Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware.Passwords.XGen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spyware.Passwords.XGen

Unread postby overdrive148 » May 20th, 2011, 7:55 pm

Hello! I was helped previously on this forum by Elrond on a topic a while back. This time I'm afraid it's my fathers computer. It's been hectic with school the past few weeks and my books were late, Dad showed me an e-mail on his laptop pertaining an incorrect address from the USPS. I opened email and the attachment and opened the file (which looked like a word file but as I later realized, it was an .exe) and then double facepalmed into next week for falling for one of the oldest tricks in the book. His Windows Defender didn't pick it up on the first scan, but having been here before I gave it a malwarebytes scan, and it picked up the file that was saved on desktop and deleted it. However, I doubt the keylogger/etc is gone, and don't want to risk my dad's personal info, so I'd like to once again consult you guys. I'm keeping his computer disconnected from the internet and shuffling logs across on a flash drive to avoid having anything happen. I have also advised him to change his passwords. I don't have the Malwarebytes scan info for when it found the file itself, but it is quarantined/deleted and restarted. I'll post some DDS logs below this as soon as it finishes to kick things off. I also have HijackThis files ready for posting, and the latest MalwareBytes full scan turned up nothing. Again, thanks in advance for the help; you guys saved my bacon last time and I think you will be able to do the same this time :D


DDS Log
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by John at 16:51:23 on 2011-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6722 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ptumlcmsvc64.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Asus\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\721\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun-x64: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
mRun-x64: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\system32\ptumlcmsvc64.exe --> C:\Windows\system32\ptumlcmsvc64.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-29 236136]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-17 2655768]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-2-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-2-17 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\system32\DRIVERS\PTUMLBUS.sys --> C:\Windows\system32\DRIVERS\PTUMLBUS.sys [?]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\system32\DRIVERS\PTUMLCVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLCVsp.sys [?]
S3 PTUMLMdm;PANTECH UML290;C:\Windows\system32\DRIVERS\PTUMLMdm.sys --> C:\Windows\system32\DRIVERS\PTUMLMdm.sys [?]
S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\system32\DRIVERS\PTUMLNET61.sys --> C:\Windows\system32\DRIVERS\PTUMLNET61.sys [?]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\system32\DRIVERS\PTUMLNVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLNVsp.sys [?]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\system32\DRIVERS\PTUMLRMNET.sys --> C:\Windows\system32\DRIVERS\PTUMLRMNET.sys [?]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\system32\DRIVERS\PTUMLVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLVsp.sys [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-20 22:26:31 388096 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-20 22:26:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-20 22:11:17 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes
2011-05-20 22:11:11 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-20 22:11:11 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-20 22:11:08 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-20 22:11:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-20 22:05:59 -------- d-----w- C:\Program Files\CCleaner
2011-05-20 17:04:08 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C39055E0-0348-4496-80E8-0A03BB9BFACC}\gapaengine.dll
2011-05-20 17:04:01 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04220F00-DD9E-4C31-BB56-5ADE76FB90A6}\mpengine.dll
2011-05-20 02:34:24 -------- d-----w- C:\ProgramData\Skype Extras
2011-05-17 18:02:25 -------- d-----w- C:\Program Files (x86)\Citrix
2011-05-17 18:00:33 72080 ----a-w- C:\Users\John\g2mdlhlpx.exe
2011-05-14 22:54:56 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-14 22:54:39 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-14 22:54:05 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-14 14:35:50 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-13 15:55:44 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-13 15:55:44 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-11 13:29:29 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 13:29:28 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 13:29:28 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 13:29:26 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 13:29:26 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 13:29:26 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 13:29:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 13:29:26 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 13:29:26 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 13:29:26 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-05 01:47:23 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-04-30 23:05:42 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-30 23:05:29 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-30 23:05:12 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-30 23:05:09 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-29 13:30:59 921600 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll
2011-04-29 13:29:57 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-04-29 13:29:57 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-04-28 00:45:59 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-28 00:45:59 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 21:02:09 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 21:02:09 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
.
==================== Find3M ====================
.
2011-05-20 23:47:09 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-04-29 13:36:02 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-29 13:36:02 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
.
============= FINISH: 16:51:53.21 ===============


Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/31/2011 3:54:51 AM
System Uptime: 5/20/2011 4:41:45 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G73Sw
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 641.239 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ASUS AI Recovery
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_G73_Screensaver
AsusVibe2.0
ATK Package
Best Buy pc app
Brother MFL-Pro Suite MFC-8890DW
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
DirectX 9 Runtime
ExpressGate Cloud
GoToMeeting 4.8.0.721
HiJackThis
Intel(R) Control Center
Intel(R) Management Engine Components
Internet TV for Windows Media Center
Junk Mail filter update
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
Nuance PDF Reader
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Roxio AACS Certificate
Roxio Activation Module
Roxio CinePlayer
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Toolbars
Skype™ 5.3
THX TruStudio
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Verizon Wireless UML290 Firmware Updates
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
5/20/2011 2:58:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/19/2011 8:24:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.2020.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/19/2011 8:24:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.2020.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/19/2011 6:21:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/17/2011 8:51:40 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
5/17/2011 8:51:40 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
5/17/2011 7:51:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/16/2011 8:27:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
5/16/2011 8:27:28 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/16/2011 12:52:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/15/2011 7:51:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/14/2011 8:08:21 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm
Advertisement
Register to Remove

Re: Spyware.Passwords.XGen

Unread postby Carolyn » May 22nd, 2011, 1:51 pm

I am reviewing your logs and will post back shortly.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Spyware.Passwords.XGen

Unread postby Carolyn » May 22nd, 2011, 2:37 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

=============================

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

=============================

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

=============================

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Right-click on OTL.exe and select "Run as administrator" to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please post the following:
  • ESET log
  • The OTL.txt logfile
  • The Extras.txt logfile
  • The Malwarebytes' log from when it removed the file from the desktop
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Spyware.Passwords.XGen

Unread postby overdrive148 » May 22nd, 2011, 4:03 pm

Thanks for the reply. Just did the scans, here are the results in order:

ESET
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK



Extras
OTL Extras logfile created on: 5/22/2011 12:46:53 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.62% Memory free
15.95 Gb Paging File | 13.82 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.15 Gb Total Space | 641.13 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive D: | 245.23 Mb Total Space | 227.35 Mb Free Space | 92.71% Space Free | Partition Type: FAT

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{45C1C61B-9DA9-4B61-8C89-C76B1746C3AA}" = Fresco Logic USB3.0 Host Controller
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}" = PANTECH UML290
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite MFC-8890DW
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{02EE09E7-958A-4E7F-80B6-8BA2D262BD04}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C4FF2FE-9E75-4DBF-B2DA-11CE1F10C4B5}" = Roxio AACS Certificate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"{49A1297B-ADE7-42AE-A9FE-E0942489C013}" = VZAccess Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6E9FF657-D09F-4B46-9FF6-56EA20D781C5}" = Verizon Wireless UML290 Firmware Updates
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DEE877-3031-4313-B235-96FDEB16EF7E}" = Roxio CinePlayer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B11AB9C8-18A6-41DC-98B4-4988CC030136}" = THX TruStudio
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"Asus_G73_Screensaver" = Asus_G73_Screensaver
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-82109360-1990366040-1552493773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.721

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 9:43:06 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:06.922]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:08 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:08.422]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:09 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:09.934]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:11 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:11.440]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:12 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:12.971]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:14 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:14.471]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:15 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:15.999]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:17 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:17.499]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:18 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:18.999]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 5/18/2011 9:43:20 AM | Computer Name = John-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2011/05/18 06:43:20.499]: [00003252]: lperrcode->api
= 1 , lperrcode->code = 2

[ Media Center Events ]
Error - 5/13/2011 3:57:53 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = 12:57:53 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 5/14/2011 5:53:44 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = 2:53:44 PM - Error connecting to the internet. 2:53:44 PM - Unable
to contact server..

Error - 5/14/2011 5:53:53 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = 2:53:49 PM - Error connecting to the internet. 2:53:49 PM - Unable
to contact server..

