9547-3B46676F46A2} : DHCPNameServer = 192.168.254.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet 
 
Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer
 
\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program 
 
Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs
 
\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar
 
\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs
 
\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 
 
15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar
 
\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 
 
15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 
 
15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 
 
15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype
 
\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet 
 
Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll
FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-26 55280]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-19 203264]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 AutoSkillApplicationServer;AutoSkill Application Server;C:\PassportLearning\Academy\bin\wrapper.exe -s C:\PassportLearning
 
\Academy\bin\app.conf --> C:\PassportLearning\Academy\bin\wrapper.exe -s C:\PassportLearning\Academy\bin\app.conf [?]
R2 AutoSkillWebServer;AutoSkillWebServer;C:\PassportLearning\Academy\apache\bin\Apache.exe [2011-9-12 14336]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014
 
-3-22 2443960]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-3-26 222720]
R2 FortiSslvpnDaemon;FortiClient SSLVPN;C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [2013-7-9 954080]
R2 HsdService;HsdService;C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [2012-10-31 1393976]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-1 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-1 969016]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-10-31 517632]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe 
 
[2011-8-11 470528]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [2012-10-31 
 
10315064]
R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2014-7-28 95344]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2014-7-28 21872]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-7-28 282112]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-1 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-1 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-1 63704]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-3-1 
 
36720]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2009-7-21 42528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2014-3-26 1224704]
S2 AutoSkillDatabaseServer;AutoSkillDatabaseServer;C:/PassportLearning/Academy/pgsql/bin/pg_ctl.exe runservice -N 
 
"AutoSkillDatabaseServer" -D "C:/PassportLearning/Academy/data/database/pgsql" --> 
 
C:/PassportLearning/Academy/pgsql/bin/pg_ctl.exe runservice -N AutoSkillDatabaseServer [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
 
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
 
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative 
 
Labs Shared\Service\CTAELicensing.exe [2014-6-18 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-12 1255736]
S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe 
 
[2014-4-11 1390720]
S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 
 
1764992]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks
 
\RealDownloader\rndlresolversvc.exe [2014-4-6 39568]
.
=============== Created Last 30 ================
.
2014-12-02 20:06:33 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F4C8D6F2-
 
1923-4603-A517-12E41F0CED47}\offreg.dll
2014-12-02 20:04:08 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
 
\{F4C8D6F2-1923-4603-A517-12E41F0CED47}\mpengine.dll
2014-12-01 22:14:38 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{214C80D5-
 
1496-4AC1-B285-34419BB0D35F}\gapaengine.dll
2014-12-01 22:14:19 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
 
\Backup\mpengine.dll
2014-11-28 14:46:10 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-11-28 14:45:47 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-11-28 14:45:47 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-11-28 14:45:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-11-28 14:45:13 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-11-28 14:45:13 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-11-28 14:45:13 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-11-27 17:30:50 -------- d-----w- C:\Windows\System32\SPReview
2014-11-27 17:29:49 -------- d-----w- C:\Windows\System32\EventProviders
2014-11-27 17:24:59 658944 ----a-w- C:\Windows\System32\dxgi.dll
2014-11-27 17:23:59 413696 ----a-w- C:\Windows\SysWow64\PhotoScreensaver.scr
2014-11-27 17:22:59 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2014-11-27 17:20:50 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2014-11-27 17:20:50 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2014-11-27 17:20:50 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2014-11-27 17:20:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2014-11-27 17:20:43 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2014-11-27 17:20:43 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2014-11-27 17:20:39 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2014-11-27 17:20:15 422912 ----a-w- C:\Windows\System32\drvstore.dll
2014-11-27 17:20:15 399872 ----a-w- C:\Windows\System32\dpx.dll
.
==================== Find3M  ====================
.
2014-12-03 02:44:20 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-27 17:47:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-11-27 17:47:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-11-26 17:42:31 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 17:42:31 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-21 11:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-01 04:01:46 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 23:03:44.10 ===============
 

 

# == END DDS.txt ==#

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 07 December 2014 - 11:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

p.s.
Before you save the logs in Notepad make sure you have the Wordwrap set under the the Format menu.
This will eliminate all the black lines and make your logs more readable.

#3 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 09 December 2014 - 11:17 PM

Hi nasdaq,

 

Thanks for responding.  I got started tonight with your suggestions and am posting the results of AdAware > Clean.  I can run FRST tomorrow and post results.

 

You asked:  How is the computer running?

Reply:  No unwanted popups, no sign of issues with either MBAM or MSSE.  My wife is the main user of this machine.  She says sometimes Web pages take a long time to load.  I can't confirm, but suspect that latency is due in part to wide fluctuation in our DSL download speeds.  Testmy.net reports anywhere between 3.1 Mbps (what we pay for, but seldom get) and <100Kbps.  2Mbps is about average.  Apart from FF and Chrome, MS Outlook and Word are the two most commonly-used programs.  They seem OK whenever I use them every so often.

 

Thanks!

 

# == BEGIN AdwCleaner[S1].txt == #

 

# AdwCleaner v4.105 - Report created 09/12/2014 at 22:51:10
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stapletons - STAPLETONS-PC
# Running from : C:\Users\Stapletons\Desktop\BleepingComp\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
[x] Not Deleted : c2cautoupdatesvc
[x] Not Deleted : c2cpnrsvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Stapletons\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
[x] Not Deleted : C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[x] Not Deleted : C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[x] Not Deleted : C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[x] Not Deleted : C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : IHUninstallTrackingTASK
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [3529 octets] - [04/04/2014 21:59:05]
AdwCleaner[R1].txt - [2784 octets] - [09/12/2014 18:12:09]
AdwCleaner[S0].txt - [3526 octets] - [04/04/2014 22:34:14]
AdwCleaner[S1].txt - [2749 octets] - [09/12/2014 22:51:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2809 octets] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 10 December 2014 - 08:24 AM

Waiting to review your FRST logs.