[ System Events ]
Error - 5/17/2011 11:51:39 AM | Computer Name = John-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 5/17/2011 11:51:39 AM | Computer Name = John-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 5/17/2011 11:51:39 AM | Computer Name = John-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 5/17/2011 11:51:40 AM | Computer Name = John-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 5/17/2011 11:51:40 AM | Computer Name = John-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 5/17/2011 11:51:40 AM | Computer Name = John-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 5/17/2011 11:51:40 AM | Computer Name = John-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 5/17/2011 11:51:40 AM | Computer Name = John-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 5/17/2011 11:51:40 AM | Computer Name = John-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 5/19/2011 9:21:17 AM | Computer Name = John-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >


Mbam
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6630

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/20/2011 3:19:06 PM
mbam-log-2011-05-20 (15-19-06).txt

Scan type: Quick scan
Objects scanned: 157546
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\John\Desktop\postal.document.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Spyware.Passwords.XGen

Unread postby overdrive148 » May 22nd, 2011, 4:05 pm

OTL (since it told me "Your message contains 187980 characters. The maximum number of allowed characters is 100000.")
OTL
OTL logfile created on: 5/22/2011 12:46:53 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.62% Memory free
15.95 Gb Paging File | 13.82 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.15 Gb Total Space | 641.13 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive D: | 245.23 Mb Total Space | 227.35 Mb Free Space | 92.71% Space Free | Partition Type: FAT

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 12:45:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2011/04/29 20:09:07 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/02/17 06:48:55 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/10/29 04:09:56 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/15 02:24:38 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
PRC - [2010/10/07 15:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
PRC - [2010/10/07 10:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/09/23 17:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
PRC - [2010/08/20 19:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010/08/17 15:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/08/12 18:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\Asus\ASUS Live Update\ALU.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 12:45:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/13 17:49:34 | 000,139,280 | ---- | M] (DEVGURU Co., LTD) [Auto | Running] -- C:\Windows\SysNative\ptumlcmsvc64.exe -- (ptumlcmsvc)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/01 13:00:06 | 000,911,872 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/01 12:54:22 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/04/16 17:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/17 06:49:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/02/17 06:49:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/10/29 04:09:56 | 000,236,136 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/08/20 19:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/01 09:16:22 | 000,182,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTUMLVsp.sys -- (PTUMLVsp)
DRV:64bit: - [2010/12/01 09:16:22 | 000,068,624 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV:64bit: - [2010/12/01 09:16:20 | 000,183,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV:64bit: - [2010/12/01 09:16:20 | 000,182,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTUMLMdm.sys -- (PTUMLMdm)
DRV:64bit: - [2010/12/01 09:16:20 | 000,098,832 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLNET61.sys -- (PTUMLNET61) PANTECH UML290 WWAN (NDIS6.1)
DRV:64bit: - [2010/12/01 09:16:18 | 000,182,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV:64bit: - [2010/12/01 09:16:18 | 000,073,616 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTUMLBUS.sys -- (PTUMLBUS)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/19 16:25:40 | 000,210,944 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010/11/19 16:25:40 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/08 03:32:27 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/10/01 07:56:23 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/13 03:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/08 20:02:33 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/08/03 03:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/06/22 18:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/16 18:28:36 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel(R) Centrino(R)
DRV:64bit: - [2010/05/16 18:28:28 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 18:28:26 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/04/16 17:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/17 16:11:59 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/07/26 14:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com






IE - HKU\S-1-5-21-82109360-1990366040-1552493773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-82109360-1990366040-1552493773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-82109360-1990366040-1552493773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SessionLogon] File not found
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-82109360-1990366040-1552493773-1000..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\721\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-82109360-1990366040-1552493773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/08 15:41:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 12:45:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/05/22 11:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/05/21 11:41:01 | 042,829,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/05/20 16:51:20 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/05/20 15:26:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/20 15:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/20 15:11:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2011/05/20 15:11:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/20 15:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/20 15:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/20 15:11:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/20 15:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/20 15:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/20 15:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/19 19:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/19 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/19 19:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/17 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
[2011/05/17 11:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011/05/13 08:55:44 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/05/13 08:55:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/05/11 06:29:29 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 06:29:28 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 06:29:28 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/11 06:29:26 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/11 06:29:26 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/04/29 06:32:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/04/29 06:32:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/04/29 06:32:11 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/04/29 06:32:11 | 000,048,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/04/29 06:32:07 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/04/29 06:32:04 | 003,715,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/04/29 06:32:04 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/04/29 06:32:04 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2011/04/29 06:32:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2011/04/29 06:32:02 | 003,215,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/04/29 06:32:00 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/04/29 06:32:00 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/04/29 06:32:00 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/04/29 06:31:58 | 002,314,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/04/29 06:31:57 | 014,633,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/04/29 06:31:57 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/04/29 06:31:56 | 004,120,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/04/29 06:31:56 | 003,205,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2011/04/29 06:31:56 | 001,731,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/04/29 06:31:56 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2011/04/29 06:31:55 | 003,008,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011/04/29 06:31:55 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2011/04/29 06:31:55 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2011/04/29 06:31:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2011/04/29 06:31:55 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2011/04/29 06:31:54 | 001,219,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2011/04/29 06:31:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2011/04/29 06:31:54 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2011/04/29 06:31:53 | 002,086,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011/04/29 06:31:53 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2011/04/29 06:31:52 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/04/29 06:31:52 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2011/04/29 06:31:51 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/04/29 06:31:51 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/04/29 06:31:51 | 001,753,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2011/04/29 06:31:51 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2011/04/29 06:31:51 | 001,340,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2011/04/29 06:31:50 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011/04/29 06:31:50 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/04/29 06:31:50 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2011/04/29 06:31:50 | 001,326,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NaturalLanguage6.dll
[2011/04/29 06:31:50 | 000,299,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2011/04/29 06:31:49 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/04/29 06:31:48 | 003,027,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2011/04/29 06:31:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/04/29 06:31:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/04/29 06:31:48 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpdd.dll
[2011/04/29 06:31:48 | 000,109,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/04/29 06:31:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/04/29 06:31:47 | 003,957,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2011/04/29 06:31:47 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2011/04/29 06:31:47 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/04/29 06:31:47 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/04/29 06:31:47 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2011/04/29 06:31:47 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2011/04/29 06:31:46 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2011/04/29 06:31:46 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2011/04/29 06:31:46 | 000,867,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFolder.dll
[2011/04/29 06:31:45 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuthFWSnapin.dll
[2011/04/29 06:31:45 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthFWSnapin.dll
[2011/04/29 06:31:45 | 003,391,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2011/04/29 06:31:45 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2011/04/29 06:31:45 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/04/29 06:31:44 | 001,456,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2011/04/29 06:31:43 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/04/29 06:31:43 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2011/04/29 06:31:43 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2011/04/29 06:31:43 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/04/29 06:31:42 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011/04/29 06:31:42 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/04/29 06:31:42 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqmapi.dll
[2011/04/29 06:31:41 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d9.dll
[2011/04/29 06:31:41 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2011/04/29 06:31:41 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2011/04/29 06:31:41 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2011/04/29 06:31:40 | 001,900,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2011/04/29 06:31:40 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2011/04/29 06:31:40 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/04/29 06:31:39 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2011/04/29 06:31:39 | 001,281,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\werconcpl.dll
[2011/04/29 06:31:39 | 001,049,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/04/29 06:31:39 | 001,008,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2011/04/29 06:31:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/04/29 06:31:39 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/04/29 06:31:39 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011/04/29 06:31:39 | 000,376,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/04/29 06:31:38 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2011/04/29 06:31:38 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2011/04/29 06:31:38 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/04/29 06:31:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2011/04/29 06:31:38 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2011/04/29 06:31:38 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2011/04/29 06:31:37 | 002,652,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2011/04/29 06:31:37 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2011/04/29 06:31:37 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2011/04/29 06:31:37 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2011/04/29 06:31:37 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2011/04/29 06:31:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2011/04/29 06:31:37 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsmf.dll
[2011/04/29 06:31:37 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2011/04/29 06:31:37 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2011/04/29 06:31:36 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2011/04/29 06:31:36 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2011/04/29 06:31:36 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/04/29 06:31:36 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2011/04/29 06:31:36 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2011/04/29 06:31:36 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2011/04/29 06:31:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmonui.dll
[2011/04/29 06:31:35 | 002,543,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2011/04/29 06:31:35 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2011/04/29 06:31:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2011/04/29 06:31:35 | 000,897,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2011/04/29 06:31:35 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011/04/29 06:31:35 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2011/04/29 06:31:35 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2011/04/29 06:31:35 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2011/04/29 06:31:35 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.exe
[2011/04/29 06:31:35 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2011/04/29 06:31:35 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/04/29 06:31:35 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsmf.dll
[2011/04/29 06:31:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3api.dll
[2011/04/29 06:31:34 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2011/04/29 06:31:34 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Vault.dll
[2011/04/29 06:31:34 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2011/04/29 06:31:34 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2011/04/29 06:31:34 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmd.exe
[2011/04/29 06:31:34 | 000,281,600 | ---- | C] (Microsoft) -- C:\Windows\SysNative\DShowRdpFilter.dll
[2011/04/29 06:31:34 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QAGENT.DLL
[2011/04/29 06:31:33 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/04/29 06:31:33 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/04/29 06:31:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2011/04/29 06:31:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2011/04/29 06:31:33 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2011/04/29 06:31:32 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Query.dll
[2011/04/29 06:31:32 | 001,190,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2011/04/29 06:31:32 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sxs.dll
[2011/04/29 06:31:32 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/04/29 06:31:32 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2011/04/29 06:31:32 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcbuilder.exe
[2011/04/29 06:31:31 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/04/29 06:31:31 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2011/04/29 06:31:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/04/29 06:31:29 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2011/04/29 06:31:29 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2011/04/29 06:31:29 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2011/04/29 06:31:29 | 001,158,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2011/04/29 06:31:29 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2011/04/29 06:31:29 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2011/04/29 06:31:29 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2011/04/29 06:31:29 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/29 06:31:29 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgprint.dll
[2011/04/29 06:31:29 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/04/29 06:31:28 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2011/04/29 06:31:28 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2011/04/29 06:31:28 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2011/04/29 06:31:28 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2011/04/29 06:31:28 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2011/04/29 06:31:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/04/29 06:31:28 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2011/04/29 06:31:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mcbuilder.exe
[2011/04/29 06:31:28 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prncache.dll
[2011/04/29 06:31:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3api.dll
[2011/04/29 06:31:27 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011/04/29 06:31:27 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2011/04/29 06:31:27 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2011/04/29 06:31:27 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2011/04/29 06:31:27 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2011/04/29 06:31:27 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2011/04/29 06:31:27 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2011/04/29 06:31:27 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011/04/29 06:31:27 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnike.dll
[2011/04/29 06:31:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2011/04/29 06:31:27 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/04/29 06:31:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2011/04/29 06:31:26 | 002,262,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2011/04/29 06:31:26 | 001,082,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2011/04/29 06:31:26 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011/04/29 06:31:26 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2011/04/29 06:31:26 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2011/04/29 06:31:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.exe
[2011/04/29 06:31:26 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2011/04/29 06:31:26 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2011/04/29 06:31:25 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2011/04/29 06:31:25 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2011/04/29 06:31:25 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2011/04/29 06:31:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2011/04/29 06:31:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/04/29 06:31:25 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2011/04/29 06:31:25 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fde.dll
[2011/04/29 06:31:24 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localsec.dll
[2011/04/29 06:31:24 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2011/04/29 06:31:24 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netdiagfx.dll
[2011/04/29 06:31:24 | 000,298,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2011/04/29 06:31:24 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2011/04/29 06:31:24 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011/04/29 06:31:24 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2011/04/29 06:31:24 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2011/04/29 06:31:24 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netid.dll
[2011/04/29 06:31:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/04/29 06:31:23 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2011/04/29 06:31:23 | 002,746,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2011/04/29 06:31:23 | 001,050,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2011/04/29 06:31:23 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2011/04/29 06:31:23 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspbda.dll
[2011/04/29 06:31:23 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biocpl.dll
[2011/04/29 06:31:23 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2011/04/29 06:31:23 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2011/04/29 06:31:23 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2011/04/29 06:31:23 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2011/04/29 06:31:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSHVHOST.DLL
[2011/04/29 06:31:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2011/04/29 06:31:23 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/04/29 06:31:22 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011/04/29 06:31:22 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2011/04/29 06:31:22 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/04/29 06:31:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2011/04/29 06:31:22 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2011/04/29 06:31:22 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\credui.dll
[2011/04/29 06:31:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2011/04/29 06:31:22 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitagent.exe
[2011/04/29 06:31:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2011/04/29 06:31:21 | 003,211,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2011/04/29 06:31:21 | 000,934,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallControlPanel.dll
[2011/04/29 06:31:21 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbghelp.dll
[2011/04/29 06:31:21 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2011/04/29 06:31:21 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2011/04/29 06:31:21 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2011/04/29 06:31:21 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011/04/29 06:31:21 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2011/04/29 06:31:21 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2011/04/29 06:31:21 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/04/29 06:31:21 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/04/29 06:31:21 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/04/29 06:31:21 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2011/04/29 06:31:21 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2011/04/29 06:31:21 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2011/04/29 06:31:20 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2011/04/29 06:31:20 | 000,780,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2011/04/29 06:31:20 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2011/04/29 06:31:20 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2011/04/29 06:31:20 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXP.dll
[2011/04/29 06:31:20 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2011/04/29 06:31:20 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2011/04/29 06:31:20 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cfgmgr32.dll
[2011/04/29 06:31:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetapi.dll
[2011/04/29 06:31:19 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011/04/29 06:31:19 | 002,494,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2011/04/29 06:31:19 | 001,457,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxpTaskSync.dll
[2011/04/29 06:31:19 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2011/04/29 06:31:19 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2011/04/29 06:31:19 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2011/04/29 06:31:19 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/04/29 06:31:19 | 000,263,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2011/04/29 06:31:19 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2011/04/29 06:31:19 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/04/29 06:31:19 | 000,128,000 | ---- | C] (Microsoft) -- C:\Windows\SysNative\Robocopy.exe
[2011/04/29 06:31:19 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
[2011/04/29 06:31:19 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys
[2011/04/29 06:31:18 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2011/04/29 06:31:18 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2011/04/29 06:31:18 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2011/04/29 06:31:18 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\puiobj.dll