#5 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 10 December 2014 - 06:24 PM

Hi nasdaq -- here are the FRST logs...

 

# == FRST.txt == #

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Stapletons (administrator) on STAPLETONS-PC on 10-12-2014 18:05:00
Running from C:\Users\Stapletons\Desktop\BleepingComp
Loaded Profile: Stapletons (Available profiles: Stapletons)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apache Software Foundation) C:\PassportLearning\Academy\apache\bin\Apache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apache Software Foundation) C:\PassportLearning\Academy\apache\bin\Apache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
() C:\PassportLearning\Academy\bin\wrapper.exe
(Sun Microsystems, Inc.) C:\PassportLearning\Academy\j2sdk\bin\java.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Flux Software LLC) C:\Users\Stapletons\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Dropbox, Inc.) C:\Users\Stapletons\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\...\Run: [f.lux] => C:\Users\Stapletons\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\...\Run: [DellSystemDetect] => C:\Users\Stapletons\AppData\Local\Apps\2.0\PQ1Y38BA.HKT\QYXXN68G.4A2\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-11] (Dell)
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stapletons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stapletons\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stapletons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D1E98E44-065F-45FB-9B49-07FDBFD7A847} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {233603A7-7E59-464F-9D3B-16984F243DF2} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> {233603A7-7E59-464F-9D3B-16984F243DF2} URL = 
SearchScopes: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> {4A119FE2-6324-4D98-B76A-74CC2259822E} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> {6371A5E9-CA6B-4120-AD18-B32E04CA9C4A} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {B6648EB8-2460-484F-9255-9654454C4C70} https://vpn.louisville.edu/prx/000/http/localhost/arr_x.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF ProfilePath: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\esv-study-bible.xml
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\worldcat.xml
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\wot-safe-search.xml
FF Extension: CodeBurner for Firebug - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\firebug@tools.sitepoint.com [2011-02-03]
FF Extension: HTTPS-Everywhere - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\https-everywhere@eff.org [2014-08-11]
FF Extension: WOT - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-08]
FF Extension: Firebug - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\firebug@software.joehewitt.com.xpi [2011-03-30]
FF Extension: Ghostery - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\firefox@ghostery.com.xpi [2013-11-22]
FF Extension: OptimizeGoogle - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\optimizegoogle@optimizegoogle.com.xpi [2012-01-27]
FF Extension: Vacuum Places Improved - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi [2012-11-09]
FF Extension: NoScript - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-02]
FF Extension: Adblock Plus - C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-24]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Google Search) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (AdBlock) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-21]
CHR Extension: (RealPlayer Downloader) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-19]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2013-01-19]
CHR Extension: (Google Wallet) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2012-10-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AutoSkillApplicationServer; C:\PassportLearning\Academy\bin\wrapper.exe [135168 2008-02-07] () [File not signed]
R2 AutoSkillWebServer; C:\PassportLearning\Academy\apache\bin\Apache.exe [14336 2006-07-30] (Apache Software Foundation) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-26] (CrashPlan) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [954080 2013-07-09] (Fortinet Inc.)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-08-11] (Livescribe) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
S2 AutoSkillDatabaseServer; C:/PassportLearning/Academy/pgsql/bin/pg_ctl.exe runservice -N "AutoSkillDatabaseServer" -D "C:/PassportLearning/Academy/data/database/pgsql" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-09 09:47 - 2014-12-09 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 08:35 - 2014-12-10 09:17 - 00003382 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-367195508-3908186798-4284212742-1001
2014-12-08 08:51 - 2014-12-10 09:17 - 00003258 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-367195508-3908186798-4284212742-1001
2014-12-06 16:54 - 2014-12-06 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-04 16:35 - 2014-12-04 16:35 - 00001036 _____ () C:\Users\Stapletons\Desktop\Typing Instructor Deluxe.lnk
2014-12-04 16:33 - 2014-12-04 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Typing Instructor Deluxe
2014-12-04 16:28 - 2014-12-04 16:35 - 00000000 ____D () C:\Program Files (x86)\Typing Instructor Deluxe
2014-12-04 16:28 - 2014-12-04 16:28 - 00000000 ____D () C:\ProgramData\Individual Software
2014-12-04 16:28 - 2003-02-24 17:20 - 00827392 _____ (Macromedia, Inc.) C:\Windows\SysWOW64\flash.ocx
2014-12-04 16:28 - 2001-08-08 16:46 - 00158213 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCmCDE.dll
2014-12-04 16:28 - 2001-05-24 13:59 - 00054784 _____ (Blue Sky Software Corporation.) C:\Windows\SysWOW64\INetWH32.dll
2014-12-04 16:28 - 2001-05-24 12:59 - 00317952 _____ (Blue Sky Software Corporation.) C:\Windows\SysWOW64\RoboEx32.dll
2014-12-04 16:28 - 2001-04-30 05:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2014-12-04 16:28 - 2001-04-26 07:08 - 01943248 _____ (ComponentOne LLC) C:\Windows\SysWOW64\OLCH2X7.OCX
2014-12-04 16:28 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2014-12-04 16:28 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-12-04 16:28 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-12-04 16:28 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2014-12-04 16:28 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2014-12-04 16:28 - 2000-12-06 00:00 - 00262328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDatGrd.ocx
2014-12-04 16:28 - 2000-08-24 07:00 - 00950768 _____ (ComponentOne LLC) C:\Windows\SysWOW64\TODG7.OCX
2014-12-04 16:28 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-12-04 16:28 - 2000-05-22 00:00 - 01009336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSChrt20.ocx
2014-12-04 16:28 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-12-04 16:28 - 1999-05-07 00:00 - 00198640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCI32.ocx
2014-12-04 16:28 - 1998-06-24 00:00 - 00067376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SysInfo.ocx
2014-12-04 16:28 - 1998-04-24 20:08 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2014-12-04 16:28 - 1997-07-30 11:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WAVMIX32.DLL
2014-12-04 16:28 - 1995-12-14 20:32 - 00026112 _____ (Microsoft Corporation) C:\Windows\system\WAVMIX16.DLL
2014-12-04 16:28 - 1995-12-14 20:32 - 00026112 _____ (Microsoft Corporation) C:\Windows\system\WAVEMIX.DLL
2014-12-04 16:28 - 1994-09-21 02:00 - 00092208 _____ (Microsoft Corporation) C:\Windows\system\wing.dll
2014-12-04 16:28 - 1994-09-21 02:00 - 00006736 _____ (Microsoft Corporation) C:\Windows\system\wingdib.drv
2014-12-04 16:28 - 1994-09-21 02:00 - 00005024 _____ (Microsoft Corporation) C:\Windows\system\wingpal.wnd
2014-12-04 16:28 - 1994-08-24 02:00 - 00188960 _____ (Microsoft Corporation) C:\Windows\system\wingde.dll
2014-12-02 23:03 - 2014-12-02 23:03 - 00024025 _____ () C:\Users\Stapletons\Desktop\dds.txt
2014-12-02 23:03 - 2014-12-02 23:03 - 00009263 _____ () C:\Users\Stapletons\Desktop\attach.txt
2014-12-02 22:58 - 2014-12-10 18:05 - 00000000 ____D () C:\Users\Stapletons\Desktop\BleepingComp
2014-11-28 09:46 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-28 09:46 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-28 09:46 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-28 09:46 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-28 09:45 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-28 09:45 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-28 09:45 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-28 09:45 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-28 09:45 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-28 09:45 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-28 09:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-28 09:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-28 09:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-28 09:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-27 12:30 - 2014-11-27 12:30 - 00000000 ____D () C:\Windows\system32\SPReview
2014-11-27 12:29 - 2014-11-27 12:29 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-11-27 12:25 - 2010-11-20 08:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2014-11-27 12:25 - 2010-11-20 08:33 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-11-27 12:25 - 2010-11-20 08:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2014-11-27 12:25 - 2010-11-20 08:33 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-11-27 12:25 - 2010-11-20 08:27 - 14633472 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-11-27 12:25 - 2010-11-20 08:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-11-27 12:25 - 2010-11-20 08:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01219584 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00750080 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2014-11-27 12:25 - 2010-11-20 08:27 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-11-27 12:25 - 2010-11-20 08:27 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-11-27 12:25 - 2010-11-20 08:26 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-11-27 12:25 - 2010-11-20 08:26 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-11-27 12:25 - 2010-11-20 08:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2014-11-27 12:25 - 2010-11-20 08:25 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-27 12:25 - 2010-11-20 08:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2014-11-27 12:25 - 2010-11-20 08:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-27 12:25 - 2010-11-20 08:25 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-27 12:25 - 2010-11-20 08:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-11-27 12:25 - 2010-11-20 08:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2014-11-27 12:25 - 2010-11-20 07:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2014-11-27 12:25 - 2010-11-20 07:21 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-11-27 12:25 - 2010-11-20 07:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-11-27 12:25 - 2010-11-20 07:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2014-11-27 12:25 - 2010-11-20 07:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-11-27 12:25 - 2010-11-20 07:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2014-11-27 12:25 - 2010-11-20 07:21 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-11-27 12:25 - 2010-11-20 07:21 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-11-27 12:25 - 2010-11-20 07:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-11-27 12:25 - 2010-11-20 07:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-11-27 12:25 - 2010-11-20 07:20 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-11-27 12:25 - 2010-11-20 07:19 - 03207680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-11-27 12:25 - 2010-11-20 07:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2014-11-27 12:25 - 2010-11-20 07:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2014-11-27 12:25 - 2010-11-20 07:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2014-11-27 12:25 - 2010-11-20 07:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-11-27 12:25 - 2010-11-20 07:18 - 01371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-11-27 12:25 - 2010-11-20 07:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2014-11-27 12:25 - 2010-11-20 07:18 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-27 12:25 - 2010-11-20 07:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-27 12:25 - 2010-11-20 07:17 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-27 12:25 - 2010-11-20 07:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-11-27 12:25 - 2010-11-20 07:17 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-11-27 12:25 - 2010-11-20 06:07 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-27 12:25 - 2010-11-20 06:05 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2014-11-27 12:25 - 2010-11-20 04:25 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-11-27 12:25 - 2010-11-20 04:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2014-11-27 12:25 - 2010-11-20 04:21 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-11-27 12:25 - 2010-11-04 21:20 - 00347904 _____ () C:\Windows\system32\systemsf.ebd
2014-11-27 12:25 - 2010-11-04 20:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-27 12:25 - 2010-11-04 20:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2014-11-27 12:25 - 2010-11-04 20:57 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-27 12:25 - 2010-11-04 20:57 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-11-27 12:25 - 2010-11-04 20:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-11-27 12:25 - 2010-11-04 20:53 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-11-27 12:25 - 2010-11-04 20:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2014-11-27 12:25 - 2010-11-04 20:53 - 00109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-11-27 12:25 - 2010-11-04 20:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2014-11-27 12:25 - 2009-07-13 20:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2014-11-27 12:24 - 2010-11-20 08:44 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2014-11-27 12:24 - 2010-11-20 08:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2014-11-27 12:24 - 2010-11-20 08:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-27 12:24 - 2010-11-20 08:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2014-11-27 12:24 - 2010-11-20 08:34 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-11-27 12:24 - 2010-11-20 08:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2014-11-27 12:24 - 2010-11-20 08:33 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2014-11-27 12:24 - 2010-11-20 08:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2014-11-27 12:24 - 2010-11-20 08:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-11-27 12:24 - 2010-11-20 08:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-27 12:24 - 2010-11-20 08:32 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-11-27 12:24 - 2010-11-20 08:32 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-27 12:24 - 2010-11-20 08:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-11-27 12:24 - 2010-11-20 08:28 - 00780008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-11-27 12:24 - 2010-11-20 08:28 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-11-27 12:24 - 2010-11-20 08:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 02543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 02072576 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2014-11-27 12:24 - 2010-11-20 08:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00481280 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00326144 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2014-11-27 12:24 - 2010-11-20 08:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2014-11-27 12:24 - 2010-11-20 08:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2014-11-27 12:24 - 2010-11-20 08:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2014-11-27 12:24 - 2010-11-20 08:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-27 12:24 - 2010-11-20 08:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2014-11-27 12:24 - 2010-11-20 08:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2014-11-27 12:24 - 2010-11-20 08:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00116224 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2014-11-27 12:24 - 2010-11-20 08:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 01264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-11-27 12:24 - 2010-11-20 08:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2014-11-27 12:24 - 2010-11-20 08:25 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2014-11-27 12:24 - 2010-11-20 08:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-27 12:24 - 2010-11-20 08:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2014-11-27 12:24 - 2010-11-20 08:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2014-11-27 12:24 - 2010-11-20 08:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2014-11-27 12:24 - 2010-11-20 08:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2014-11-27 12:24 - 2010-11-20 08:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-11-27 12:24 - 2010-11-20 08:24 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2014-11-27 12:24 - 2010-11-20 08:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2014-11-27 12:24 - 2010-11-20 08:24 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2014-11-27 12:24 - 2010-11-20 08:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2014-11-27 12:24 - 2010-11-20 07:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-11-27 12:24 - 2010-11-20 07:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-27 12:24 - 2010-11-20 07:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-27 12:24 - 2010-11-20 07:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01010688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2014-11-27 12:24 - 2010-11-20 07:21 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2014-11-27 12:24 - 2010-11-20 07:20 - 02494464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 01750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 01508864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00932352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2014-11-27 12:24 - 2010-11-20 07:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2014-11-27 12:24 - 2010-11-20 07:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2014-11-27 12:24 - 2010-11-20 07:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2014-11-27 12:24 - 2010-11-20 07:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-11-27 12:24 - 2010-11-20 07:19 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2014-11-27 12:24 - 2010-11-20 07:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2014-11-27 12:24 - 2010-11-20 07:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 01792000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 01040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2014-11-27 12:24 - 2010-11-20 07:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-11-27 12:24 - 2010-11-20 07:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2014-11-27 12:24 - 2010-11-20 07:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2014-11-27 12:24 - 2010-11-20 07:16 - 00905216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2014-11-27 12:24 - 2010-11-20 07:16 - 00776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2014-11-27 12:24 - 2010-11-20 07:16 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2014-11-27 12:24 - 2010-11-20 07:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2014-11-27 12:24 - 2010-11-20 07:16 - 00658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2014-11-27 12:24 - 2010-11-20 07:16 - 00649216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2014-11-27 12:24 - 2010-11-20 07:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-11-27 12:24 - 2010-11-20 07:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-27 12:24 - 2010-11-20 07:08 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-27 12:24 - 2010-11-20 06:04 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-27 12:24 - 2010-11-20 05:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2014-11-27 12:24 - 2010-11-20 05:52 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2014-11-27 12:24 - 2010-11-20 05:52 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2014-11-27 12:24 - 2010-11-20 05:52 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2014-11-27 12:24 - 2010-11-20 05:52 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys
2014-11-27 12:24 - 2010-11-20 05:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2014-11-27 12:24 - 2010-11-20 05:44 - 00184960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-11-27 12:24 - 2010-11-20 05:43 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-11-27 12:24 - 2010-11-20 05:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2014-11-27 12:24 - 2010-11-20 05:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-11-27 12:24 - 2010-11-20 04:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-11-27 12:24 - 2010-11-20 04:26 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-11-27 12:24 - 2010-11-20 04:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-11-27 12:24 - 2010-11-04 21:11 - 00433512 _____ (Microsoft Corporation) C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2014-11-27 12:24 - 2010-11-04 20:58 - 00155472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-27 12:24 - 2010-11-04 20:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2014-11-27 12:24 - 2010-11-04 20:57 - 00154960 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-27 12:23 - 2010-11-20 08:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2014-11-27 12:23 - 2010-11-20 08:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL
2014-11-27 12:23 - 2010-11-20 08:33 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2014-11-27 12:23 - 2010-11-20 08:27 - 02146816 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 01911808 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 01672704 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-11-27 12:23 - 2010-11-20 08:27 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\onexui.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2014-11-27 12:23 - 2010-11-20 08:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00781312 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-11-27 12:23 - 2010-11-20 08:27 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceSyncProvider.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wiavideo.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2014-11-27 12:23 - 2010-11-20 08:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL
2014-11-27 12:23 - 2010-11-20 08:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\rdpd3d.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\PrintIsolationProxy.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\wdiasqmmodule.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\netutils.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\rdprefdrvapi.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\TRAPI.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wshirda.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-11-27 12:23 - 2010-11-20 08:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-11-27 12:23 - 2010-11-20 08:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\iTVData.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL
2014-11-27 12:23 - 2010-11-20 08:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\FXSMON.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz32.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll
2014-11-27 12:23 - 2010-11-20 08:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\elsTrans.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\CertPolEng.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\repair-bde.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2014-11-27 12:23 - 2010-11-20 08:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\bitsperf.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\BWUnpairElevated.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2014-11-27 12:23 - 2010-11-20 08:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL
2014-11-27 12:23 - 2010-11-20 08:25 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2014-11-27 12:23 - 2010-11-20 08:24 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2014-11-27 12:23 - 2010-11-20 08:24 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2014-11-27 12:23 - 2010-11-20 08:24 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-11-27 12:23 - 2010-11-20 08:24 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2014-11-27 12:23 - 2010-11-20 08:24 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2014-11-27 12:23 - 2010-11-20 08:24 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2014-11-27 12:23 - 2010-11-20 08:24 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2014-11-27 12:23 - 2010-11-20 08:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2014-11-27 12:23 - 2010-11-20 08:24 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2014-11-27 12:23 - 2010-11-20 08:24 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2014-11-27 12:23 - 2010-11-20 08:24 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-11-27 12:23 - 2010-11-20 08:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2014-11-27 12:23 - 2010-11-20 08:24 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
2014-11-27 12:23 - 2010-11-20 08:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2014-11-27 12:23 - 2010-11-20 08:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2014-11-27 12:23 - 2010-11-20 08:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\djoin.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax
2014-11-27 12:23 - 2010-11-20 08:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
2014-11-27 12:23 - 2010-11-20 08:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\choice.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\FXSUNATD.exe
2014-11-27 12:23 - 2010-11-20 08:24 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2014-11-27 12:23 - 2010-11-20 08:15 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-11-27 12:23 - 2010-11-20 08:13 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
2014-11-27 12:23 - 2010-11-20 08:02 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2014-11-27 12:23 - 2010-11-20 08:02 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2014-11-27 12:23 - 2010-11-20 07:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll
2014-11-27 12:23 - 2010-11-20 07:36 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2014-11-27 12:23 - 2010-11-20 07:36 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2014-11-27 12:23 - 2010-11-20 07:21 - 00902656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2014-11-27 12:23 - 2010-11-20 07:21 - 00755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2014-11-27 12:23 - 2010-11-20 07:21 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00616960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2014-11-27 12:23 - 2010-11-20 07:21 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese30.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsbas.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiavideo.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QUTIL.DLL
2014-11-27 12:23 - 2010-11-20 07:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfwwdm32.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpd3d.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimgvw.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-11-27 12:23 - 2010-11-20 07:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 02130944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 01661440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 01644032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 01111552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onexui.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00859648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00656384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00183296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mydocs.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2014-11-27 12:23 - 2010-11-20 07:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QCLIPROV.DLL
2014-11-27 12:23 - 2010-11-20 07:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\napdsnap.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netutils.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2014-11-27 12:23 - 2010-11-20 07:20 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2014-11-27 12:23 - 2010-11-20 07:19 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iTVData.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00093696 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\luainstall.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz32.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdmo.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2014-11-27 12:23 - 2010-11-20 07:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 03727872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 01003520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00744448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00743424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00211456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingFolder.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabinet.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amstream.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsauth.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzSqlExt.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsperf.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-27 12:23 - 2010-11-20 07:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
2014-11-27 12:23 - 2010-11-20 07:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2014-11-27 12:23 - 2010-11-20 07:17 - 00586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimserv.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00276480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2014-11-27 12:23 - 2010-11-20 07:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2014-11-27 12:23 - 2010-11-20 07:16 - 00878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2014-11-27 12:23 - 2010-11-20 07:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2014-11-27 12:23 - 2010-11-20 07:16 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2014-11-27 12:23 - 2010-11-20 07:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2014-11-27 12:23 - 2010-11-20 07:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-11-27 12:23 - 2010-11-20 07:16 - 00345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2014-11-27 12:23 - 2010-11-20 07:16 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2014-11-27 12:23 - 2010-11-20 07:16 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2014-11-27 12:23 - 2010-11-20 07:16 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2014-11-27 12:23 - 2010-11-20 07:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2014-11-27 12:23 - 2010-11-20 07:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2014-11-27 12:23 - 2010-11-20 07:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2014-11-27 12:23 - 2010-11-20 07:16 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2014-11-27 12:23 - 2010-11-20 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2014-11-27 12:23 - 2010-11-20 07:16 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2014-11-27 12:23 - 2010-11-20 07:16 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-11-27 12:23 - 2010-11-20 07:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\desk.cpl
2014-11-27 12:23 - 2010-11-20 07:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2014-11-27 12:23 - 2010-11-20 07:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2014-11-27 12:23 - 2010-11-20 07:16 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSTPager.ax
2014-11-27 12:23 - 2010-11-20 07:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2014-11-27 12:23 - 2010-11-20 07:16 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
2014-11-27 12:23 - 2010-11-20 07:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbisurf.ax
2014-11-27 12:23 - 2010-11-20 07:08 - 00663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-27 12:23 - 2010-11-20 07:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2014-11-27 12:23 - 2010-11-20 07:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2014-11-27 12:23 - 2010-11-20 07:00 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2014-11-27 12:23 - 2010-11-20 07:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2014-11-27 12:23 - 2010-11-20 06:37 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2014-11-27 12:23 - 2010-11-20 06:04 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-27 12:23 - 2010-11-20 05:52 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2014-11-27 12:23 - 2010-11-20 05:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2014-11-27 12:23 - 2010-11-20 05:51 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-11-27 12:23 - 2010-11-20 05:51 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-11-27 12:23 - 2010-11-20 05:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2014-11-27 12:23 - 2010-11-20 05:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2014-11-27 12:23 - 2010-11-20 05:44 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-11-27 12:23 - 2010-11-20 05:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2014-11-27 12:23 - 2010-11-20 05:44 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2014-11-27 12:23 - 2010-11-20 05:43 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-11-27 12:23 - 2010-11-20 05:43 - 00109696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-11-27 12:23 - 2010-11-20 05:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-11-27 12:23 - 2010-11-20 05:34 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2014-11-27 12:23 - 2010-11-20 05:33 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2014-11-27 12:23 - 2010-11-20 05:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2014-11-27 12:23 - 2010-11-20 05:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-11-27 12:23 - 2010-11-20 05:09 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2014-11-27 12:23 - 2010-11-20 05:04 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-11-27 12:23 - 2010-11-20 04:49 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-11-27 12:23 - 2010-11-20 04:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2014-11-27 12:23 - 2010-11-20 04:26 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-11-27 12:23 - 2010-11-20 04:22 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2014-11-27 12:23 - 2010-11-20 04:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2014-11-27 12:23 - 2010-11-09 20:48 - 00010429 _____ () C:\Windows\system32\ScavengeSpace.xml
2014-11-27 12:23 - 2010-11-04 21:11 - 00312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2014-11-27 12:23 - 2010-11-04 20:58 - 00080720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-27 12:22 - 2010-11-20 08:27 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
2014-11-27 12:22 - 2010-11-20 08:16 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-11-27 12:22 - 2010-11-20 08:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2014-11-27 12:22 - 2010-11-20 08:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2014-11-27 12:22 - 2010-11-20 08:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