[2011/04/29 06:31:18 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2011/04/29 06:31:18 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2011/04/29 06:31:18 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011/04/29 06:31:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2011/04/29 06:31:18 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prncache.dll
[2011/04/29 06:31:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2011/04/29 06:31:17 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msi.dll
[2011/04/29 06:31:17 | 001,363,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2011/04/29 06:31:17 | 000,932,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2011/04/29 06:31:17 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXPTaskRingtone.dll
[2011/04/29 06:31:17 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2011/04/29 06:31:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/04/29 06:31:17 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2011/04/29 06:31:17 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2011/04/29 06:31:17 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\net1.exe
[2011/04/29 06:31:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2011/04/29 06:31:16 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2011/04/29 06:31:16 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdengin2.dll
[2011/04/29 06:31:16 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2011/04/29 06:31:16 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2011/04/29 06:31:16 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011/04/29 06:31:16 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2011/04/29 06:31:16 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiadefui.dll
[2011/04/29 06:31:16 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2011/04/29 06:31:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2011/04/29 06:31:16 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2011/04/29 06:31:16 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MMDevAPI.dll
[2011/04/29 06:31:16 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/04/29 06:31:16 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samcli.dll
[2011/04/29 06:31:15 | 002,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2011/04/29 06:31:15 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2011/04/29 06:31:15 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2011/04/29 06:31:15 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2011/04/29 06:31:15 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2011/04/29 06:31:15 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2011/04/29 06:31:15 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2011/04/29 06:31:15 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2011/04/29 06:31:15 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2011/04/29 06:31:15 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2011/04/29 06:31:15 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netdiagfx.dll
[2011/04/29 06:31:15 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSHVHOST.DLL
[2011/04/29 06:31:15 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2011/04/29 06:31:15 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fde.dll
[2011/04/29 06:31:15 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/04/29 06:31:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/04/29 06:31:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QUTIL.DLL
[2011/04/29 06:31:15 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2011/04/29 06:31:15 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcl.exe
[2011/04/29 06:31:15 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/04/29 06:31:14 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2011/04/29 06:31:14 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2011/04/29 06:31:14 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TabletPC.cpl
[2011/04/29 06:31:14 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2011/04/29 06:31:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2011/04/29 06:31:14 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgcpl.dll
[2011/04/29 06:31:14 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msconfig.exe
[2011/04/29 06:31:14 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2011/04/29 06:31:14 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSCard.dll
[2011/04/29 06:31:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2011/04/29 06:31:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/04/29 06:31:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2011/04/29 06:31:13 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2011/04/29 06:31:13 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2011/04/29 06:31:13 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2011/04/29 06:31:13 | 000,633,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2011/04/29 06:31:13 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2011/04/29 06:31:13 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2011/04/29 06:31:13 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2011/04/29 06:31:13 | 000,166,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2011/04/29 06:31:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winsta.dll
[2011/04/29 06:31:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdeploy.dll
[2011/04/29 06:31:13 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsmproxy.dll
[2011/04/29 06:31:13 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2011/04/29 06:31:13 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/04/29 06:31:12 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2011/04/29 06:31:12 | 002,250,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsCpl.dll
[2011/04/29 06:31:12 | 002,193,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2011/04/29 06:31:12 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2011/04/29 06:31:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/04/29 06:31:12 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2011/04/29 06:31:12 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXPTaskRingtone.dll
[2011/04/29 06:31:12 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2011/04/29 06:31:12 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2011/04/29 06:31:12 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sharemediacpl.dll
[2011/04/29 06:31:12 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2011/04/29 06:31:12 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logoncli.dll
[2011/04/29 06:31:12 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2011/04/29 06:31:12 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nci.dll
[2011/04/29 06:31:12 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2011/04/29 06:31:12 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RpcRtRemote.dll
[2011/04/29 06:31:11 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Narrator.exe
[2011/04/29 06:31:11 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2011/04/29 06:31:11 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2011/04/29 06:31:11 | 000,763,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2011/04/29 06:31:11 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2011/04/29 06:31:11 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2011/04/29 06:31:11 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011/04/29 06:31:11 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2011/04/29 06:31:11 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2011/04/29 06:31:11 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2011/04/29 06:31:11 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppcomapi.dll
[2011/04/29 06:31:11 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AudioSes.dll
[2011/04/29 06:31:11 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netjoin.dll
[2011/04/29 06:31:11 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2011/04/29 06:31:11 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2011/04/29 06:31:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2011/04/29 06:31:11 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IPHLPAPI.DLL
[2011/04/29 06:31:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2011/04/29 06:31:11 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2011/04/29 06:31:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnikeapi.dll
[2011/04/29 06:31:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\proquota.exe
[2011/04/29 06:31:10 | 001,264,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2011/04/29 06:31:10 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2011/04/29 06:31:10 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2011/04/29 06:31:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2011/04/29 06:31:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshipsec.dll
[2011/04/29 06:31:10 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2011/04/29 06:31:10 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2011/04/29 06:31:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2011/04/29 06:31:10 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2011/04/29 06:31:10 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2011/04/29 06:31:10 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2011/04/29 06:31:10 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2011/04/29 06:31:10 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2011/04/29 06:31:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011/04/29 06:31:10 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys
[2011/04/29 06:31:10 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2011/04/29 06:31:10 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prntvpt.dll
[2011/04/29 06:31:10 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2011/04/29 06:31:10 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2011/04/29 06:31:10 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2011/04/29 06:31:10 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2011/04/29 06:31:10 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/04/29 06:31:09 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2011/04/29 06:31:09 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2011/04/29 06:31:09 | 000,957,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2011/04/29 06:31:09 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vault.dll
[2011/04/29 06:31:09 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2011/04/29 06:31:09 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2011/04/29 06:31:09 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2011/04/29 06:31:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2011/04/29 06:31:09 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2011/04/29 06:31:09 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2011/04/29 06:31:09 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2011/04/29 06:31:09 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpsrcwp.dll
[2011/04/29 06:31:09 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprddm.dll
[2011/04/29 06:31:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/04/29 06:31:09 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QAGENT.DLL
[2011/04/29 06:31:09 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netid.dll
[2011/04/29 06:31:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nci.dll
[2011/04/29 06:31:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2011/04/29 06:31:08 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bootres.dll
[2011/04/29 06:31:08 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2011/04/29 06:31:08 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DiagCpl.dll
[2011/04/29 06:31:08 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2011/04/29 06:31:08 | 000,812,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2011/04/29 06:31:08 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2011/04/29 06:31:08 | 000,433,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MCEWMDRMNDBootstrap.dll
[2011/04/29 06:31:08 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2011/04/29 06:31:08 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\Robocopy.exe
[2011/04/29 06:31:08 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSTPager.ax
[2011/04/29 06:31:08 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011/04/29 06:31:07 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DxpTaskSync.dll
[2011/04/29 06:31:07 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2011/04/29 06:31:07 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiobj.dll
[2011/04/29 06:31:07 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2011/04/29 06:31:07 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2011/04/29 06:31:07 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskmgr.exe
[2011/04/29 06:31:07 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskmgr.exe
[2011/04/29 06:31:07 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2011/04/29 06:31:07 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2011/04/29 06:31:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/04/29 06:31:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011/04/29 06:31:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/04/29 06:31:07 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2011/04/29 06:31:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2011/04/29 06:31:06 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiadefui.dll
[2011/04/29 06:31:06 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnfldr.dll
[2011/04/29 06:31:06 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2011/04/29 06:31:06 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\termmgr.dll
[2011/04/29 06:31:06 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2011/04/29 06:31:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2011/04/29 06:31:06 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2011/04/29 06:31:06 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2011/04/29 06:31:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2011/04/29 06:31:06 | 000,155,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2011/04/29 06:31:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2011/04/29 06:31:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2011/04/29 06:31:06 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logoncli.dll
[2011/04/29 06:31:06 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2011/04/29 06:31:06 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2011/04/29 06:31:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\proquota.exe
[2011/04/29 06:31:05 | 003,745,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2011/04/29 06:31:05 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SensorsCpl.dll
[2011/04/29 06:31:05 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2011/04/29 06:31:05 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FirewallControlPanel.dll
[2011/04/29 06:31:05 | 000,649,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2011/04/29 06:31:05 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2011/04/29 06:31:05 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2011/04/29 06:31:05 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slui.exe
[2011/04/29 06:31:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2011/04/29 06:31:05 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hgcpl.dll
[2011/04/29 06:31:05 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\defaultlocationcpl.dll
[2011/04/29 06:31:05 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2011/04/29 06:31:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2011/04/29 06:31:04 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2011/04/29 06:31:04 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2011/04/29 06:31:04 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2011/04/29 06:31:04 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceCenter.dll
[2011/04/29 06:31:04 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscms.dll
[2011/04/29 06:31:04 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localsec.dll
[2011/04/29 06:31:04 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprddm.dll
[2011/04/29 06:31:04 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OnLineIDCpl.dll
[2011/04/29 06:31:04 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2011/04/29 06:31:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/04/29 06:31:04 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/04/29 06:31:04 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2011/04/29 06:31:03 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2011/04/29 06:31:03 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2011/04/29 06:31:03 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll
[2011/04/29 06:31:03 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
[2011/04/29 06:31:03 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2011/04/29 06:31:03 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsuiext.dll
[2011/04/29 06:31:03 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2011/04/29 06:31:03 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2011/04/29 06:31:03 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2011/04/29 06:31:03 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2011/04/29 06:31:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2011/04/29 06:31:03 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2011/04/29 06:31:03 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroleui.dll
[2011/04/29 06:31:03 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2011/04/29 06:31:03 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2011/04/29 06:31:03 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011/04/29 06:31:03 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2011/04/29 06:31:03 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2011/04/29 06:31:03 | 000,288,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2011/04/29 06:31:03 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskbarcpl.dll
[2011/04/29 06:31:03 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVolSSO.dll
[2011/04/29 06:31:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twext.dll
[2011/04/29 06:31:03 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxlib.dll
[2011/04/29 06:31:03 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recovery.dll
[2011/04/29 06:31:03 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prntvpt.dll
[2011/04/29 06:31:03 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cca.dll
[2011/04/29 06:31:03 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe
[2011/04/29 06:31:03 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2011/04/29 06:31:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w32tm.exe
[2011/04/29 06:31:02 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2011/04/29 06:31:02 | 001,003,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2011/04/29 06:31:02 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdcpl.dll
[2011/04/29 06:31:02 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2011/04/29 06:31:02 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\main.cpl
[2011/04/29 06:31:02 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2011/04/29 06:31:02 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shwebsvc.dll
[2011/04/29 06:31:02 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2011/04/29 06:31:02 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizeng.dll
[2011/04/29 06:31:02 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2011/04/29 06:31:02 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\zipfldr.dll
[2011/04/29 06:31:02 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroleui.dll
[2011/04/29 06:31:02 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\efscore.dll
[2011/04/29 06:31:02 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recdisc.exe
[2011/04/29 06:31:02 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2011/04/29 06:31:02 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2011/04/29 06:31:02 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syncui.dll
[2011/04/29 06:31:02 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VBICodec.ax
[2011/04/29 06:31:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2011/04/29 06:31:02 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldp.dll
[2011/04/29 06:31:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netjoin.dll
[2011/04/29 06:31:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2011/04/29 06:31:02 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2011/04/29 06:31:02 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzutil.exe
[2011/04/29 06:31:02 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2011/04/29 06:31:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2011/04/29 06:31:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sisbkup.dll
[2011/04/29 06:31:01 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2011/04/29 06:31:01 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2011/04/29 06:31:01 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenter.dll
[2011/04/29 06:31:01 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenterCPL.dll
[2011/04/29 06:31:01 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2011/04/29 06:31:01 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizeng.dll
[2011/04/29 06:31:01 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\termmgr.dll
[2011/04/29 06:31:01 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2011/04/29 06:31:01 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnfldr.dll
[2011/04/29 06:31:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2011/04/29 06:31:01 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Spyware.Passwords.XGen