2014-11-27 12:22 - 2010-11-20 08:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDSG.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\kbdlk41a.dll
2014-11-27 12:22 - 2010-11-20 08:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDCZ1.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDSF.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDPO.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDNEPR.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDGR1.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUGHR1.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTURME.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAJIK.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMON.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMAORI.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDLT1.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBULG.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-27 12:22 - 2010-11-20 08:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGEO.DLL
2014-11-27 12:22 - 2010-11-20 07:54 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\BlbEvents.dll
2014-11-27 12:22 - 2010-11-20 07:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2014-11-27 12:22 - 2010-11-20 07:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2014-11-27 12:22 - 2010-11-20 07:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2014-11-27 12:22 - 2010-11-20 07:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2014-11-27 12:22 - 2010-11-20 07:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-11-27 12:22 - 2010-11-20 07:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-11-27 12:22 - 2010-11-20 07:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2014-11-27 12:22 - 2010-11-20 07:18 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2014-11-27 12:22 - 2010-11-20 07:17 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2014-11-27 12:22 - 2010-11-20 07:08 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSG.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdlk41a.dll
2014-11-27 12:22 - 2010-11-20 07:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGR1.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGKL.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDPO.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDNEPR.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUS.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUGHR1.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTURME.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAJIK.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMON.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMAORI.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGEO.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBULG.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBLR.DLL
2014-11-27 12:22 - 2010-11-20 07:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-27 12:22 - 2010-11-20 07:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizres.dll
2014-11-27 12:22 - 2010-11-20 07:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2014-11-27 12:22 - 2010-11-20 07:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pifmgr.dll
2014-11-27 12:22 - 2010-11-04 21:20 - 00105559 _____ () C:\Windows\SysWOW64\RacRules.xml
2014-11-27 12:22 - 2010-11-04 21:20 - 00105559 _____ () C:\Windows\system32\RacRules.xml
2014-11-27 12:22 - 2009-06-10 16:39 - 00001041 _____ () C:\Windows\SysWOW64\tcpbidi.xml
2014-11-27 12:20 - 2010-11-20 08:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2014-11-27 12:20 - 2010-11-20 08:27 - 00529408 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2014-11-27 12:20 - 2010-11-20 08:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-11-27 12:20 - 2010-11-20 08:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2014-11-27 12:20 - 2010-11-20 08:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2014-11-27 12:20 - 2010-11-20 08:26 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2014-11-27 12:20 - 2010-11-20 08:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2014-11-25 22:00 - 2014-11-25 22:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-25 22:00 - 2014-11-25 22:00 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-23 08:22 - 2014-11-23 08:24 - 00005465 _____ () C:\Users\Stapletons\Desktop\11-23-14 Ted and Becky pics - Shortcut.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-10 18:05 - 2012-07-10 22:24 - 00000000 ____D () C:\FRST
2014-12-10 18:04 - 2009-07-13 23:51 - 94994671 _____ () C:\Windows\setupact.log
2014-12-10 18:02 - 2012-10-31 12:21 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-12-10 17:42 - 2012-04-14 20:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 17:17 - 2011-02-24 21:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 16:50 - 2014-10-01 20:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 15:55 - 2012-10-31 12:21 - 00000000 ____D () C:\Users\Stapletons\AppData\Roaming\Radialpoint
2014-12-10 15:17 - 2011-02-24 21:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 14:49 - 2009-07-14 00:10 - 01433951 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 13:57 - 2014-04-23 20:43 - 00005014 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Stapletons-PC-Stapletons Stapletons-PC
2014-12-10 13:06 - 2014-06-11 22:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-10 12:42 - 2012-04-14 20:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 12:42 - 2012-04-14 20:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 12:42 - 2011-05-20 20:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 09:23 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 09:23 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 09:17 - 2010-04-13 19:26 - 00000000 ___RD () C:\Users\Stapletons\Documents\My Dropbox
2014-12-10 09:17 - 2010-04-13 19:24 - 00000000 ____D () C:\Users\Stapletons\AppData\Roaming\Dropbox
2014-12-10 09:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 22:59 - 2014-07-28 22:54 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2014-12-09 22:53 - 2012-05-06 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 22:53 - 2010-01-19 01:02 - 00262446 _____ () C:\Windows\PFRO.log
2014-12-09 22:51 - 2014-04-04 21:57 - 00000000 ____D () C:\AdwCleaner
2014-12-08 13:02 - 2013-02-12 20:28 - 00000000 ____D () C:\Users\Stapletons\Documents\Lactation notes
2014-12-04 17:54 - 2010-01-22 18:53 - 00000000 ____D () C:\Users\Stapletons\AppData\Local\VirtualStore
2014-12-04 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2014-12-02 15:14 - 2014-10-01 20:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 15:14 - 2014-10-01 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-02 15:14 - 2014-10-01 20:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 23:37 - 2012-07-29 11:00 - 00000000 ____D () C:\Users\Stapletons\Documents\Mike
2014-11-29 13:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-28 09:43 - 2009-07-14 00:13 - 00783334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 13:55 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-27 13:15 - 2009-07-13 23:45 - 00475800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-27 13:03 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-11-27 13:03 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2014-11-27 13:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-27 12:47 - 2009-07-13 21:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2014-11-27 12:47 - 2009-07-13 21:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2014-11-25 22:12 - 2013-08-14 13:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-25 22:00 - 2010-01-30 21:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-25 22:00 - 2010-01-30 21:54 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-21 06:14 - 2014-10-01 20:25 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-10-01 20:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-10-01 20:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 09:36 - 2013-08-11 18:24 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-15 08:50 - 2010-04-13 19:25 - 00000000 ____D () C:\Users\Stapletons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 15:12 - 2011-02-24 21:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 15:12 - 2011-02-24 21:15 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Files to move or delete:
====================
C:\Users\Stapletons\en_res.dll
C:\Users\Stapletons\es_res.dll
C:\Users\Stapletons\fr_res.dll
C:\Users\Stapletons\grm_res.dll
C:\Users\Stapletons\it_res.dll
C:\Users\Stapletons\jp_res.dll
C:\Users\Stapletons\mfc80u.dll
C:\Users\Stapletons\msvcr80.dll
C:\Users\Stapletons\PCPE Setup.exe
C:\Users\Stapletons\pt_res.dll
C:\Users\Stapletons\ResourceReader.dll
C:\Users\Stapletons\ru_res.dll
C:\Users\Stapletons\SafeguardPDFViewer_v25.exe
C:\Users\Stapletons\Y1_Interface.exe
C:\Users\Stapletons\Y1_TOG.exe
C:\Users\Stapletons\zh_res.dll
 