Unread postby overdrive148 » May 22nd, 2011, 4:06 pm

And..the other half of the OTL log

[2011/04/29 06:31:01 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll
[2011/04/29 06:31:01 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2011/04/29 06:31:01 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2011/04/29 06:31:01 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2011/04/29 06:31:01 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2011/04/29 06:31:01 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OnLineIDCpl.dll
[2011/04/29 06:31:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2011/04/29 06:31:01 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2011/04/29 06:31:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2011/04/29 06:31:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksxbar.ax
[2011/04/29 06:31:00 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2011/04/29 06:31:00 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2011/04/29 06:31:00 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlcese30.dll
[2011/04/29 06:31:00 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2011/04/29 06:31:00 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2011/04/29 06:31:00 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2011/04/29 06:31:00 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2011/04/29 06:31:00 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2011/04/29 06:31:00 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2011/04/29 06:31:00 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iprtrmgr.dll
[2011/04/29 06:31:00 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2011/04/29 06:31:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iprtrmgr.dll
[2011/04/29 06:31:00 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\defaultlocationcpl.dll
[2011/04/29 06:31:00 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\efscore.dll
[2011/04/29 06:31:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2011/04/29 06:31:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/04/29 06:31:00 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifsutil.dll
[2011/04/29 06:31:00 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntlanman.dll
[2011/04/29 06:31:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserAccountControlSettings.dll
[2011/04/29 06:31:00 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2011/04/29 06:31:00 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpd3d.dll
[2011/04/29 06:31:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2011/04/29 06:31:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2011/04/29 06:31:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2011/04/29 06:31:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2011/04/29 06:31:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sisbkup.dll
[2011/04/29 06:30:59 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OobeFldr.dll
[2011/04/29 06:30:59 | 000,781,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2011/04/29 06:30:59 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011/04/29 06:30:59 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenterCPL.dll
[2011/04/29 06:30:59 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2011/04/29 06:30:59 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DeviceCenter.dll
[2011/04/29 06:30:59 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2011/04/29 06:30:59 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2011/04/29 06:30:59 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ssText3d.scr
[2011/04/29 06:30:59 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/04/29 06:30:59 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2011/04/29 06:30:59 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iTVData.dll
[2011/04/29 06:30:59 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wavemsp.dll
[2011/04/29 06:30:59 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingFolder.dll
[2011/04/29 06:30:59 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/04/29 06:30:59 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquoui.dll
[2011/04/29 06:30:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2011/04/29 06:30:59 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syncui.dll
[2011/04/29 06:30:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2011/04/29 06:30:59 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2011/04/29 06:30:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPHLPR.DLL
[2011/04/29 06:30:59 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srvcli.dll
[2011/04/29 06:30:59 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nslookup.exe
[2011/04/29 06:30:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntlanman.dll
[2011/04/29 06:30:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSTPager.ax
[2011/04/29 06:30:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acppage.dll
[2011/04/29 06:30:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2011/04/29 06:30:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/04/29 06:30:58 | 001,672,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2011/04/29 06:30:58 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2011/04/29 06:30:58 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2011/04/29 06:30:58 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2011/04/29 06:30:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\riched20.dll
[2011/04/29 06:30:58 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srrstr.dll
[2011/04/29 06:30:58 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2011/04/29 06:30:58 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\activeds.dll
[2011/04/29 06:30:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2011/04/29 06:30:58 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpsrcwp.dll
[2011/04/29 06:30:58 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2011/04/29 06:30:58 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdboot.exe
[2011/04/29 06:30:58 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\remotepg.dll
[2011/04/29 06:30:58 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPHLPR.DLL
[2011/04/29 06:30:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppnp.dll
[2011/04/29 06:30:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\migisol.dll
[2011/04/29 06:30:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabinet.dll
[2011/04/29 06:30:58 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/04/29 06:30:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wkscli.dll
[2011/04/29 06:30:58 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2011/04/29 06:30:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2011/04/29 06:30:57 | 000,840,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2011/04/29 06:30:57 | 000,685,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsuiext.dll
[2011/04/29 06:30:57 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2011/04/29 06:30:57 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfrgui.exe
[2011/04/29 06:30:57 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2011/04/29 06:30:57 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2011/04/29 06:30:57 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfrgui.exe
[2011/04/29 06:30:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2011/04/29 06:30:57 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
[2011/04/29 06:30:57 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshipsec.dll
[2011/04/29 06:30:57 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3ui.dll
[2011/04/29 06:30:57 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsqmcons.exe
[2011/04/29 06:30:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2011/04/29 06:30:57 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wavemsp.dll
[2011/04/29 06:30:57 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2011/04/29 06:30:57 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2011/04/29 06:30:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2011/04/29 06:30:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\net1.exe
[2011/04/29 06:30:57 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kstvtune.ax
[2011/04/29 06:30:57 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe
[2011/04/29 06:30:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2011/04/29 06:30:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2011/04/29 06:30:57 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzutil.exe
[2011/04/29 06:30:56 | 001,911,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011/04/29 06:30:56 | 000,899,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Bubbles.scr
[2011/04/29 06:30:56 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\main.cpl
[2011/04/29 06:30:56 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2011/04/29 06:30:56 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimgapi.dll
[2011/04/29 06:30:56 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2011/04/29 06:30:56 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/04/29 06:30:56 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstask.dll
[2011/04/29 06:30:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2011/04/29 06:30:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/04/29 06:30:56 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2011/04/29 06:30:56 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcap.dll
[2011/04/29 06:30:56 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2011/04/29 06:30:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twext.dll
[2011/04/29 06:30:56 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupugc.exe
[2011/04/29 06:30:56 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2011/04/29 06:30:56 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2011/04/29 06:30:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdmat.dll
[2011/04/29 06:30:56 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011/04/29 06:30:56 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wtsapi32.dll
[2011/04/29 06:30:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsium.dll
[2011/04/29 06:30:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2011/04/29 06:30:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2011/04/29 06:30:55 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2011/04/29 06:30:55 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ssText3d.scr
[2011/04/29 06:30:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\audiodev.dll
[2011/04/29 06:30:55 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mystify.scr
[2011/04/29 06:30:55 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Ribbons.scr
[2011/04/29 06:30:55 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifsutil.dll
[2011/04/29 06:30:55 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2011/04/29 06:30:55 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\uxlib.dll
[2011/04/29 06:30:55 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2011/04/29 06:30:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/04/29 06:30:54 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2011/04/29 06:30:54 | 000,573,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011/04/29 06:30:54 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeResults.exe
[2011/04/29 06:30:54 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2011/04/29 06:30:54 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2011/04/29 06:30:54 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingFolder.dll
[2011/04/29 06:30:54 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfmon.exe
[2011/04/29 06:30:54 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpshell.dll
[2011/04/29 06:30:54 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2011/04/29 06:30:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2011/04/29 06:30:53 | 001,087,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbghelp.dll
[2011/04/29 06:30:53 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSAPI.dll
[2011/04/29 06:30:53 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2011/04/29 06:30:53 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2011/04/29 06:30:53 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2011/04/29 06:30:53 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimserv.exe
[2011/04/29 06:30:53 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2011/04/29 06:30:53 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2011/04/29 06:30:53 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2011/04/29 06:30:53 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionQueue.dll
[2011/04/29 06:30:53 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2011/04/29 06:30:53 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2011/04/29 06:30:53 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfmon.exe
[2011/04/29 06:30:53 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\remotepg.dll
[2011/04/29 06:30:53 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiavideo.dll
[2011/04/29 06:30:53 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QUTIL.DLL
[2011/04/29 06:30:53 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tlscsp.dll
[2011/04/29 06:30:53 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/04/29 06:30:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\umb.dll
[2011/04/29 06:30:53 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\runonce.exe
[2011/04/29 06:30:53 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPCRYPT.DLL
[2011/04/29 06:30:53 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\acppage.dll
[2011/04/29 06:30:53 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AzSqlExt.dll
[2011/04/29 06:30:53 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netutils.dll
[2011/04/29 06:30:52 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2011/04/29 06:30:52 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onexui.dll
[2011/04/29 06:30:52 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2011/04/29 06:30:52 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nltest.exe
[2011/04/29 06:30:52 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2011/04/29 06:30:52 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2011/04/29 06:30:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iTVData.dll
[2011/04/29 06:30:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2011/04/29 06:30:52 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2011/04/29 06:30:52 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2011/04/29 06:30:52 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsbas.dll
[2011/04/29 06:30:52 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetapi.dll
[2011/04/29 06:30:52 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsbas.dll
[2011/04/29 06:30:52 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MdSched.exe
[2011/04/29 06:30:52 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2011/04/29 06:30:52 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2011/04/29 06:30:52 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/04/29 06:30:52 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2011/04/29 06:30:52 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserAccountControlSettings.dll
[2011/04/29 06:30:52 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\runonce.exe
[2011/04/29 06:30:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PrintIsolationProxy.dll
[2011/04/29 06:30:52 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPCRYPT.DLL
[2011/04/29 06:30:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vpnikeapi.dll
[2011/04/29 06:30:52 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syssetup.dll
[2011/04/29 06:30:51 | 000,527,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2011/04/29 06:30:51 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2011/04/29 06:30:51 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2011/04/29 06:30:51 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2011/04/29 06:30:51 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2011/04/29 06:30:51 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsadmin.exe
[2011/04/29 06:30:51 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qcap.dll
[2011/04/29 06:30:51 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2011/04/29 06:30:51 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shacct.dll
[2011/04/29 06:30:51 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSVRMGMT.DLL
[2011/04/29 06:30:51 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shacct.dll
[2011/04/29 06:30:51 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpshell.dll
[2011/04/29 06:30:51 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2011/04/29 06:30:51 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tabcal.exe
[2011/04/29 06:30:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2011/04/29 06:30:51 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2011/04/29 06:30:50 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011/04/29 06:30:50 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2011/04/29 06:30:50 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Bubbles.scr
[2011/04/29 06:30:50 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2011/04/29 06:30:50 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlcese30.dll
[2011/04/29 06:30:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/04/29 06:30:50 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdv.dll
[2011/04/29 06:30:50 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2011/04/29 06:30:50 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceSyncProvider.dll
[2011/04/29 06:30:50 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsadmin.exe
[2011/04/29 06:30:50 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2011/04/29 06:30:50 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2011/04/29 06:30:50 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2011/04/29 06:30:50 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2011/04/29 06:30:50 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2011/04/29 06:30:50 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdmat.dll
[2011/04/29 06:30:50 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpd3d.dll
[2011/04/29 06:30:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsium.dll
[2011/04/29 06:30:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lsmproxy.dll
[2011/04/29 06:30:49 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2011/04/29 06:30:49 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceStatus.dll
[2011/04/29 06:30:49 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceStatus.dll
[2011/04/29 06:30:49 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2011/04/29 06:30:49 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2011/04/29 06:30:49 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2011/04/29 06:30:49 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3ui.dll
[2011/04/29 06:30:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mystify.scr
[2011/04/29 06:30:49 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Ribbons.scr
[2011/04/29 06:30:49 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceSyncProvider.dll
[2011/04/29 06:30:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/04/29 06:30:49 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VBICodec.ax
[2011/04/29 06:30:49 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2011/04/29 06:30:49 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2011/04/29 06:30:49 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\desk.cpl
[2011/04/29 06:30:49 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fphc.dll
[2011/04/29 06:30:49 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2011/04/29 06:30:49 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiavideo.dll
[2011/04/29 06:30:49 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2011/04/29 06:30:49 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSVRMGMT.DLL
[2011/04/29 06:30:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fphc.dll
[2011/04/29 06:30:49 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2011/04/29 06:30:49 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amstream.dll
[2011/04/29 06:30:49 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kstvtune.ax
[2011/04/29 06:30:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2011/04/29 06:30:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spbcd.dll
[2011/04/29 06:30:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\olethk32.dll
[2011/04/29 06:30:49 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2011/04/29 06:30:49 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapi32.dll
[2011/04/29 06:30:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/04/29 06:30:49 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\takeown.exe
[2011/04/29 06:30:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2011/04/29 06:30:49 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2011/04/29 06:30:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\takeown.exe
[2011/04/29 06:30:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2011/04/29 06:30:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\utildll.dll
[2011/04/29 06:30:48 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2011/04/29 06:30:48 | 000,681,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2011/04/29 06:30:48 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2011/04/29 06:30:48 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2011/04/29 06:30:48 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdv.dll
[2011/04/29 06:30:48 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2011/04/29 06:30:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2011/04/29 06:30:48 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqmapi.dll
[2011/04/29 06:30:48 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll
[2011/04/29 06:30:48 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorAPI.dll
[2011/04/29 06:30:48 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppinst.dll
[2011/04/29 06:30:48 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmstp.exe
[2011/04/29 06:30:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QCLIPROV.DLL
[2011/04/29 06:30:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/04/29 06:30:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/04/29 06:30:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2011/04/29 06:30:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertPolEng.dll
[2011/04/29 06:30:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WavDest.dll
[2011/04/29 06:30:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\djoin.exe
[2011/04/29 06:30:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimgvw.dll
[2011/04/29 06:30:48 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HotStartUserAgent.dll
[2011/04/29 06:30:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nrpsrv.dll
[2011/04/29 06:30:47 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2011/04/29 06:30:47 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itircl.dll
[2011/04/29 06:30:47 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2011/04/29 06:30:47 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2011/04/29 06:30:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsicli.exe
[2011/04/29 06:30:47 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsicli.exe
[2011/04/29 06:30:47 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2011/04/29 06:30:47 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\desk.cpl
[2011/04/29 06:30:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2011/04/29 06:30:47 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mobsync.exe
[2011/04/29 06:30:47 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmstp.exe
[2011/04/29 06:30:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2011/04/29 06:30:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QCLIPROV.DLL
[2011/04/29 06:30:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MuiUnattend.exe
[2011/04/29 06:30:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amstream.dll
[2011/04/29 06:30:47 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cca.dll
[2011/04/29 06:30:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spbcd.dll
[2011/04/29 06:30:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\g711codc.ax
[2011/04/29 06:30:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vfwwdm32.dll
[2011/04/29 06:30:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2011/04/29 06:30:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MultiDigiMon.exe
[2011/04/29 06:30:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2011/04/29 06:30:47 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wkscli.dll
[2011/04/29 06:30:47 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdhui.dll
[2011/04/29 06:30:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbisurf.ax
[2011/04/29 06:30:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2011/04/29 06:30:47 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2011/04/29 06:30:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdmo.dll
[2011/04/29 06:30:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AzSqlExt.dll
[2011/04/29 06:30:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiougc.exe
[2011/04/29 06:30:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BWUnpairElevated.dll
[2011/04/29 06:30:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2011/04/29 06:30:46 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2011/04/29 06:30:46 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSTIFF.dll
[2011/04/29 06:30:46 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2011/04/29 06:30:46 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2011/04/29 06:30:46 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\itircl.dll
[2011/04/29 06:30:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2011/04/29 06:30:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mydocs.dll
[2011/04/29 06:30:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2011/04/29 06:30:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2011/04/29 06:30:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2011/04/29 06:30:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2011/04/29 06:30:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2011/04/29 06:30:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2011/04/29 06:30:46 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2011/04/29 06:30:46 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2011/04/29 06:30:46 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2011/04/29 06:30:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertPolEng.dll
[2011/04/29 06:30:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2011/04/29 06:30:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksxbar.ax
[2011/04/29 06:30:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciqtz32.dll
[2011/04/29 06:30:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2011/04/29 06:30:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\choice.exe
[2011/04/29 06:30:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2011/04/29 06:30:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2011/04/29 06:30:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2011/04/29 06:30:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syssetup.dll
[2011/04/29 06:30:45 | 001,080,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onexui.dll
[2011/04/29 06:30:45 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2011/04/29 06:30:45 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2011/04/29 06:30:45 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2011/04/29 06:30:45 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mobsync.exe
[2011/04/29 06:30:45 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2011/04/29 06:30:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tlscsp.dll
[2011/04/29 06:30:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2011/04/29 06:30:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\luainstall.dll
[2011/04/29 06:30:45 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz32.dll
[2011/04/29 06:30:45 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2011/04/29 06:30:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\manage-bde.exe
[2011/04/29 06:30:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabinet.dll
[2011/04/29 06:30:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetmib1.dll
[2011/04/29 06:30:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/04/29 06:30:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\repair-bde.exe
[2011/04/29 06:30:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdiasqmmodule.dll
[2011/04/29 06:30:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schedcli.dll
[2011/04/29 06:30:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2011/04/29 06:30:43 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDPENCDD.dll
[2011/04/29 06:30:43 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2011/04/29 06:30:43 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2011/04/29 06:30:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2011/04/29 06:30:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetmib1.dll
[2011/04/29 06:30:43 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\g711codc.ax