 
Some content of TEMP:
====================
C:\Users\Stapletons\AppData\Local\Temp\CTPBSeq.exe
C:\Users\Stapletons\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmu7k1b.dll
C:\Users\Stapletons\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Stapletons\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Stapletons\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Stapletons\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Stapletons\AppData\Local\Temp\Quarantine.exe
C:\Users\Stapletons\AppData\Local\Temp\sqlite3.dll
C:\Users\Stapletons\AppData\Local\Temp\up_.exe
C:\Users\Stapletons\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 10:54
 
==================== End Of Log ============================


#6 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 10 December 2014 - 06:42 PM

Addition.zip attached.  On my previous post, I selected the file but failed to click [Attach this file].

 

Thanks!

--mstap42

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 11 December 2014 - 08:07 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {D1E98E44-065F-45FB-9B49-07FDBFD7A847} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {233603A7-7E59-464F-9D3B-16984F243DF2} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> {233603A7-7E59-464F-9D3B-16984F243DF2} URL =
SearchScopes: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> {6371A5E9-CA6B-4120-AD18-B32E04CA9C4A} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\startpage-https.xml
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSuggestURL: Default ->
CHR Extension: (Google Wallet) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
S2 AutoSkillDatabaseServer; C:/PassportLearning/Academy/pgsql/bin/pg_ctl.exe runservice -N "AutoSkillDatabaseServer" -D "C:/PassportLearning/Academy/data/database/pgsql" [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 11 December 2014 - 08:56 AM

Hi nasdaq,

 

I ran FRST against  (log posted below).  I will have to wait until this evening to run SecurityCheck.exe.

 

# == Fixlog.txt == #

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2014
Ran by Stapletons at 2014-12-11 08:49:45 Run:2
Running from C:\Users\Stapletons\Desktop\BleepingComp
Loaded Profile: Stapletons (Available profiles: Stapletons)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {D1E98E44-065F-45FB-9B49-07FDBFD7A847} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {233603A7-7E59-464F-9D3B-16984F243DF2} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> {233603A7-7E59-464F-9D3B-16984F243DF2} URL =
SearchScopes: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> {6371A5E9-CA6B-4120-AD18-B32E04CA9C4A} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-367195508-3908186798-4284212742-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\startpage-https.xml
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSuggestURL: Default ->
CHR Extension: (Google Wallet) - C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
S2 AutoSkillDatabaseServer; C:/PassportLearning/Academy/pgsql/bin/pg_ctl.exe runservice -N "AutoSkillDatabaseServer" -D "C:/PassportLearning/Academy/data/database/pgsql" [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-367195508-3908186798-4284212742-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1E98E44-065F-45FB-9B49-07FDBFD7A847}" => Key deleted successfully.
"HKCR\CLSID\{D1E98E44-065F-45FB-9B49-07FDBFD7A847}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{233603A7-7E59-464F-9D3B-16984F243DF2}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{233603A7-7E59-464F-9D3B-16984F243DF2}" => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-367195508-3908186798-4284212742-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{233603A7-7E59-464F-9D3B-16984F243DF2}" => Key deleted successfully.
"HKCR\CLSID\{233603A7-7E59-464F-9D3B-16984F243DF2}" => Key not found.
"HKU\S-1-5-21-367195508-3908186798-4284212742-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6371A5E9-CA6B-4120-AD18-B32E04CA9C4A}" => Key deleted successfully.
"HKCR\CLSID\{6371A5E9-CA6B-4120-AD18-B32E04CA9C4A}" => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKU\S-1-5-21-367195508-3908186798-4284212742-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17" => Key deleted successfully.
C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\ixquick-https.xml => Moved successfully.
C:\Users\Stapletons\AppData\Roaming\Mozilla\Firefox\Profiles\6bb5gtwl.default\searchplugins\startpage-https.xml => Moved successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Stapletons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
AutoSkillDatabaseServer => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
PcdrNdisuio => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 11 December 2014 - 11:32 AM

Let me know of any remaining issues?

#10 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 11 December 2014 - 05:56 PM

Hi nasdaq,

 

See Security Check log below.  Looks OK to me.

 

You asked:  Let me know of any remaining issues?

 

After running the FRST fixlist, Chrome nags that it can't read the preferences file.  I haven't tried setting any new prefs to see what happens.  Whatever the result, I'm going to say no big deal.  Also, FF wants to become my default browser.  No problem there, either.

 

Quick question:  Is there any problem with setting MBAM prefs to quarantine PUPs?  I had it set to "warn" before this issue but changed it to "quarantine".

 

I think we can call it done, unless you have further suggestions.

 

Thanks for your help!  

 

 

 

# == Security Check log == #

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 71  
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#11 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 11 December 2014 - 10:13 PM

Hi nasdaq,

 

Well, I spoke too soon about Chrome.  It launches fine, but upon exit, it leaves a zombie chrome.exe *32 for each open tab.  Chrome won't launch again until the processes are killed in Task Manager.

 

I could uninstall/reinstall, unless you have another suggestion.

 

Thanks!



#12 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 12 December 2014 - 08:26 AM

Hi nasdaq,

 

My wife, the primary user of this machine, showed me that FF isn't right, either.  We're used to resetting the home page after a version update.  However after running the fixlist, the preferences do not persist.  I set the home page to "Show a blank page" but it resets to the default "Welcome to FF" and Mozilla start page after every FF restart.  Likewise, the NoScript extension's whitelist settings don't seem to affect anything.  For example, I whitelisted facebook for her, but after running the fixlist, NoScript started blocking it.  She can tell NoScript to "Allow facebook", but the override persists only for that session.

 

Thanks,

--mstap42



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 12 December 2014 - 09:40 AM


After running the FRST fixlist, Chrome nags that it can't read the preferences file


Some suggestions to fix this on this page.

http://superuser.com/questions/420174/google-chrome-pops-up-your-preferences-can-not-be-read-upon-startup
===

Also, FF wants to become my default browser


All browsers have that option.

In Firefox click the 3 horizontal bar
http://i1.ifrm.com/228/109/upload/p22003758.gif

Select Option > Advanced tab

Unselect the option to Always check to see if Firefox....

===

Quick question: Is there any problem with setting MBAM prefs to quarantine PUPs? I had it set to "warn" before this issue but changed it to "quarantine".


No it's an option for you to call.

==

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

I set the home page to "Show a blank page" but it resets to the default "Welcome to FF" and Mozilla start page after every FF restart.


This is also control by the various options in firefox.

In Firefox click the 3 horizontal bar
http://i1.ifrm.com/228/109/upload/p22003758.gif

Open the General tab.
In the Home page field just enter
about:blank
Click OK.
Close Firefox and reopen it.
How is it now?

===

Adblock Plus may be interfering with no script.
Disable it and check how now script is acting.

#14 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 15 December 2014 - 08:33 PM

Hi nasdaq,

 

Thanks for the helpful suggestions and links.

 

I updated Adobe Flash Player to 16.0.0.235 (current).

 

Chrome's issue was permissions in the user profile. as suggested in the link you sent.  No remaining known issues.

 

Firefox would not accept changes to options, even with all extensions disabled.  I ended up resetting to default and starting over, including re-installing NoScript, AdBlock, and Ghostery.

 

The home page setting (about:blank) and startup page ("Show a blank page") are retained now.  Also OK is the NoScript whitelist.  No known issues remaining.  Awaiting my wife's OK in real-life test conditions.  ;-)

 

Seems like I'm good to go, pending my wife's OK in real-life test conditions.  ;-)

 

Will let you know tomorrow.

 

Cheers!

 

--mstap42

 

.

 

 

 

 



#15 mstap42

mstap42
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 17 December 2014 - 09:52 PM

Hi nasdaq,

 

No issues with FF over the past 48 hours.  Good to go; you can close the ticket.

 

Many thanks,

 

--mstap42






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users