[2011/04/29 06:30:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2011/04/29 06:30:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\luainstall.dll
[2011/04/29 06:30:43 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shimgvw.dll
[2011/04/29 06:30:43 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unlodctr.exe
[2011/04/29 06:30:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbisurf.ax
[2011/04/29 06:30:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profprov.dll
[2011/04/29 06:30:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdmo.dll
[2011/04/29 06:30:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdprefdrvapi.dll
[2011/04/29 06:30:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spopk.dll
[2011/04/29 06:30:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spopk.dll
[2011/04/29 06:30:43 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2011/04/29 06:30:42 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011/04/29 06:30:42 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011/04/29 06:30:42 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\napdsnap.dll
[2011/04/29 06:30:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSMON.dll
[2011/04/29 06:30:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2011/04/29 06:30:42 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2011/04/29 06:30:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsauth.dll
[2011/04/29 06:30:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2011/04/29 06:30:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LogonUI.exe
[2011/04/29 06:30:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2011/04/29 06:30:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elsTrans.dll
[2011/04/29 06:30:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdprefdrvapi.dll
[2011/04/29 06:30:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TRAPI.dll
[2011/04/29 06:30:42 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfts.dll
[2011/04/29 06:30:41 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2011/04/29 06:30:41 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\napdsnap.dll
[2011/04/29 06:30:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2011/04/29 06:30:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2011/04/29 06:30:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys
[2011/04/29 06:30:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsauth.dll
[2011/04/29 06:30:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2011/04/29 06:30:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shgina.dll
[2011/04/29 06:30:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2011/04/29 06:30:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsperf.dll
[2011/04/29 06:30:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elsTrans.dll
[2011/04/29 06:30:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TRAPI.dll
[2011/04/29 06:30:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsperf.dll
[2011/04/29 06:30:41 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSUNATD.exe
[2011/04/29 06:30:41 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schedcli.dll
[2011/04/29 06:30:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011/04/29 06:30:40 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2011/04/29 06:30:40 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/04/29 06:30:40 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2011/04/29 06:30:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2011/04/29 06:30:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shgina.dll
[2011/04/29 06:30:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshirda.dll
[2011/04/29 06:30:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/04/29 06:30:40 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcfgex.dll
[2011/04/29 06:30:40 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\riched32.dll
[2011/04/29 06:30:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\C_ISCII.DLL
[2011/04/29 06:30:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshirda.dll
[2011/04/29 06:30:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shunimpl.dll
[2011/04/29 06:30:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\C_ISCII.DLL
[2011/04/29 06:30:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shunimpl.dll
[2011/04/29 06:30:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched32.dll
[2011/04/29 06:30:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2011/04/29 06:30:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2011/04/29 06:30:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2011/04/29 06:30:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2011/04/29 06:30:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2011/04/29 06:30:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2011/04/29 06:30:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-ums-l1-1-0.dll
[2011/04/29 06:30:38 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011/04/29 06:30:38 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/04/29 06:30:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2011/04/29 06:30:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2011/04/29 06:30:38 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BlbEvents.dll
[2011/04/29 06:30:38 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pifmgr.dll
[2011/04/29 06:30:38 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pifmgr.dll
[2011/04/29 06:30:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUQ.DLL
[2011/04/29 06:30:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUF.DLL
[2011/04/29 06:30:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSG.DLL
[2011/04/29 06:30:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdlk41a.dll
[2011/04/29 06:30:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGKL.DLL
[2011/04/29 06:30:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDCZ1.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizres.dll
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizres.dll
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUQ.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUF.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSG.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSF.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDPO.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDNEPR.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdlk41a.dll
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGR1.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGR1.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGKL.DLL
[2011/04/29 06:30:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDCZ1.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUS.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUGHR1.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTURME.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAJIK.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSF.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDPO.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDNEPR.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMON.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMAORI.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDLT1.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBULG.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBLR.DLL
[2011/04/29 06:30:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUS.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUGHR1.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTURME.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAJIK.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMON.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMAORI.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDLT1.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGEO.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGEO.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBULG.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBLR.DLL
[2011/04/29 06:30:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2011/04/29 06:30:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2011/04/29 06:30:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2011/04/29 06:30:32 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PkgMgr.exe
[2011/04/29 06:30:32 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2011/04/29 06:30:30 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2011/04/29 06:30:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpx.dll
[2011/04/29 06:30:06 | 000,529,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn.dll
[2011/04/29 06:30:06 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/04/29 06:30:04 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2011/04/29 06:30:02 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2011/04/29 06:29:57 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2011/04/29 06:29:57 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpx.dll
[2011/04/29 06:13:45 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/29 06:13:45 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/29 06:13:45 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/29 06:13:45 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/29 06:13:45 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/29 06:13:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/29 06:13:45 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/29 06:13:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/29 06:13:45 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/29 06:13:45 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/29 06:13:45 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/29 06:13:45 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/29 06:13:45 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/29 06:13:45 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/29 06:13:45 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/29 06:13:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/29 06:13:45 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/29 06:13:45 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/29 06:13:45 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/29 06:13:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/29 06:13:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/29 06:13:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/29 06:13:45 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/29 06:13:45 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/29 06:13:45 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/29 06:13:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/29 06:13:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/29 06:13:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/29 06:13:45 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/29 06:13:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/29 06:13:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/29 06:13:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/29 06:13:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/29 06:13:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/29 06:13:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/29 06:13:45 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/29 06:13:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/29 06:13:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/29 06:13:45 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/29 06:13:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/29 06:13:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/29 06:13:45 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/29 06:13:45 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/29 06:13:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/29 06:13:45 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/29 06:13:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/29 06:13:45 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/29 06:13:45 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/29 06:13:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/29 06:13:45 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/29 06:13:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/29 06:13:45 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/29 06:13:45 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/29 06:13:45 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/29 06:13:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/29 06:13:45 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/29 06:13:45 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/29 06:13:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/29 06:13:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/29 06:13:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/29 06:13:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/29 06:13:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/29 06:13:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/29 06:13:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/29 06:13:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/29 06:13:45 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/29 06:13:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/29 06:13:45 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/29 06:13:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/29 06:13:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/29 06:13:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/29 06:13:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/29 06:13:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/29 06:13:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/29 06:13:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/29 06:13:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/29 06:13:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/29 06:13:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/27 17:45:59 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 17:45:59 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 14:02:09 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 14:02:09 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 13:58:59 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/27 13:58:59 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/27 13:58:59 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/27 13:58:58 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/27 13:58:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/27 13:58:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 13:58:58 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/27 13:58:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 13:58:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

========== Files - Modified Within 30 Days ==========

[2011/05/22 12:45:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/05/22 12:37:03 | 000,735,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/22 12:37:03 | 000,630,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/22 12:37:03 | 000,109,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/22 11:48:40 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 11:48:40 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 11:41:44 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/05/22 11:41:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/22 11:41:20 | 2129,526,783 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/20 16:47:30 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/05/20 15:26:31 | 000,002,971 | ---- | M] () -- C:\Users\John\Desktop\HiJackThis.lnk
[2011/05/20 15:11:12 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 15:05:59 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/19 19:33:53 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/17 11:07:02 | 000,002,425 | ---- | M] () -- C:\Users\John\Desktop\s Quick Connect.lnk
[2011/05/17 11:07:02 | 000,001,367 | ---- | M] () -- C:\Users\John\Desktop\GoToMeeting.lnk
[2011/05/17 11:00:35 | 000,072,080 | ---- | M] () -- C:\Users\John\g2mdlhlpx.exe
[2011/04/29 11:29:28 | 042,829,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/04/29 06:55:24 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/29 06:36:02 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/04/29 06:36:02 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/04/29 06:14:26 | 000,001,439 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/29 06:13:45 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/29 06:13:45 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/29 06:13:45 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/29 06:13:45 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/29 06:13:45 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/29 06:13:45 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/29 06:13:45 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/29 06:13:45 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/29 06:13:45 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/29 06:13:45 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/29 06:13:45 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/29 06:13:45 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/29 06:13:45 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/29 06:13:45 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/29 06:13:45 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/29 06:13:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/29 06:13:45 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/29 06:13:45 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/29 06:13:45 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/29 06:13:45 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/29 06:13:45 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/29 06:13:45 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/29 06:13:45 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/29 06:13:45 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/29 06:13:45 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/29 06:13:45 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/29 06:13:45 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/29 06:13:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/29 06:13:45 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/29 06:13:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/29 06:13:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/29 06:13:45 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/29 06:13:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/29 06:13:45 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/29 06:13:45 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/29 06:13:45 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/29 06:13:45 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/29 06:13:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/29 06:13:45 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/29 06:13:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/29 06:13:45 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/29 06:13:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/29 06:13:45 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/29 06:13:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/29 06:13:45 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/29 06:13:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/29 06:13:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/29 06:13:45 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/29 06:13:45 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/29 06:13:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/29 06:13:45 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/29 06:13:45 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/29 06:13:45 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/29 06:13:45 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/29 06:13:45 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/29 06:13:45 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/29 06:13:45 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/29 06:13:45 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/29 06:13:45 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/29 06:13:45 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/29 06:13:45 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/29 06:13:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/29 06:13:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/29 06:13:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/29 06:13:45 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/29 06:13:45 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/29 06:13:45 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/29 06:13:45 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/29 06:13:45 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/29 06:13:45 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/29 06:13:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/29 06:13:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/29 06:13:45 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/29 06:13:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/29 06:13:45 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/29 06:13:45 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/29 06:13:45 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/29 06:13:45 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/29 06:13:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/29 06:13:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

========== Files Created - No Company Name ==========

[2011/05/20 15:26:31 | 000,002,971 | ---- | C] () -- C:\Users\John\Desktop\HiJackThis.lnk
[2011/05/20 15:11:12 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 15:05:59 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/19 19:33:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/17 11:07:01 | 000,001,367 | ---- | C] () -- C:\Users\John\Desktop\GoToMeeting.lnk
[2011/05/17 11:02:32 | 000,002,425 | ---- | C] () -- C:\Users\John\Desktop\s Quick Connect.lnk
[2011/05/17 11:00:33 | 000,072,080 | ---- | C] () -- C:\Users\John\g2mdlhlpx.exe
[2011/04/29 06:31:49 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/04/29 06:30:45 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/04/29 06:30:37 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/04/29 06:30:37 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/04/29 06:30:32 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/04/29 06:13:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/29 06:13:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/11 07:27:29 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/04/11 07:27:29 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/04/11 07:26:57 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/04/11 07:23:23 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/04/11 07:23:23 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/04/11 07:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/04/11 07:23:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/04/11 07:23:08 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/04/11 07:21:55 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/04/09 09:54:39 | 000,038,429 | ---- | C] () -- C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/04/04 17:09:42 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/04/04 16:27:49 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/02 20:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/17 06:49:23 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/02/17 06:49:23 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/02/17 06:49:23 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/02/17 06:49:22 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/02/17 06:49:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/02/17 06:33:45 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2009/07/28 22:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >


Sorry for the multiple postings, I have no idea why the OTL log is so huge. Thanks again for the help :P
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Spyware.Passwords.XGen

Unread postby Carolyn » May 22nd, 2011, 4:37 pm

Good job of posting those logs. :thumbleft:

The ESET scan did not produce a log as expected, so I would like for you to run another online scan.


Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post that log in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Spyware.Passwords.XGen

Unread postby overdrive148 » May 22nd, 2011, 6:08 pm

I went through the main site to the online scan, and it said "The Kaspersky Online Virus Scanner is being updated and improved!". I went through the link provided, and it got to updating and stated basically that the update has failed, restart the scan from the site, etcetc with an ERROR: License has expired message at the end. Please advise D:
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Spyware.Passwords.XGen

Unread postby Carolyn » May 23rd, 2011, 11:04 am

Let's give one other online scan a try:

Panda ActiveScan
Vista - W7 users:
Close your browser, right-click on the IE icon on the Start Menu or Quick Launch and select "Run as Administrator".

Please go to Panda ActiveScan © Panda Security... to perform a free online scan.
You must use Internet Explorer as the scan requires ActiveX.
  1. Click on the Scan your PC now button.
    A new window will open.
  2. Make sure the "Full scan" scan type is CHECKED.
  3. Press the "Scan Now" button.
  4. You will be prompted to install an ActiveX module. Please allow it.
    If your browser blocks pop-ups, you may see a bar at the top of the window asking you to click, to allow ... please allow it.
    Panda Active scan will update itself... this may also be a pop-up...please allow also.
  5. Once the program is updated, it will begin to scan your computer. This will take a long time, so be patient, let it run.
  6. Once done, click on Export to:... save it to your Desktop.
  7. A file named "ActiveScan.txt" will be created on your desktop.
  8. Please copy and paste the contents of the ActiveScan.txt file in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Spyware.Passwords.XGen

Unread postby overdrive148 » May 23rd, 2011, 4:20 pm

"We have detected that your PC is using a version of Microsoft Internet Explorer or Firefox, or another browser, that is not compatible with ActiveScan 2.0. Download Panda Antivirus 2011 Free* to scan your PC and make sure it is virus free." * meaning free for a month. I can install it if it is what you want, though.

//edit
It was using an older version of Firefox: I just updated to version 4 and retried - no luck.
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Spyware.Passwords.XGen

Unread postby Carolyn » May 23rd, 2011, 6:33 pm

Did you try Internet Explorer. Remember to exit from your browser then launch it by using a right-click on the icon and selecting "Run as administrator"
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Spyware.Passwords.XGen

Unread postby overdrive148 » May 23rd, 2011, 7:44 pm

Just tried both again, Internet Explorer 32 and 64 bit, and Firefox (all ran as administrator) still no dice on an online scan from panda
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Spyware.Passwords.XGen

Unread postby Carolyn » May 24th, 2011, 9:15 am

Your logs show no signs of malware. I was hoping to get one more scan but the online scans are not cooperating. I don't believe that the computer is infected, but if you like, we can keep this topic open for a couple of days to see if you encounter any unusual behavior while using the computer.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Spyware.Passwords.XGen

Unread postby overdrive148 » May 24th, 2011, 3:39 pm

Sorry :P okay, that sounds good. I dont know, I wanted to come here to make sure it was not infected, and the only thing that i dont know is that it ran/showed a loading symbol on the mouse, then stopped when I ran it...almost like it changed/installed something. If the logs show nothing that is fine, and i'd be okay with leaving it open a day or two more to make sure. Thanks for the help :P i appreciate it
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Spyware.Passwords.XGen

Unread postby Carolyn » May 24th, 2011, 4:38 pm

The majority of the malware out there won't infect a 64-bit computer. I am guessing that whatever tried to install on the computer failed.

Let's keep this topic open. Please come back in a couple of days to let me know how things are going. :thumbright:
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware