Jump to content

PaulAllen

Honorary Members
  • Posts

    206
  • Joined

  • Last visited

Everything posted by PaulAllen

  1. It still seems to do it while I am browsing just did it just now, it's random timing when it try's and always outbound. Detection, 23/04/2015 15:08:14, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound,
  2. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2015 01 Ran by Earth at 2015-04-23 14:59:28 Run:2 Running from C:\Users\Earth\Desktop Loaded Profiles: Earth (Available profiles: Earth) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = EmptyTemp: Reboot: end ***************** Processes closed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. EmptyTemp: => Removed 83.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:00:16 ====
  3. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-04-2015 01 Ran by Earth at 2015-04-23 14:42:58 Running from C:\Users\Earth\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) COMODO Firewall (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation) Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 15-04-2015 21:26:26 Scheduled Checkpoint 18-04-2015 22:03:56 Scheduled Checkpoint 19-04-2015 13:53:19 Scheduled Checkpoint 21-04-2015 08:54:33 Scheduled Checkpoint 21-04-2015 09:06:57 Installed Microsoft Fix it 50267 21-04-2015 21:44:32 Scheduled Checkpoint 22-04-2015 11:06:36 Scheduled Checkpoint 22-04-2015 11:25:01 Windows Update 22-04-2015 16:34:06 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-03-31 21:41 - 2013-09-03 17:19 - 00000759 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {056CA88A-173F-44DE-95E3-D2CADEF48CF2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.) Task: {28811A99-9E43-4C61-A166-751088E0548D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO) Task: {2E9BE86C-C8AC-49F3-B551-0C5FC694BEEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-22] (Piriform Ltd) Task: {744D7388-ACC0-4A2C-9534-C32AF11DA6B6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation) Task: {A3DDFCD4-F63D-42E3-AA78-77091AA7F8C3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO) Task: {BE69959B-50A7-494D-8FEC-36E98117D732} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-20] (COMODO) Task: {C2EF5941-0DCB-49CC-BE55-37875E076DDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.) Task: {EC11806B-13F2-47A6-A731-6A906F9251AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-22 15:27 - 2015-04-22 16:35 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-22 15:27 - 2015-04-22 16:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-04-22 21:01 - 2015-04-22 21:01 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042202\algo.dll 2015-04-23 08:50 - 2015-04-23 08:50 - 02927104 _____ () C:\Program Files\AVAST Software\Avast\defs\15042300\algo.dll 2015-03-22 15:27 - 2015-03-22 15:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_DCINST.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_FBCBADE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_FBCHADE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_FLMADE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\fdco6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\GameUXLegacyGDFs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iccvid.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\idecoi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\idecoiins.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc40u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSCOMCTL.OCX:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshta.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSSTDFMT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvconrm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcuvenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvd3dum.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvoglv32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvuninst.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvunrm.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvwgf2um.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrm.vbs:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrsmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ASACPI.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvmfdx32.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvstor32.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Rtnicxp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbprint.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\etc\hosts.old:$CmdZnID AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\cissp-cib.pdf:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\ComboFix.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\ComboFix.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\FRST.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\FRST.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\hosts.zip:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\JRT.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\OTL.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\OTL.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\tdsskiller.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\tdsskiller.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Documents\KeyScrambler_Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf:$CmdZnID AlternateDataStreams: C:\Users\Earth\Documents\npp.6.7.3.Installer.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Documents\privatetunnel-win-2.4.exe:$CmdTcID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13810967.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13810967.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1001movie.com -> 1001movie.com There are 6091 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2376867508-200169253-45356126-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: ArcService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Monitor 4.lnk => C:\Windows\pss\Device Monitor 4.lnk.CommonStartup MSCONFIG\startupreg: EPSON Stylus DX4800 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SB7ED.tmp" /EF "HKLM" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== Accounts: ============================= Administrator (S-1-5-21-2376867508-200169253-45356126-500 - Administrator - Disabled) Earth (S-1-5-21-2376867508-200169253-45356126-1000 - Administrator - Enabled) => C:\Users\Earth Guest (S-1-5-21-2376867508-200169253-45356126-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2015 06:26:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application gimp-2.8.exe, version 2.8.14.0, time stamp 0x00000000, faulting module libpixman-1-0.dll, version 0.0.0.0, time stamp 0x3f2e3eab, exception code 0xc0000005, fault offset 0x0006fc33, process id 0x13d4, application start time 0xgimp-2.8.exe0. Error: (04/22/2015 04:50:09 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (04/22/2015 04:34:06 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {29475c8a-0268-4327-848f-469db4dd3a31} Error: (04/21/2015 10:57:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\EARTH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis System errors: ============= Error: (04/22/2015 09:14:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (04/22/2015 09:05:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (04/22/2015 09:00:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (04/21/2015 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Software Licensing23000001Restart the service Error: (04/21/2015 10:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Print Spooler2600001Restart the service Error: (04/21/2015 10:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Windows Search1300001Restart the service Error: (04/21/2015 10:33:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: MBAMService1 Error: (04/21/2015 10:33:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: MBAMScheduler1 Error: (04/21/2015 10:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Print Spooler1600001Restart the service Error: (04/21/2015 10:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Software Licensing11200001Restart the service Microsoft Office Sessions: ========================= Error: (04/22/2015 06:26:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: gimp-2.8.exe2.8.14.000000000libpixman-1-0.dll0.0.0.03f2e3eabc00000050006fc3313d401d07d1fbc38130d Error: (04/22/2015 04:50:09 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (04/22/2015 04:34:06 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {29475c8a-0268-4327-848f-469db4dd3a31} Error: (04/21/2015 10:57:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\EARTH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis CodeIntegrity Errors: =================================== Date: 2015-04-23 14:42:30.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 14:42:30.179 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 14:42:30.038 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 14:42:29.898 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:41.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:40.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:23.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:23.673 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 08:48:00.334 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-22 19:08:45.331 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz Percentage of memory in use: 42% Total physical RAM: 3581.63 MB Available physical RAM: 2060.25 MB Total Pagefile: 7372.23 MB Available Pagefile: 5706.28 MB Total Virtual: 2047.88 MB Available Virtual: 1914.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:866 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 93D0ECF1) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2015 01 Ran by Earth (administrator) on EARTH-PC on 23-04-2015 14:42:18 Running from C:\Users\Earth\Desktop Loaded Profiles: Earth (Available profiles: Earth) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Ruiware LLC) C:\Program Files\WinPatrol\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1359064 2015-04-20] (COMODO) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-22] (Avast Software s.r.o.) HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [509216 2015-03-26] (QFX Software Corporation) HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\Run: [WinPatrol] => C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-03-24] (Ruiware LLC) HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Program Files\ArcPlugins\NPSWF32.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-22] Chrome: ======= CHR HomePage: Default -> https://www.google.co.uk/ CHR StartupUrls: Default -> "https://www.google.co.uk/" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File CHR Profile: C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22] CHR Extension: (YouTube) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22] CHR Extension: (Google Search) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22] CHR Extension: (Bookmark Manager) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17] CHR Extension: (Avast Online Security) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22] CHR Extension: (Google Wallet) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22] CHR Extension: (Gmail) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ArcService; C:\Program Files\Arc\ArcService.exe [88584 2015-04-19] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-22] (Avast Software) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4351816 2015-04-20] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664728 2015-04-20] (COMODO) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] () R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-04-01] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [622192 2015-04-01] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40736 2015-04-01] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-04-01] (COMODO) R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [210512 2015-02-07] (QFX Software Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2015-03-22] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-22] (Avast Software) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\Earth\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 14:42 - 2015-04-23 14:42 - 01139200 _____ (Farbar) C:\Users\Earth\Desktop\FRST.exe 2015-04-23 14:42 - 2015-04-23 14:42 - 00011621 _____ () C:\Users\Earth\Desktop\FRST.txt 2015-04-23 09:02 - 2015-04-23 09:02 - 00138355 _____ () C:\Users\Earth\Desktop\hosts.zip 2015-04-22 22:43 - 2015-04-22 22:44 - 02347384 _____ (ESET) C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe 2015-04-22 18:48 - 2015-04-22 18:48 - 00000833 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel 2015-04-22 18:41 - 2015-04-22 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Earth\Desktop\OTL.exe 2015-04-22 17:48 - 2015-02-11 13:44 - 644050851 _____ () C:\Users\Earth\Desktop\bits.zip 2015-04-22 16:35 - 2015-04-22 16:35 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-04-22 16:35 - 2015-04-22 16:35 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-04-22 10:33 - 2015-04-22 10:33 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Earth\Desktop\tdsskiller.exe 2015-04-22 09:18 - 2015-04-22 09:18 - 00019299 _____ () C:\ComboFix.txt 2015-04-22 08:59 - 2015-04-22 08:57 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00098816 _____ () C:\Windows\sed.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00080412 _____ () C:\Windows\grep.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00068096 _____ () C:\Windows\zip.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-22 08:58 - 2015-04-22 09:18 - 00000000 ____D () C:\Qoobox 2015-04-22 08:57 - 2015-04-22 09:15 - 00000000 ____D () C:\Windows\erdnt 2015-04-22 08:55 - 2015-04-22 08:55 - 05619466 ____R (Swearware) C:\Users\Earth\Desktop\ComboFix.exe 2015-04-21 23:50 - 2015-04-21 23:51 - 00000000 ____D () C:\Users\Earth\Desktop\New Folder 2015-04-21 22:42 - 2015-04-21 22:44 - 00000000 ____D () C:\AdwCleaner 2015-04-21 22:32 - 2015-04-21 22:32 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat 2015-04-21 22:32 - 2015-04-21 22:32 - 00000000 ____D () C:\RegBackup 2015-04-21 22:28 - 2015-04-21 22:28 - 02685507 _____ (Thisisu) C:\Users\Earth\Desktop\JRT.exe 2015-04-21 22:28 - 2015-04-21 22:28 - 02217984 _____ () C:\Users\Earth\Desktop\adwcleaner_4.201.exe 2015-04-21 19:33 - 2015-04-21 19:33 - 00000050 _____ () C:\Users\Earth\Desktop\globe.txt 2015-04-21 09:19 - 2015-04-23 00:08 - 00000000 ____D () C:\Users\Earth\Desktop\old 2015-04-20 23:05 - 2015-04-20 23:06 - 00000000 ____D () C:\Users\Earth\Desktop\sound and vid intro 2015-04-20 14:52 - 2015-04-23 14:42 - 00000000 ____D () C:\FRST 2015-04-20 14:40 - 2015-04-21 00:07 - 00003608 _____ () C:\Windows\system32\Drivers\fvstore.dat 2015-04-20 14:40 - 2015-04-20 14:40 - 00000000 ____D () C:\VTRoot 2015-04-19 12:22 - 2015-04-19 12:26 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-04-19 12:22 - 2015-04-19 12:22 - 00000000 ____D () C:\Program Files\HitmanPro 2015-04-19 10:27 - 2015-04-19 10:27 - 00000219 _____ () C:\Users\Earth\Desktop\secureing wordpress.txt 2015-04-14 23:08 - 2015-04-14 23:08 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-14 23:03 - 2015-04-14 23:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-14 23:03 - 2015-04-14 23:03 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-14 23:03 - 2015-04-14 23:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-14 23:02 - 2015-04-14 23:02 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-14 23:02 - 2015-04-14 23:02 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-14 23:02 - 2015-04-14 23:02 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-14 22:57 - 2015-04-14 22:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-14 22:57 - 2015-04-14 22:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-04-14 22:57 - 2015-04-14 22:57 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-04-14 22:57 - 2015-03-10 00:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-14 22:57 - 2015-03-09 23:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-13 09:37 - 2015-04-22 13:48 - 00000667 _____ () C:\Users\Earth\Desktop\music.txt 2015-04-08 08:53 - 2015-04-08 08:53 - 00106593 _____ () C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html 2015-04-08 08:53 - 2015-04-08 08:53 - 00000000 ____D () C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe_files 2015-04-08 08:03 - 2015-04-17 12:10 - 00000349 _____ () C:\Users\Earth\Desktop\GG.txt 2015-04-05 14:24 - 2015-04-05 14:24 - 00000000 ____D () C:\Users\Earth\AppData\Roaming\QFX Software 2015-04-05 14:24 - 2015-04-05 14:24 - 00000000 ____D () C:\ProgramData\QFX Software 2015-04-05 11:04 - 2015-04-22 10:18 - 00000827 _____ () C:\Users\Earth\Desktop\p.txt 2015-04-02 12:05 - 2015-04-05 07:53 - 00000573 _____ () C:\Users\Earth\Desktop\Tent stuff.txt 2015-04-02 10:42 - 2015-04-02 10:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-02 10:42 - 2015-04-02 10:42 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-04-02 10:28 - 2015-04-02 10:29 - 226547341 _____ () C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip 2015-04-01 09:47 - 2015-04-01 09:47 - 00000000 ____D () C:\Users\Earth\Desktop\Bookings - Badgells Wood_files 2015-04-01 09:46 - 2015-04-01 09:47 - 00028723 _____ () C:\Users\Earth\Desktop\Bookings - Badgells Wood.html 2015-03-31 21:41 - 2015-04-19 12:28 - 00524227 _____ () C:\Windows\system32\Drivers\etc\hosts.old 2015-03-31 10:40 - 2015-04-05 14:49 - 00000000 ____D () C:\Users\Earth\Desktop\Natural pathways 2015-03-29 09:34 - 2015-03-29 09:34 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe 2015-03-29 09:34 - 2008-07-08 08:45 - 00004984 _____ () C:\Windows\system32\Drivers\nvphy.bin 2015-03-26 18:04 - 2015-04-22 18:48 - 00000000 ____D () C:\Users\Earth\AppData\Local\gtk-2.0 2015-03-26 18:04 - 2015-03-26 18:04 - 00000000 ____D () C:\Users\Earth\.thumbnails 2015-03-26 17:36 - 2015-03-26 17:36 - 00000765 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2015-03-26 17:36 - 2015-03-26 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan 2015-03-26 17:36 - 2006-10-13 01:00 - 00061952 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escwiad.dll 2015-03-26 17:35 - 2015-03-26 17:36 - 00000000 ____D () C:\Program Files\EPSON 2015-03-26 17:35 - 2015-03-26 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2015-03-26 17:34 - 2015-03-26 17:34 - 00079679 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLMADE.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00064000 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCBADE.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00049152 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00034304 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCHADE.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00000000 ____D () C:\ProgramData\EPSON 2015-03-26 17:18 - 2015-04-22 18:49 - 00000000 ____D () C:\Users\Earth\.gimp-2.8 2015-03-26 17:18 - 2015-03-26 17:18 - 00000874 _____ () C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk 2015-03-26 17:18 - 2015-03-26 17:18 - 00000000 ____D () C:\Users\Earth\AppData\Local\gegl-0.2 2015-03-26 17:18 - 2015-03-26 17:18 - 00000000 ____D () C:\Users\Earth\AppData\Local\fontconfig 2015-03-26 17:17 - 2015-03-26 17:17 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-03-26 17:14 - 2015-03-26 17:17 - 00000000 ____D () C:\Program Files\GIMP 2 2015-03-26 17:13 - 2015-03-26 17:14 - 00000000 ____D () C:\Users\Earth\Desktop\Great Canoe Trail 2015-03-26 16:57 - 2015-03-26 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler 2015-03-26 16:57 - 2015-03-26 16:57 - 00000000 ____D () C:\Program Files\KeyScrambler 2015-03-26 16:57 - 2015-02-07 04:37 - 00210512 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys 2015-03-26 12:59 - 2015-03-26 13:25 - 00000000 ____D () C:\Users\Earth\AppData\Local\Nvidia Corporation 2015-03-25 22:27 - 2015-03-25 22:27 - 00000000 ____D () C:\Program Files\AGEIA Technologies 2015-03-25 09:18 - 2015-04-20 23:08 - 00015872 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-25 09:17 - 2015-03-25 09:17 - 00000000 ____D () C:\Windows\pss 2015-03-25 08:58 - 2015-03-25 08:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2015-03-24 20:16 - 2015-03-27 18:49 - 00002145 _____ () C:\Users\Earth\Desktop\kids event.txt 2015-03-24 01:43 - 2015-03-25 09:00 - 00000000 ____D () C:\Users\Earth\AppData\Roaming\WinPatrol 2015-03-24 01:43 - 2015-03-24 01:43 - 00000000 ____D () C:\ProgramData\InstallMate 2015-03-24 01:43 - 2015-03-24 01:43 - 00000000 ____D () C:\Program Files\WinPatrol ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 13:48 - 2015-03-22 15:29 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-23 12:47 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-23 12:47 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-23 10:57 - 2006-11-02 13:52 - 00755764 _____ () C:\Windows\WindowsUpdate.log 2015-04-23 10:21 - 2006-11-02 11:33 - 00865966 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-23 08:48 - 2015-03-22 15:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-23 08:48 - 2015-03-22 14:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-23 08:47 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-23 00:09 - 2006-11-02 14:01 - 00029244 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-22 16:35 - 2015-03-22 15:28 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-04-22 16:35 - 2015-03-22 15:07 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-22 16:34 - 2015-03-22 15:07 - 00000000 ____D () C:\Program Files\SpywareBlaster 2015-04-22 15:30 - 2015-03-22 14:02 - 00000000 ____D () C:\Users\Earth 2015-04-22 11:25 - 2015-03-22 20:37 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-04-22 09:18 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-04-22 09:18 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-04-22 09:14 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2015-04-22 08:57 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2015-04-20 14:40 - 2015-03-22 14:55 - 00001777 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk 2015-04-19 14:32 - 2015-03-22 16:32 - 00000000 ____D () C:\Program Files\Arc 2015-04-15 10:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-14 23:08 - 2015-03-22 21:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-14 23:03 - 2006-11-02 11:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-04-02 10:41 - 2015-03-22 14:02 - 00001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-04-02 10:40 - 2012-02-09 22:43 - 19443520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 17543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 15009600 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 10816832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-04-02 10:40 - 2012-02-09 22:43 - 07713088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 05892928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02517312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02437440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02301248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-04-02 10:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help 2015-04-01 18:49 - 2015-01-30 13:27 - 00622192 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00040736 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2015-04-01 18:48 - 2015-01-30 13:27 - 00444472 _____ (COMODO) C:\Windows\system32\guard32.dll 2015-04-01 18:48 - 2015-01-30 13:27 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00288472 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll 2015-04-01 08:40 - 2006-11-02 13:47 - 00228936 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-29 09:35 - 2007-07-13 08:18 - 00050688 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\Rtnicxp.sys 2015-03-29 09:34 - 2008-09-02 15:03 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvunrm.exe 2015-03-29 09:34 - 2008-08-01 19:51 - 01052704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx32.sys 2015-03-29 09:34 - 2008-08-01 18:35 - 00207872 _____ (NVIDIA Corporation) C:\Windows\system32\fdco6.dll 2015-03-29 09:34 - 2008-07-29 20:33 - 00122880 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll 2015-03-26 17:36 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32 2015-03-26 17:32 - 2015-03-22 14:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys 2015-03-26 14:35 - 2015-03-20 11:21 - 27410776 _____ (OpenVPN Technologies) C:\Users\Earth\Documents\privatetunnel-win-2.4.exe 2015-03-26 14:35 - 2015-03-06 18:28 - 01552128 _____ () C:\Users\Earth\Documents\KeyScrambler_Setup.exe 2015-03-26 14:35 - 2015-02-21 12:53 - 76663632 _____ (Lightworks) C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe 2015-03-26 14:35 - 2015-02-21 02:23 - 07962144 _____ () C:\Users\Earth\Documents\npp.6.7.3.Installer.exe 2015-03-25 22:16 - 2007-08-09 19:12 - 00110624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoiins.dll 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoi.dll 2015-03-25 10:11 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-03-25 10:07 - 2015-03-22 14:02 - 00000944 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-25 09:00 - 2015-03-22 16:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-03-24 01:43 - 2015-03-22 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol ==================== Files in the root of some directories ======= 2015-03-22 14:02 - 2015-04-02 10:41 - 0001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-03-25 09:18 - 2015-04-20 23:08 - 0015872 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-22 18:48 - 2015-04-22 18:48 - 0000833 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-23 08:53 ==================== End Of Log ============================
  5. Oh I forgot to add can I re-install my MVP host file yet? Thank you
  6. At the end of the scan it found nothing and only had a finished button and a box to check that was for uninstalling the software. No list threat and no export or save file. Thank you
  7. It's still going out here's another recent log.. Detection, 22/04/2015 20:38:21, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound,
  8. OTL logfile created on: 22/04/2015 18:51:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Earth\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.50 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 62.08% Memory free 7.20 Gb Paging File | 5.86 Gb Available in Paging File | 81.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931.51 Gb Total Space | 865.87 Gb Free Space | 92.95% Space Free | Partition Type: NTFS Computer Name: EARTH-PC | User Name: Earth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/04/22 18:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe PRC - [2015/04/22 16:35:29 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2015/04/22 16:35:27 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2015/04/22 16:35:15 | 003,207,800 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe PRC - [2015/04/20 14:35:23 | 000,455,384 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe PRC - [2015/04/20 14:30:50 | 001,359,064 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe PRC - [2015/04/20 14:30:45 | 007,689,432 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe PRC - [2015/04/20 14:30:09 | 004,351,816 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2015/03/26 16:57:01 | 000,509,216 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe PRC - [2015/03/17 07:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2015/03/17 07:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/03/17 07:14:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2015/04/22 16:35:28 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll MOD - [2015/04/22 16:35:27 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll MOD - [2015/03/22 15:28:06 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll ========== Services (SafeList) ========== SRV - [2015/04/22 16:35:27 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2015/04/22 16:35:15 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc) SRV - [2015/04/20 14:30:18 | 001,664,728 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV - [2015/04/20 14:30:09 | 004,351,816 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent) SRV - [2015/04/19 08:25:08 | 000,088,584 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files\Arc\ArcService.exe -- (ArcService) SRV - [2015/03/17 07:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/03/17 07:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Earth\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2015/04/22 16:38:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2015/04/22 16:35:32 | 000,427,992 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2015/04/22 16:35:32 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2015/04/22 16:35:32 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2015/04/22 16:35:32 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2015/04/22 16:35:32 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2015/04/22 16:35:32 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2015/04/22 16:35:32 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid) DRV - [2015/04/22 16:35:19 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2015/04/22 16:35:15 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv) DRV - [2015/04/02 10:40:56 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2015/04/01 18:49:18 | 000,091,200 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2015/04/01 18:49:15 | 000,040,736 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2015/04/01 18:49:12 | 000,622,192 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2015/04/01 18:49:09 | 000,017,088 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd) DRV - [2015/03/29 09:35:11 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2015/03/29 09:34:38 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2015/03/25 22:16:46 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2015/03/22 22:37:59 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2015/03/17 07:15:32 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl) DRV - [2015/03/17 07:15:22 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2015/02/07 04:37:08 | 000,210,512 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Program Files\ArcPlugins\NPSWF32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/04/22 16:35:23 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.421.10417_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2013/09/03 17:19:52 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation) O4 - HKU\S-1-5-21-2376867508-200169253-45356126-1000..\Run: [WinPatrol] C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe (Ruiware LLC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7B2022-369D-496D-9906-0B853F11E601}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2015/04/22 18:41:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe [2015/04/22 16:35:33 | 000,291,312 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe [2015/04/22 16:35:29 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr [2015/04/22 10:33:07 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Earth\Desktop\tdsskiller.exe [2015/04/22 09:18:53 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\temp [2015/04/22 09:17:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2015/04/22 08:59:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2015/04/22 08:59:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2015/04/22 08:59:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2015/04/22 08:58:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2015/04/22 08:57:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2015/04/22 08:55:04 | 005,619,466 | R--- | C] (Swearware) -- C:\Users\Earth\Desktop\ComboFix.exe [2015/04/21 23:50:59 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\New Folder [2015/04/21 22:42:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015/04/21 22:32:49 | 000,000,000 | ---D | C] -- C:\RegBackup [2015/04/21 22:28:11 | 002,685,507 | ---- | C] (Thisisu) -- C:\Users\Earth\Desktop\JRT.exe [2015/04/21 09:19:45 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\old [2015/04/21 09:09:40 | 001,139,200 | ---- | C] (Farbar) -- C:\Users\Earth\Desktop\FRST.exe [2015/04/20 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\sound and vid intro [2015/04/20 14:52:36 | 000,000,000 | ---D | C] -- C:\FRST [2015/04/20 14:40:42 | 000,000,000 | ---D | C] -- C:\VTRoot [2015/04/19 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2015/04/19 12:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2015/04/08 08:53:27 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe_files [2015/04/05 14:24:26 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Roaming\QFX Software [2015/04/05 14:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software [2015/04/02 10:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2015/04/02 10:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2015/04/01 09:47:00 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Bookings - Badgells Wood_files [2015/03/31 10:40:09 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Natural pathways [2015/03/26 18:04:58 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\gtk-2.0 [2015/03/26 18:04:12 | 000,000,000 | ---D | C] -- C:\Users\Earth\.thumbnails [2015/03/26 17:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan [2015/03/26 17:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2015/03/26 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON [2015/03/26 17:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2015/03/26 17:18:42 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\fontconfig [2015/03/26 17:18:39 | 000,000,000 | ---D | C] -- C:\Users\Earth\.gimp-2.8 [2015/03/26 17:18:38 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\gegl-0.2 [2015/03/26 17:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2015/03/26 17:13:47 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Great Canoe Trail [2015/03/26 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler [2015/03/26 16:57:04 | 000,210,512 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys [2015/03/26 16:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler [2015/03/26 12:59:56 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\Nvidia Corporation [2015/03/25 22:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2015/03/25 13:38:46 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\ElevatedDiagnostics [2015/03/25 10:11:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2015/03/25 09:17:21 | 000,000,000 | ---D | C] -- C:\Windows\pss [2015/03/24 01:43:21 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Roaming\WinPatrol [2015/03/24 01:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinPatrol [2015/03/24 01:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2015/03/23 21:44:16 | 000,000,000 | ---D | C] -- C:\Windows\Migration ========== Files - Modified Within 30 Days ========== [2015/04/22 18:48:05 | 000,000,833 | ---- | M] () -- C:\Users\Earth\AppData\Local\recently-used.xbel [2015/04/22 18:48:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015/04/22 18:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe [2015/04/22 18:37:27 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2015/04/22 18:37:27 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2015/04/22 18:09:58 | 000,729,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2015/04/22 18:09:58 | 000,146,942 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2015/04/22 16:38:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015/04/22 16:38:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015/04/22 16:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015/04/22 16:37:22 | 3756,580,864 | -HS- | M] () -- C:\hiberfil.sys [2015/04/22 16:35:32 | 000,427,992 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSP.sys [2015/04/22 16:35:32 | 000,209,048 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2015/04/22 16:35:32 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys [2015/04/22 16:35:32 | 000,057,888 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswTdi.sys [2015/04/22 16:35:32 | 000,055,200 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr.sys [2015/04/22 16:35:32 | 000,049,904 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2015/04/22 16:35:32 | 000,024,144 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys [2015/04/22 16:35:29 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe [2015/04/22 16:35:29 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr [2015/04/22 16:35:19 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys [2015/04/22 15:33:08 | 000,362,595 | ---- | M] () -- C:\Users\Earth\Desktop\forest fires.jpg [2015/04/22 15:30:07 | 000,359,941 | ---- | M] () -- C:\Users\Earth\forest fires.jpg [2015/04/22 10:33:09 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Earth\Desktop\tdsskiller.exe [2015/04/22 08:57:53 | 000,518,144 | ---- | M] (SteelWerX) -- C:\Windows\SWREG.exe [2015/04/22 08:57:53 | 000,406,528 | ---- | M] (SteelWerX) -- C:\Windows\SWSC.exe [2015/04/22 08:57:53 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2015/04/22 08:57:53 | 000,212,480 | ---- | M] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2015/04/22 08:57:53 | 000,208,896 | ---- | M] () -- C:\Windows\MBR.exe [2015/04/22 08:57:53 | 000,098,816 | ---- | M] () -- C:\Windows\sed.exe [2015/04/22 08:57:53 | 000,080,412 | ---- | M] () -- C:\Windows\grep.exe [2015/04/22 08:57:53 | 000,068,096 | ---- | M] () -- C:\Windows\zip.exe [2015/04/22 08:57:52 | 000,060,416 | ---- | M] (NirSoft) -- C:\Windows\NIRCMD.exe [2015/04/22 08:55:07 | 005,619,466 | R--- | M] (Swearware) -- C:\Users\Earth\Desktop\ComboFix.exe [2015/04/21 22:32:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat [2015/04/21 22:28:32 | 002,217,984 | ---- | M] () -- C:\Users\Earth\Desktop\adwcleaner_4.201.exe [2015/04/21 22:28:13 | 002,685,507 | ---- | M] (Thisisu) -- C:\Users\Earth\Desktop\JRT.exe [2015/04/21 15:49:47 | 001,968,287 | ---- | M] () -- C:\Users\Earth\Desktop\cissp-cib.pdf [2015/04/21 09:09:41 | 001,139,200 | ---- | M] (Farbar) -- C:\Users\Earth\Desktop\FRST.exe [2015/04/21 00:07:54 | 000,003,608 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat [2015/04/20 23:08:11 | 000,015,872 | ---- | M] () -- C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015/04/20 14:40:34 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2015/04/19 12:28:00 | 000,524,227 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old [2015/04/08 08:53:27 | 000,106,593 | ---- | M] () -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html [2015/04/02 12:53:18 | 000,001,995 | ---- | M] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/04/02 10:41:29 | 000,001,356 | ---- | M] () -- C:\Users\Earth\AppData\Local\d3d9caps.dat [2015/04/02 10:29:13 | 226,547,341 | ---- | M] () -- C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip [2015/04/01 18:49:18 | 000,091,200 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys [2015/04/01 18:49:15 | 000,040,736 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys [2015/04/01 18:49:12 | 000,622,192 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys [2015/04/01 18:49:09 | 000,017,088 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys [2015/04/01 18:48:21 | 000,033,520 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll [2015/04/01 18:48:18 | 000,444,472 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll [2015/04/01 18:45:54 | 000,288,472 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll [2015/04/01 18:45:27 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll [2015/04/01 09:47:00 | 000,028,723 | ---- | M] () -- C:\Users\Earth\Desktop\Bookings - Badgells Wood.html [2015/04/01 08:40:27 | 000,228,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2015/03/26 17:36:40 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2015/03/26 17:18:48 | 000,000,874 | ---- | M] () -- C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk [2015/03/26 14:35:48 | 027,410,776 | ---- | M] (OpenVPN Technologies) -- C:\Users\Earth\Documents\privatetunnel-win-2.4.exe [2015/03/26 14:35:44 | 007,962,144 | ---- | M] () -- C:\Users\Earth\Documents\npp.6.7.3.Installer.exe [2015/03/26 14:35:34 | 076,663,632 | ---- | M] (Lightworks) -- C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe [2015/03/26 14:35:19 | 001,552,128 | ---- | M] () -- C:\Users\Earth\Documents\KeyScrambler_Setup.exe [2015/03/25 10:07:40 | 000,000,938 | ---- | M] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2015/03/25 09:10:07 | 028,997,775 | ---- | M] () -- C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf [2015/03/25 08:58:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf ========== Files Created - No Company Name ========== [2015/04/22 18:48:05 | 000,000,833 | ---- | C] () -- C:\Users\Earth\AppData\Local\recently-used.xbel [2015/04/22 17:48:41 | 644,050,851 | ---- | C] () -- C:\Users\Earth\Desktop\bits.zip [2015/04/22 15:30:07 | 000,359,941 | ---- | C] () -- C:\Users\Earth\forest fires.jpg [2015/04/22 10:28:14 | 000,362,595 | ---- | C] () -- C:\Users\Earth\Desktop\forest fires.jpg [2015/04/22 08:59:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2015/04/22 08:59:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2015/04/22 08:59:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2015/04/22 08:59:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2015/04/22 08:59:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2015/04/21 22:32:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat [2015/04/21 22:28:32 | 002,217,984 | ---- | C] () -- C:\Users\Earth\Desktop\adwcleaner_4.201.exe [2015/04/21 15:49:46 | 001,968,287 | ---- | C] () -- C:\Users\Earth\Desktop\cissp-cib.pdf [2015/04/20 14:40:39 | 000,003,608 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat [2015/04/08 08:53:25 | 000,106,593 | ---- | C] () -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html [2015/04/02 10:28:35 | 226,547,341 | ---- | C] () -- C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip [2015/04/01 09:46:59 | 000,028,723 | ---- | C] () -- C:\Users\Earth\Desktop\Bookings - Badgells Wood.html [2015/03/29 09:34:43 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2015/03/26 17:36:40 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2015/03/26 17:18:48 | 000,000,874 | ---- | C] () -- C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk [2015/03/26 17:17:45 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2015/03/26 13:40:32 | 3756,580,864 | -HS- | C] () -- C:\hiberfil.sys [2015/03/25 10:07:40 | 000,000,938 | ---- | C] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2015/03/25 09:18:48 | 000,015,872 | ---- | C] () -- C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015/03/25 09:10:05 | 028,997,775 | ---- | C] () -- C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf [2015/03/25 08:58:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2015/03/24 11:18:19 | 000,001,995 | ---- | C] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/03/22 15:28:21 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2015/03/22 15:28:19 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2015/03/22 15:28:17 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys [2015/03/22 14:38:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2015/03/22 14:38:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2015/03/22 14:38:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2015/03/22 14:02:10 | 000,001,356 | ---- | C] () -- C:\Users\Earth\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/03/22 20:24:15 | 011,587,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2015/03/22 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\Arc [2015/03/22 15:32:57 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\AVAST Software [2015/04/05 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\QFX Software [2015/03/25 09:00:56 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\WinPatrol ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Windows\zip.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XpsPrint.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XpsGdiConverter.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xmllite.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_9.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_8.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_7.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuwebv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wudriver.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFx.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFSvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFPlatform.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFHost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFCoinstaller.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wucltux.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuaueng.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuauclt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapp.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmWmiPl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmSvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmRes.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmprovhost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmplpxy.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmAuto.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManMigrationPlugin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManHTTPConfig.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wshom.ocx:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wshcon.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSDApi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wscript.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDSp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDShServiceObj.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDShextAutoplay.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpdshext.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpdbusenum.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpd_ci.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMVDECOD.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMVCORE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMSPDMOD.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmpmde.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmploc.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMPhoto.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmpdxm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmicmiplugin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMALFXGFXDSP.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlansvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlansec.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlanmsm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlanapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wkssvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winusb.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wintrust.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winsrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrssrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrsmgr.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrshost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrscmd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrs.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrm.vbs:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winmm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wininet.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winhttp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WindowsCodecs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32spl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32k.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wevtfwd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wer.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecutil.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wdigest.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\Wdfres.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\vbscript.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\usp10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\urlmon.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\url.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\unregmp2.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIRibbonRes.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIRibbon.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIAutomationCore.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIAnimation.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\tzres.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\TsWpfWrp.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\tsbyuv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\timedate.cpl:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\themeui.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\termsrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\TCPSVCS.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskschd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskeng.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskcomp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\t2embed.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\SysFxUI.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\synceng.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\srvsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\spwmp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\spoolsv.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\smss.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\shsvcs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\shlwapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\shell32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secur32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_ssp_isv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_ssp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_isv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\sdclt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\scrrun.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\schedsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\schannel.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\scesrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\sbeio.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\sbe.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rtutils.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rpcrt4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ROUTE.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_ssp_isv.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_ssp.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_isv.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rdpencom.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rastls.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\quartz.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\qedit.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\qdvd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\pwrshplugin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\psisrndr.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\psisdecd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\profsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\printcom.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationHostProxy.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationHost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceWMDRM.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceTypes.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceConnectApi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceClassExtension.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceApi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\packager.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleaut32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleaccrc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleacc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ole32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\odbc32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvwgf2um.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvunrm.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvuninst.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvoglv32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvd3dum.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuvid.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuvenc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuda.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvconrm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcompiler.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntoskrnl.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntkrnlpa.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntdll.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nshhttp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nlasvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nlaapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\NETSTAT.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netiohlp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netfxperf.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netevent.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netapi32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ncsi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ncrypt.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msyuv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml3r.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvidc32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvfw32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvcrt.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msv1_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mstscax.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mstsc.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSSTDFMT.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msshsq.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msrle32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msihnd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtmled.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtml.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshta.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeedssync.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeedsbs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeeds.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msdxm.ocx:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSDvbNP.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msdrm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msctf.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscories.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscorier.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscoree.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSCOMCTL.OCX:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msaudite.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msasn1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mrt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MRINFO.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MpSigStub.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mpg2splt.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\Mpeg2Data.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MP4SDECD.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc42u.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc40u.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mciseq.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mciavi32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsass.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsasrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\lpk.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\localspl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\l3codecp.acm:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\l3codeca.acm:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\L2SecHC.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\kernel32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\kerberos.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\jsproxy.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript9.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iyuv_32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iphlpsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\infocardapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcpl.cpl:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcomm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\IMJP10K.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\imagehlp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\IKEEXT.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieUnatt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieui.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iertutil.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieframe.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\idecoiins.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\idecoi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iccvid.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\icardres.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\icardagt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\icaapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\httpapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\HOSTNAME.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\hcrstco.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\hccoin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\gdi32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\GameUXLegacyGDFs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\gameux.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\FWPUCLNT.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\fontsub.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\FntCache.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\finger.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\fdco6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\EncDump.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\EncDec.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FLMADE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FBCHADE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FBCBADE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_DCINST.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtrans.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtmsft.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxmasf.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\DWrite.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WUDFRd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WUDFPf.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WdfLdr.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Wdf01000.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\volsnap.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbscan.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbprint.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbport.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbohci.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbhub.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbehci.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbccgp.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usb8023.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\UMDF\WpdFs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tunnel.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tssecsrv.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tcpipreg.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tcpip.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srvnet.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv2.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Rtnicxp.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\rdpwd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\portcls.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\partmgr.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvstor32.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvmfdx32.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvlddmkm.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ntfs.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb20.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb10.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxdav.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ksecdd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\http.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\fs_rec.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\fastfat.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\dxgkrnl.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\drmk.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\dfsc.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\bowser.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ASACPI.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\afd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dpnsvr.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dpnet.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnsrslvr.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnscacheugc.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnsapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dfshim.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dciman32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_41.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_39.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_38.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_37.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_36.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_35.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_34.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_33.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_31.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_30.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_29.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_28.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_27.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_26.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_25.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_24.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx11_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_41.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_39.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_38.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_37.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_36.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_35.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_34.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_33.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dcsx_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_41.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_39.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_38.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_37.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_36.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_35.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_34.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_33.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10warp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10level9.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10core.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10_1core.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d2d1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\csrsrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cscript.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptnet.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptdlg.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\crypt32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\consent.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\comctl32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\clfsw32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\clfs.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\certutil.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\certenc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cdd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cabview.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\BthMtpContextHandler.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\avifil32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\authui.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\audiosrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\AUDIOKSE.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\AudioEng.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmlib.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmfd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\atl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\asycfilt.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ARP.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\appinfo.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\Apphlpdm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\adtschema.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\SWXCACLS.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\SWSC.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\SWREG.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\sed.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\PEV.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\NIRCMD.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\MBR.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\grep.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\avastSS.scr:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\privatetunnel-win-2.4.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\npp.6.7.3.Installer.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\KeyScrambler_Setup.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\tdsskiller.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\OTL.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\JRT.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\FRST.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\ComboFix.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Program Files\KeyScrambler\keyscrambler.exe:$CmdTcID @Alternate Data Stream - 26 bytes -> C:\Windows\System32\drivers\etc\hosts.old:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\tdsskiller.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\OTL.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\JRT.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\FRST.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\ComboFix.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\cissp-cib.pdf:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdZnID @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >
  9. OTL Extras logfile created on: 22/04/2015 18:51:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Earth\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.50 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 62.08% Memory free 7.20 Gb Paging File | 5.86 Gb Available in Paging File | 81.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931.51 Gb Total Space | 865.87 Gb Free Space | 92.95% Space Free | Partition Type: NTFS Computer Name: EARTH-PC | User Name: Earth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{684D7D20-525A-48BC-8C17-2A153CEB3C6A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{182C9667-60B9-4DD7-849C-3C416DEBDF21}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "{8C818C07-A531-44D6-8EA1-0C2360D5695C}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "TCP Query User{67C53C57-435C-4803-9F6D-AFC7E58B8C11}C:\program files\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\neverwinter_en\neverwinter\live\gameclient.exe | "UDP Query User{964554DB-D3AA-4838-9DFF-2C800B69A830}C:\program files\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\neverwinter_en\neverwinter\live\gameclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{68BE8BAB-5375-4C99-9116-1808F5968D40}" = COMODO Firewall "{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol "{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc "Avast" = Avast Free Antivirus "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "GIMP-2_is1" = GIMP 2.8.14 "Google Chrome" = Google Chrome "KeyScrambler" = KeyScrambler "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.4.1018 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "SpywareBlaster_is1" = SpywareBlaster 5.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 21/04/2015 17:57:30 | Computer Name = Earth-PC | Source = Windows Search Service | ID = 3013 Description = Error - 22/04/2015 11:34:06 | Computer Name = Earth-PC | Source = VSS | ID = 8194 Description = Error - 22/04/2015 11:50:09 | Computer Name = Earth-PC | Source = Perflib | ID = 1010 Description = Error - 22/04/2015 13:26:40 | Computer Name = Earth-PC | Source = Application Error | ID = 1000 Description = Faulting application gimp-2.8.exe, version 2.8.14.0, time stamp 0x00000000, faulting module libpixman-1-0.dll, version 0.0.0.0, time stamp 0x3f2e3eab, exception code 0xc0000005, fault offset 0x0006fc33, process id 0x13d4, application start time 0x01d07d1fbc38130d. [ System Events ] Error - 09/04/2015 15:16:39 | Computer Name = Earth-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 09/04/2015 15:20:10 | Computer Name = Earth-PC | Source = DCOM | ID = 10005 Description = Error - 09/04/2015 15:20:11 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7009 Description = Error - 09/04/2015 15:20:11 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09/04/2015 15:22:13 | Computer Name = Earth-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 20:20:41 on 09/04/2015 was unexpected. Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031 Description = Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031 Description = Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7034 Description = Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7034 Description = Error - 12/04/2015 18:20:20 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031 Description = < End of report >
  10. Logs above It says that there is a NDTLL code modification ZwClose does this indicate a kernel modification and a rootkit has installed itself some how? Thank you
  11. ComboFix 15-04-19.01 - Earth 22/04/2015 9:00.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2451 [GMT 1:00] Running from: c:\users\Earth\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: COMODO Firewall *Disabled* {C8870897-C358-086B-2944-184866CC6D0A} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2015-03-22 to 2015-04-22 ))))))))))))))))))))))))))))))) . . 2015-04-22 08:13 . 2015-04-22 08:14 -------- d-----w- c:\users\Earth\AppData\Local\temp 2015-04-22 08:13 . 2015-04-22 08:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-04-21 21:42 . 2015-04-21 21:44 -------- d-----w- C:\AdwCleaner 2015-04-21 21:32 . 2015-04-21 21:32 -------- d-----w- C:\RegBackup 2015-04-20 13:52 . 2015-04-21 08:20 -------- d-----w- C:\FRST 2015-04-20 13:40 . 2015-04-20 13:40 -------- d-----w- C:\VTRoot 2015-04-20 13:40 . 2015-04-20 23:07 3608 ----a-w- c:\windows\system32\drivers\fvstore.dat 2015-04-19 11:22 . 2015-04-19 11:22 -------- d-----w- c:\program files\HitmanPro 2015-04-19 11:22 . 2015-04-19 11:26 -------- d-----w- c:\programdata\HitmanPro 2015-04-17 17:26 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{025D98AE-363B-4870-BCAA-C4B6670A0556}\mpengine.dll 2015-04-14 22:08 . 2015-04-14 22:08 1249280 ----a-w- c:\windows\system32\msxml3.dll 2015-04-14 22:03 . 2015-04-14 22:03 297984 ----a-w- c:\windows\system32\gdi32.dll 2015-04-14 22:03 . 2015-04-14 22:03 57344 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-14 22:03 . 2015-04-14 22:03 244152 ----a-w- c:\windows\system32\clfs.sys 2015-04-14 22:02 . 2015-04-14 22:02 1205168 ----a-w- c:\windows\system32\ntdll.dll 2015-04-14 22:02 . 2015-04-14 22:02 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-04-14 22:02 . 2015-04-14 22:02 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-04-05 13:24 . 2015-04-05 13:24 -------- d-----w- c:\users\Earth\AppData\Roaming\QFX Software 2015-04-05 13:24 . 2015-04-05 13:24 -------- d-----w- c:\programdata\QFX Software 2015-04-02 09:42 . 2015-04-02 09:42 -------- d-----w- c:\programdata\NVIDIA Corporation 2015-04-02 09:42 . 2015-04-02 09:43 -------- d-----w- c:\program files\NVIDIA Corporation 2015-03-29 08:34 . 2015-03-29 08:34 453152 ----a-w- c:\windows\system32\nvuninst.exe 2015-03-29 08:34 . 2008-07-08 07:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin 2015-03-26 17:04 . 2015-03-26 17:11 -------- d-----w- c:\users\Earth\AppData\Local\gtk-2.0 2015-03-26 17:04 . 2015-03-26 17:04 -------- d-----w- c:\users\Earth\.thumbnails 2015-03-26 16:36 . 2006-10-13 00:00 61952 ----a-w- c:\windows\system32\escwiad.dll 2015-03-26 16:35 . 2015-03-26 16:36 -------- d-----w- c:\program files\EPSON 2015-03-26 16:34 . 2015-03-26 16:34 64000 ----a-w- c:\windows\system32\E_FBCBADE.DLL 2015-03-26 16:34 . 2015-03-26 16:34 34304 ----a-w- c:\windows\system32\E_FBCHADE.DLL 2015-03-26 16:34 . 2015-03-26 16:34 79679 ----a-w- c:\windows\system32\E_FLMADE.DLL 2015-03-26 16:34 . 2015-03-26 16:34 49152 ----a-w- c:\windows\system32\E_DCINST.DLL 2015-03-26 16:34 . 2015-03-26 16:34 -------- d-----w- c:\programdata\EPSON 2015-03-26 16:18 . 2015-03-26 16:18 -------- d-----w- c:\users\Earth\AppData\Local\fontconfig 2015-03-26 16:18 . 2015-03-26 17:15 -------- d-----w- c:\users\Earth\.gimp-2.8 2015-03-26 16:18 . 2015-03-26 16:18 -------- d-----w- c:\users\Earth\AppData\Local\gegl-0.2 2015-03-26 16:14 . 2015-03-26 16:17 -------- d-----w- c:\program files\GIMP 2 2015-03-26 15:57 . 2015-02-07 03:37 210512 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2015-03-26 15:57 . 2015-03-26 15:57 -------- d-----w- c:\program files\KeyScrambler 2015-03-26 11:59 . 2015-03-26 12:25 -------- d-----w- c:\users\Earth\AppData\Local\Nvidia Corporation 2015-03-26 08:37 . 2015-03-26 08:37 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2015-03-25 21:27 . 2015-03-25 21:27 -------- d-----w- c:\program files\AGEIA Technologies 2015-03-25 12:38 . 2015-03-25 12:38 -------- d-----w- c:\users\Earth\AppData\Local\ElevatedDiagnostics 2015-03-24 00:43 . 2015-03-25 08:00 -------- d-----w- c:\users\Earth\AppData\Roaming\WinPatrol 2015-03-24 00:43 . 2015-03-24 00:43 -------- d-----w- c:\programdata\InstallMate 2015-03-24 00:43 . 2015-03-24 00:43 -------- d-----w- c:\program files\WinPatrol 2015-03-23 20:44 . 2015-03-23 20:44 -------- d-----w- c:\windows\Migration 2015-03-23 20:42 . 2015-03-23 20:41 291312 ----a-w- c:\windows\system32\aswBoot.exe 2015-03-23 20:41 . 2015-03-23 20:41 43112 ----a-w- c:\windows\avastSS.scr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-22 07:26 . 2015-03-22 13:53 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-04-02 09:40 . 2012-02-09 21:43 5892928 ----a-w- c:\windows\system32\nvcuda.dll 2015-04-02 09:40 . 2012-02-09 21:43 2301248 ----a-w- c:\windows\system32\nvapi.dll 2015-04-02 09:40 . 2012-02-09 21:43 17543488 ----a-w- c:\windows\system32\nvcompiler.dll 2015-04-02 09:40 . 2012-02-09 21:43 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll 2015-04-02 09:40 . 2012-02-09 21:43 2517312 ----a-w- c:\windows\system32\nvcuvid.dll 2015-04-02 09:40 . 2012-02-09 21:43 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2015-04-02 09:40 . 2012-02-09 21:43 19443520 ----a-w- c:\windows\system32\nvoglv32.dll 2015-04-02 09:40 . 2012-02-09 21:43 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2015-04-02 09:40 . 2012-02-09 21:43 15009600 ----a-w- c:\windows\system32\nvd3dum.dll 2015-04-01 17:49 . 2015-01-30 12:27 91200 ----a-w- c:\windows\system32\drivers\inspect.sys 2015-04-01 17:49 . 2015-01-30 12:27 40736 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2015-04-01 17:49 . 2015-01-30 12:27 622192 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2015-04-01 17:49 . 2015-01-30 12:27 17088 ----a-w- c:\windows\system32\drivers\cmderd.sys 2015-04-01 17:48 . 2015-01-30 12:27 33520 ----a-w- c:\windows\system32\cmdcsr.dll 2015-04-01 17:48 . 2015-01-30 12:27 444472 ----a-w- c:\windows\system32\guard32.dll 2015-04-01 17:45 . 2015-01-30 12:27 288472 ----a-w- c:\windows\system32\cmdvrt32.dll 2015-04-01 17:45 . 2015-01-30 12:27 40664 ----a-w- c:\windows\system32\cmdkbd32.dll 2015-03-29 08:35 . 2007-07-13 07:18 50688 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys 2015-03-29 08:34 . 2008-08-01 18:51 1052704 ----a-w- c:\windows\system32\drivers\nvmfdx32.sys 2015-03-29 08:34 . 2008-08-01 17:35 207872 ----a-w- c:\windows\system32\fdco6.dll 2015-03-29 08:34 . 2008-07-29 19:33 122880 ----a-w- c:\windows\system32\nvconrm.dll 2015-03-29 08:34 . 2008-09-02 14:03 453152 ----a-w- c:\windows\system32\nvunrm.exe 2015-03-26 16:32 . 2015-03-22 13:13 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys 2015-03-25 21:16 . 2007-08-09 18:12 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys 2015-03-25 21:16 . 2007-08-09 18:03 353280 ----a-w- c:\windows\system32\idecoiins.dll 2015-03-25 21:16 . 2007-08-09 18:03 353280 ----a-w- c:\windows\system32\idecoi.dll 2015-03-25 07:25 . 2015-03-22 19:37 246920 ------w- c:\windows\system32\MpSigStub.exe 2015-03-23 20:41 . 2015-03-22 14:28 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2015-03-23 20:41 . 2015-03-22 14:28 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-03-23 20:41 . 2015-03-22 14:28 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-03-23 20:41 . 2015-03-22 14:28 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-03-23 20:41 . 2015-03-22 14:28 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-03-23 20:41 . 2015-03-22 14:28 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-03-23 20:41 . 2015-03-22 14:28 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2015-03-23 20:40 . 2015-03-22 14:28 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-03-22 22:50 . 2015-03-22 22:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2015-03-22 22:50 . 2015-03-22 22:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2015-03-22 22:50 . 2015-03-22 22:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2015-03-22 22:50 . 2015-03-22 22:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2015-03-22 22:50 . 2015-03-22 22:50 189952 ----a-w- c:\windows\system32\d3d10core.dll 2015-03-22 22:50 . 2015-03-22 22:50 798208 ----a-w- c:\windows\system32\FntCache.dll 2015-03-22 22:50 . 2015-03-22 22:50 683008 ----a-w- c:\windows\system32\d2d1.dll 2015-03-22 22:50 . 2015-03-22 22:50 1069056 ----a-w- c:\windows\system32\DWrite.dll 2015-03-22 22:50 . 2015-03-22 22:50 1029120 ----a-w- c:\windows\system32\d3d10.dll 2015-03-22 22:50 . 2015-03-22 22:50 125952 ----a-w- c:\windows\system32\srvsvc.dll 2015-03-22 22:50 . 2015-03-22 22:50 17920 ----a-w- c:\windows\system32\netevent.dll 2015-03-22 22:50 . 2015-03-22 22:50 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui 2015-03-22 22:49 . 2015-03-22 22:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2015-03-22 21:45 . 2015-03-22 21:45 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2015-03-22 21:40 . 2015-03-22 21:40 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-03-22 21:37 . 2004-08-13 09:56 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys 2015-03-22 21:20 . 2015-03-22 21:20 99480 ----a-w- c:\windows\system32\infocardapi.dll 2015-03-22 21:20 . 2015-03-22 21:20 8856 ----a-w- c:\windows\system32\icardres.dll 2015-03-22 21:20 . 2015-03-22 21:20 619664 ----a-w- c:\windows\system32\icardagt.exe 2015-03-22 21:20 . 2015-03-22 21:20 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2015-03-22 21:16 . 2015-03-22 21:16 2064384 ----a-w- c:\windows\system32\win32k.sys 2015-03-22 21:14 . 2015-03-22 21:14 81560 ----a-w- c:\windows\system32\mscories.dll 2015-03-22 21:14 . 2015-03-22 21:14 156824 ----a-w- c:\windows\system32\mscorier.dll 2015-03-22 21:14 . 2015-03-22 21:14 1131664 ----a-w- c:\windows\system32\dfshim.dll 2015-03-22 21:08 . 2015-03-22 21:08 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-03-22 21:08 . 2015-03-22 21:08 619520 ----a-w- c:\windows\system32\adtschema.dll 2015-03-22 21:08 . 2015-03-22 21:08 449536 ----a-w- c:\windows\system32\termsrv.dll 2015-03-22 21:07 . 2015-03-22 21:07 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2015-03-22 21:05 . 2015-03-22 21:05 2048 ----a-w- c:\windows\system32\tzres.dll 2015-03-22 20:58 . 2015-03-22 20:58 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2015-03-22 20:58 . 2015-03-22 20:58 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2015-03-22 20:58 . 2015-03-22 20:58 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2015-03-22 20:55 . 2015-03-22 20:55 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2015-03-22 20:55 . 2015-03-22 20:55 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2015-03-22 20:55 . 2015-03-22 20:55 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2015-03-22 20:55 . 2015-03-22 20:55 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2015-03-22 20:55 . 2015-03-22 20:55 3072 ----a-w- c:\windows\system32\drivers\UMDF\en-US\wpdmtpdr.dll.mui 2015-03-22 20:55 . 2015-03-22 20:55 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2015-03-22 20:55 . 2015-03-22 20:55 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2015-03-22 20:55 . 2015-03-22 20:55 350208 ----a-w- c:\windows\system32\WPDSp.dll 2015-03-22 20:55 . 2015-03-22 20:55 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2015-03-22 20:55 . 2015-03-22 20:55 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2015-03-22 20:55 . 2015-03-22 20:55 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll 2015-03-22 20:55 . 2015-03-22 20:55 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2015-03-22 20:55 . 2015-03-22 20:55 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2015-03-22 20:55 . 2015-03-22 20:55 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2015-03-22 20:39 . 2015-03-22 20:39 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-03-22 20:34 . 2015-03-22 20:34 499200 ----a-w- c:\windows\system32\kerberos.dll 2015-03-22 20:32 . 2015-03-22 20:32 67072 ----a-w- c:\windows\system32\packager.dll 2015-03-22 20:14 . 2015-03-22 20:14 564224 ----a-w- c:\windows\system32\oleaut32.dll 2015-03-22 20:08 . 2015-03-22 20:08 72704 ----a-w- c:\windows\system32\fontsub.dll 2015-03-22 20:08 . 2015-03-22 20:08 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-03-22 20:08 . 2015-03-22 20:08 296960 ----a-w- c:\windows\system32\atmfd.dll 2015-03-22 20:08 . 2015-03-22 20:08 23552 ----a-w- c:\windows\system32\lpk.dll 2015-03-22 20:08 . 2015-03-22 20:08 10240 ----a-w- c:\windows\system32\dciman32.dll 2015-03-22 20:00 . 2015-03-22 20:00 64000 ----a-w- c:\windows\system32\smss.exe 2015-03-22 20:00 . 2015-03-22 20:00 49152 ----a-w- c:\windows\system32\csrsrv.dll 2015-03-22 19:59 . 2015-03-22 19:59 807936 ----a-w- c:\windows\system32\msctf.dll 2015-03-22 19:57 . 2015-03-22 19:57 729600 ----a-w- c:\windows\system32\IMJP10K.DLL 2015-03-22 19:53 . 2015-03-22 19:53 161792 ----a-w- c:\windows\system32\msls31.dll 2015-03-22 19:53 . 2015-03-22 19:53 86528 ----a-w- c:\windows\system32\iesysprep.dll 2015-03-22 19:53 . 2015-03-22 19:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2015-03-22 19:53 . 2015-03-22 19:53 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2015-03-22 19:53 . 2015-03-22 19:53 48640 ----a-w- c:\windows\system32\mshtmler.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-03-23 20:40 644608 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files\WinPatrol\WinPatrol\winpatrol.exe" [2015-03-24 1160536] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-04-20 1359064] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-23 5512912] "KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2015-03-26 509216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Monitor 4.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk backup=c:\windows\pss\Device Monitor 4.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series] 2015-03-26 16:34 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIADE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-18 23:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-04-17 17:49 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 14:28] . 2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 14:28] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-04-22 09:14 Windows 6.0.6002 Service Pack 2 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Configurations] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Data] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Options] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3788) c:\windows\System32\fwpuclnt.dll . Completion time: 2015-04-22 09:18:46 ComboFix-quarantined-files.txt 2015-04-22 08:18 . Pre-Run: 939,031,236,608 bytes free Post-Run: 938,947,457,024 bytes free . - - End Of File - - 3BD1982572F299BE523FFC9604D2AD86 5C616939100B85E558DA92B899A0FC36
  12. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 21/04/2015 Scan Time: 22:48:56 Logfile: mbam.txt Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.04.21.06 Rootkit Database: v2015.04.21.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Earth Scan Type: Threat Scan Result: Completed Objects Scanned: 285893 Time Elapsed: 8 min, 32 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  13. # AdwCleaner v4.201 - Logfile created 21/04/2015 at 22:44:56 # Updated 08/04/2015 by Xplode # Database : 2015-04-08.1 [Local] # Operating system : Windows Vista Home Premium Service Pack 2 (x86) # Username : Earth - EARTH-PC # Running from : C:\Users\Earth\Desktop\adwcleaner_4.201.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16636 -\\ Google Chrome v42.0.2311.90 [C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} ************************* AdwCleaner[R1].txt - [897 bytes] - [21/04/2015 22:42:14] AdwCleaner[s1].txt - [825 bytes] - [21/04/2015 22:44:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [883 bytes] ##########
  14. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.0 (04.20.2015:1) OS: Windows Vista Home Premium x86 Ran by Earth on 21/04/2015 at 22:32:44.63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/04/2015 at 22:39:44.48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  15. The log is above. It is still trying to dial out here's a log from Mbam Detection, 21/04/2015 20:28:02, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound,
  16. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015 Ran by Earth at 2015-04-21 09:20:00 Run:1 Running from C:\Users\Earth\Desktop Loaded Profiles: Earth (Available profiles: Earth) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. ==== End of Fixlog 09:20:00 ====
  17. Thank you for your help I will do all this now. Will I be able to re-add MVP hosts file? or is something wrong with it on the main site?
  18. Thanks guy's I will look into your suggestions, I only want to play with them not for any reason other than I have never used them before. Privacy shouldn't be an issue as I will set a second email up and send them to my self lol All the best Paul
  19. I'm thinking of using http://www.getsidekick.com/e-mail tracker I'm new to them does anyone know any of any better software that tracks your e-mail safely to it's destination and tells you when its been opened and by who. It's more just to play with than anything. Thanks
  20. I kept getting "you can't post as you added it to quickly" and "post to long" would be easier and quicker to add as a zip
  21. C:\Windows\system32\NlsData0047.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0046.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0045.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0039.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0020.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0011.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02643456 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000c.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02599936 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0001.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02342912 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000d.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0007.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01966592 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0027.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0c1a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData081a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0026.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0024.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001b.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0018.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000f.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0003.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData003e.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData002a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0022.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0021.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01523712 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0000.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\netprof.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2015-03-22 14:13 - 2008-01-19 00:35 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\msidcrl30.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL 2015-03-22 14:13 - 2008-01-19 00:35 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\mycomput.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\msoeacct.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mssha.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\msrdc.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\nlmgp.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\NAPMONTR.DLL 2015-03-22 14:13 - 2008-01-19 00:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\ndfapi.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\msoert2.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\msident.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NapiNSP.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\mspatcha.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\napipsec.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\ndfetw.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\mtxlegih.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Nlsdl.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\mtxdm.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\msidle.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\d3d8.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\d3dim700.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\colorui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00614400 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\ddraw.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\filemgmt.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00415232 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\dsquery.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\dmdlgs.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\d3dim.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\msdtckrm.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\msdelta.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\CompatUI.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\comsnap.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\msdtcuiu.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\msdt.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\mdminst.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\lltdsvc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\mlang.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\dmdskmgr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\dmime.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\dsdmo.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\msdadiag.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\dinput8.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\keymgr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\icsfiltr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\dbnetlib.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\McxDriv.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\msdart.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\mprmsg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\msaatext.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\loadperf.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\comrepl.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\msdtclog.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\efsadu.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dskquota.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\dmscript.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\IPBusEnum.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\loghours.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\GuidedHelp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\EAPQEC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\HelpPaneProxy.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\DHCPQEC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\dxva2.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\colbact.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\eapsvc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\fwcfg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\DfsShlEx.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\d3dxof.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\dnshc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\dot3dlg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\mmcss.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dssec.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpclnt.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\dmocx.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dfdts.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\dmloader.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\esentprf.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dispci.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dimsjob.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lltdapi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\mfcsubs.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\cofiredm.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\idndl.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\LangCleanupSysprepAction.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\ias.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\dmutil.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\hnetmon.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\localui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\fdPHost.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\KBDJPN.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\KBDKOR.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iscsied.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 08139264 _____ (Microsoft Corporation) C:\Windows\system32\ssBranded.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 05714432 _____ (Microsoft Corporation) C:\Windows\system32\logon.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 02585088 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 01405952 _____ (Microsoft Corporation) C:\Windows\system32\ActiveContentWizard.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00879616 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00805888 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2015-03-22 14:13 - 2008-01-19 00:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\clbcatq.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00520704 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWGP.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00498176 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\catsrv.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\shrpubw.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\cmipnpinstall.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\NAPSTAT.EXE 2015-03-22 14:13 - 2008-01-19 00:33 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\adsnt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\authfwcfg.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00226816 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\apircl.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgrade.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\WinFXDocObj.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\activeds.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\apss.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\p2phost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\adsldp.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00163840 _____ (Microsoft Corp.) C:\Windows\system32\DfrgNtfs.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msdt.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\raserver.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\DpiScaling.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\CompMgmtLauncher.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00134656 _____ (Microsoft Corporation) C:\Windows\regedit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\SoundRecorder.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\mtstocom.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\dispdiag.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\verifier.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\msscript.ocx 2015-03-22 14:13 - 2008-01-19 00:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\msdtc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2015-03-22 14:13 - 2008-01-19 00:33 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayApi.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\makecab.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\OptionalFeatures.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00096768 _____ (Microsoft Corp.) C:\Windows\system32\dfrgfat.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\diantz.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\vssadmin.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\esentutl.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\btpanui.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\dmview.ocx 2015-03-22 14:13 - 2008-01-19 00:33 - 00087552 _____ (Microsoft) C:\Windows\system32\Robocopy.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TpmInit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\bootcfg.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\ACW.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\systeminfo.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wlanext.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\cmdl32.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\DFDWiz.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\cmifw.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\MuiUnattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\driverquery.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\getmac.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\cmicryptinstall.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\alg.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\dfrgifc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\extrac32.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\expand.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\brcplsdw.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\gacinstall.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\net.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\bcdprov.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\cmutil.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\ucsvc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\regini.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\lodctr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\lnkstub.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\rasphone.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\xcopy.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\ComputerDefaults.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\SecEdit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\waitfor.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\RpcPing.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\unlodctr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\cmlua.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\cmcfg32.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rdrleakdiag.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\shutdown.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\unattendedjoin.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\AtBroker.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\syskey.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\sxstrace.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\icacls.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\cmpbk32.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Netplwiz.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\netcfg.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\cacls.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\at.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\RacAgent.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\capisp.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sfc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\PING.EXE 2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nbtstat.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\bridgeunattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\cmstplua.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\ktmutil.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\icsunattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\setupSNK.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mountvol.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\fveupdate.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\batt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\avrt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\sbunattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\InfDefaultInstall.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\csrss.exe 2015-03-22 14:13 - 2008-01-19 00:32 - 02249216 _____ (Microsoft Corporation) C:\Windows\system32\Firewall.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 01370624 _____ (Microsoft Corporation) C:\Windows\system32\Aurora.scr 2015-03-22 14:13 - 2008-01-19 00:32 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\joy.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl 2015-03-22 14:13 - 2008-01-19 00:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll 2015-03-22 14:13 - 2008-01-19 00:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-03-22 14:13 - 2008-01-19 00:31 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll 2015-03-22 14:13 - 2008-01-19 00:29 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\imagesp1.dll 2015-03-22 14:13 - 2008-01-19 00:29 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-22 14:13 - 2008-01-18 23:01 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll 2015-03-22 14:13 - 2008-01-18 23:01 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2015-03-22 14:13 - 2008-01-18 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys 2015-03-22 14:13 - 2008-01-18 23:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\tsddd.dll 2015-03-22 14:13 - 2008-01-18 23:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys 2015-03-22 14:13 - 2008-01-18 23:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys 2015-03-22 14:13 - 2008-01-18 22:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys 2015-03-22 14:13 - 2008-01-18 22:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys 2015-03-22 14:13 - 2008-01-18 22:57 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS 2015-03-22 14:13 - 2008-01-18 22:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys 2015-03-22 14:13 - 2008-01-18 22:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00053376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bdasup.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\vga256.dll 2015-03-22 14:13 - 2008-01-18 22:52 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\vga64k.dll 2015-03-22 14:13 - 2008-01-18 22:52 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\framebuf.dll 2015-03-22 14:13 - 2008-01-18 22:52 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\vga.dll 2015-03-22 14:13 - 2008-01-18 22:50 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parvdm.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00005504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\dmdskres2.dll 2015-03-22 14:13 - 2008-01-18 22:48 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\comres.dll 2015-03-22 14:13 - 2008-01-18 22:48 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\msdtcVSp1res.dll 2015-03-22 14:13 - 2008-01-18 22:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2015-03-22 14:13 - 2008-01-18 22:45 - 00016896 _____ (Microsoft) C:\Windows\system32\grb.rs 2015-03-22 14:13 - 2008-01-18 22:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb 2015-03-22 14:13 - 2008-01-18 22:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\wertargets.wtl 2015-03-22 14:13 - 2008-01-18 22:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys 2015-03-22 14:13 - 2008-01-18 22:33 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\graftabl.com 2015-03-22 14:13 - 2008-01-18 22:31 - 08322048 _____ (Microsoft Corporation) C:\Windows\system32\spwizimg.dll 2015-03-22 14:13 - 2008-01-18 22:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2015-03-22 14:13 - 2008-01-18 22:30 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys 2015-03-22 14:13 - 2008-01-18 22:28 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys 2015-03-22 14:13 - 2008-01-18 22:28 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys 2015-03-22 14:13 - 2008-01-18 22:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2015-03-22 14:13 - 2008-01-18 22:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\bootstr.dll 2015-03-22 14:13 - 2008-01-05 04:34 - 00015181 _____ () C:\Windows\system32\gatherWirelessInfo.vbs 2015-03-22 14:13 - 2008-01-05 04:32 - 00001820 _____ () C:\Windows\system32\rasctrnm.h 2015-03-22 14:13 - 2008-01-05 04:31 - 00145455 _____ () C:\Windows\system32\perfmon.msc 2015-03-22 14:13 - 2008-01-05 04:23 - 00060124 _____ () C:\Windows\system32\tcpmon.ini 2015-03-22 14:13 - 2008-01-05 04:22 - 00144909 _____ () C:\Windows\system32\fsmgmt.msc 2015-03-22 14:13 - 2008-01-05 04:21 - 00012198 _____ () C:\Windows\system32\gatherWiredInfo.vbs 2015-03-22 14:12 - 2007-12-06 05:04 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll 2015-03-22 14:10 - 2015-03-22 14:20 - 00327680 _____ () C:\Windows\SPInstall.etl 2015-03-22 14:02 - 2015-04-02 10:42 - 00000000 ____D () C:\Users\Earth 2015-03-22 14:02 - 2015-04-02 10:41 - 00001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-03-22 14:02 - 2015-03-25 10:07 - 00000944 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-22 14:02 - 2015-03-22 23:01 - 00049168 _____ () C:\Users\Earth\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-22 14:02 - 2015-03-22 23:00 - 00000949 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-22 14:02 - 2015-03-22 14:50 - 00000915 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2015-03-22 14:02 - 2015-03-22 14:02 - 00000020 ___SH () C:\Users\Earth\ntuser.ini 2015-03-22 14:02 - 2015-03-22 14:02 - 00000000 ____D () C:\Users\Earth\AppData\Local\VirtualStore 2015-03-22 14:02 - 2006-11-02 13:54 - 00000000 ___RD () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 14:02 - 2006-11-02 13:50 - 00000000 ___RD () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 13:54 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-20 13:54 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-20 10:57 - 2006-11-02 13:52 - 00658187 _____ () C:\Windows\WindowsUpdate.log 2015-04-20 08:00 - 2006-11-02 11:33 - 00844736 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-20 07:54 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-19 23:19 - 2006-11-02 14:01 - 00026268 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-15 10:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-14 23:03 - 2006-11-02 11:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-04-02 10:40 - 2012-02-09 22:43 - 19443520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 17543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 15009600 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 10816832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-04-02 10:40 - 2012-02-09 22:43 - 07713088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 05892928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02517312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02437440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02301248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-04-02 10:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help 2015-04-01 18:49 - 2015-01-30 13:27 - 00622192 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00040736 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2015-04-01 18:48 - 2015-01-30 13:27 - 00444472 _____ (COMODO) C:\Windows\system32\guard32.dll 2015-04-01 18:48 - 2015-01-30 13:27 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00288472 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll 2015-04-01 08:40 - 2006-11-02 13:47 - 00228936 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-29 09:35 - 2007-07-13 08:18 - 00050688 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\Rtnicxp.sys 2015-03-29 09:34 - 2008-09-02 15:03 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvunrm.exe 2015-03-29 09:34 - 2008-08-01 19:51 - 01052704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx32.sys 2015-03-29 09:34 - 2008-08-01 18:35 - 00207872 _____ (NVIDIA Corporation) C:\Windows\system32\fdco6.dll 2015-03-29 09:34 - 2008-07-29 20:33 - 00122880 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll 2015-03-26 17:36 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32 2015-03-26 14:35 - 2015-03-20 11:21 - 27410776 _____ (OpenVPN Technologies) C:\Users\Earth\Documents\privatetunnel-win-2.4.exe 2015-03-26 14:35 - 2015-03-06 18:28 - 01552128 _____ () C:\Users\Earth\Documents\KeyScrambler_Setup.exe 2015-03-26 14:35 - 2015-02-21 12:53 - 76663632 _____ (Lightworks) C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe 2015-03-26 14:35 - 2015-02-21 02:23 - 07962144 _____ () C:\Users\Earth\Documents\npp.6.7.3.Installer.exe 2015-03-25 22:16 - 2007-08-09 19:12 - 00110624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoiins.dll 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoi.dll 2015-03-25 10:11 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-03-23 21:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2015-03-22 22:51 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-TW 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-HK 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-CN 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\th-TH 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sv-SE 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sl-SI 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sk-SK 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ru-RU 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ro-RO 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-PT 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-BR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pl-PL 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nl-NL 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nb-NO 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lv-LV 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lt-LT 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ko-KR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ja-JP 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\it-IT 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hu-HU 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hr-HR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\he-IL 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fr-FR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fi-FI 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\et-EE 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\el-GR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ar-SA 2015-03-22 22:50 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2015-03-22 22:50 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Movie Maker 2015-03-22 22:50 - 2006-11-02 12:18 - 00000000 ___RD () C:\Windows\Offline Web Pages 2015-03-22 22:50 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 22:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-22 22:37 - 2004-08-13 10:56 - 00005810 _____ () C:\Windows\system32\Drivers\ASACPI.sys 2015-03-22 21:51 - 2006-11-02 13:43 - 00037888 ____H () C:\Windows\system32\config\BCD-Template.LOG 2015-03-22 21:51 - 2006-11-02 13:37 - 00262144 _____ () C:\Windows\system32\config\BCD-Template 2015-03-22 20:53 - 2006-11-02 07:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat 2015-03-22 20:53 - 2006-11-02 07:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat 2015-03-22 19:07 - 2006-11-02 11:25 - 01304064 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2015-03-22 19:07 - 2006-11-02 09:55 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\hccoin.dll 2015-03-22 16:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-22 15:19 - 2006-11-02 13:50 - 00001661 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Collaboration 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Calendar 2015-03-22 14:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\SLUI 2015-03-22 14:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-03-22 14:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\IME 2015-03-22 14:33 - 2006-11-02 13:55 - 00001743 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2015-03-22 14:33 - 2006-11-02 13:50 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest 2015-03-22 14:33 - 2006-11-02 13:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades 2015-03-22 14:29 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ras 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\icsxml 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ias 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\com 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\MSAgent 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\L2Schemas 2015-03-22 14:24 - 2006-11-02 11:32 - 00101888 _____ (Infineon Technologies AG) C:\Windows\system32\ifxcardm.dll 2015-03-22 14:24 - 2006-11-02 11:32 - 00082432 _____ (Gemalto, Inc.) C:\Windows\system32\axaltocm.dll 2015-03-22 14:11 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\restore ==================== Files in the root of some directories ======= 2015-03-22 14:02 - 2015-04-02 10:41 - 0001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-03-25 09:18 - 2015-03-26 15:04 - 0014336 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-26 18:14 - 2015-03-26 18:14 - 0000832 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-20 07:59 ==================== End Of Log ============================
  22. 2015-03-22 14:38 - 2009-04-11 00:32 - 00125928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00122344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00109032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00099816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-03-22 14:38 - 2009-04-11 00:32 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00053224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00050664 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL 2015-03-22 14:38 - 2009-04-11 00:32 - 00048104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00035304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00027624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00027112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll 2015-03-22 14:38 - 2009-04-11 00:32 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00017896 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll 2015-03-22 14:38 - 2009-04-11 00:32 - 00017384 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 03174400 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 03072000 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02515968 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02225664 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02205184 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02167808 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01856512 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01788416 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\apds.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01589248 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01580544 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01576960 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01533440 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01524736 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01502720 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01480704 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01459200 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01382912 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 01342464 _____ (Microsoft Corporation) C:\Windows\system32\brcpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01324032 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01224192 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01152000 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\wercon.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01086464 _____ (Microsoft Corporation) C:\Windows\system32\NetProjW.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01081344 _____ (Microsoft Corporation) C:\Windows\system32\SLCExt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01055232 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 01053696 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00971264 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00968192 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz2.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00852992 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00777216 _____ (Microsoft Corporation) C:\Windows\system32\slcc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\ipsecsnp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00670720 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00657408 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\SLCommDlg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00532992 _____ (Microsoft Corporation) C:\Windows\system32\wpcao.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00516608 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00507904 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\IasMigReader.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00454144 _____ (Microsoft) C:\Windows\system32\IasMigPlugin.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\msvcp60.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\devmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00364032 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\SLUI.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\WscEapPr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\wow32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\es.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iassdo.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\SLC.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\mscandui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\adsldpc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\sperror.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\SLLUA.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\fundisc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wpcsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\dsprop.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\softkbd.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00117248 _____ () C:\Windows\system32\EhStorAuthn.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayDriverLib.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\EhStorShell.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\imapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\dmsynth.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\dmusic.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\msctfui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mstlsapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\msctfp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00083456 _____ (Microsoft) C:\Windows\system32\SMBHelperClass.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\wlgpclnt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\iashlpr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\slwmi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tscupgrd.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\SLUINotify.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Storprop.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingProxy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\feclient.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\mmci.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\l2nacp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\bthci.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\slcinst.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\networkitemfactory.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\TSTheme.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\EhStorPwdMgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\bitsigd.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\whealogr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\msimtf.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\ifmon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\uxsms.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\hidserv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\version.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\winrnr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\NcdProp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\MsCtfMonitor.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\vdmdbg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\midimap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\spcmsg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mmcico.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\spwinsat.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\CHxReadingStringIME.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\fdBthProxy.dll 2015-03-22 14:38 - 2009-04-11 00:27 - 03408896 _____ (Microsoft Corporation) C:\Windows\system32\SLsvc.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 02926592 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 02092544 _____ (Microsoft Corporation) C:\Windows\system32\dfsr.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 01122304 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 01102848 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\dpapimig.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx 2015-03-22 14:38 - 2009-04-11 00:27 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp 2015-03-22 14:38 - 2009-04-11 00:27 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv 2015-03-22 14:38 - 2009-04-11 00:27 - 00130024 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll 2015-03-22 14:38 - 2009-04-11 00:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax 2015-03-22 14:38 - 2009-04-11 00:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2015-03-22 14:38 - 2009-04-11 00:27 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\hdwwiz.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\conime.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingWizard.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\cmmon32.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\csrstub.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\bthudtask.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ipconfig.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEject.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv 2015-03-22 14:38 - 2009-04-11 00:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\fc.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\gpupdate.exe 2015-03-22 14:38 - 2009-04-11 00:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2015-03-22 14:38 - 2009-04-11 00:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2015-03-22 14:38 - 2009-04-11 00:22 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2015-03-22 14:38 - 2009-04-11 00:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2015-03-22 14:38 - 2009-04-11 00:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2015-03-22 14:38 - 2009-04-11 00:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll 2015-03-22 14:38 - 2009-04-10 23:42 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys 2015-03-22 14:38 - 2009-04-10 22:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-22 14:38 - 2009-04-10 22:48 - 00344698 _____ () C:\Windows\system32\eaphost.tmf 2015-03-22 14:38 - 2009-04-10 22:46 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys 2015-03-22 14:38 - 2009-04-10 22:45 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2015-03-22 14:38 - 2009-04-10 22:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-03-22 14:38 - 2009-04-10 22:45 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys 2015-03-22 14:38 - 2009-04-10 22:43 - 00442788 _____ () C:\Windows\system32\dot3.tmf 2015-03-22 14:38 - 2009-04-10 22:43 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2015-03-22 14:38 - 2009-04-10 22:42 - 00052992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys 2015-03-22 14:38 - 2009-04-10 22:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys 2015-03-22 14:38 - 2009-04-10 22:39 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2015-03-22 14:38 - 2009-04-10 22:39 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll 2015-03-22 14:38 - 2009-04-10 22:38 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2015-03-22 14:38 - 2009-04-10 22:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-03-22 14:38 - 2009-04-10 22:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys 2015-03-22 14:38 - 2009-04-10 22:22 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys 2015-03-22 14:38 - 2009-04-10 22:14 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2015-03-22 14:38 - 2009-04-10 22:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys 2015-03-22 14:38 - 2009-04-10 20:52 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys 2015-03-22 14:38 - 2009-04-10 19:59 - 00107612 _____ () C:\Windows\system32\StructuredQuerySchema.bin 2015-03-22 14:38 - 2009-04-10 19:59 - 00018904 _____ () C:\Windows\system32\StructuredQuerySchemaTrivial.bin 2015-03-22 14:38 - 2009-04-10 19:54 - 03662128 _____ () C:\Windows\system32\locale.nls 2015-03-22 14:38 - 2009-03-06 19:11 - 00130008 _____ () C:\Windows\system32\systemsf.ebd 2015-03-22 14:38 - 2009-02-19 18:20 - 00009239 _____ () C:\Windows\system32\spcinstrumentation.man 2015-03-22 14:38 - 2009-02-18 12:39 - 00092918 _____ () C:\Windows\system32\slmgr.vbs 2015-03-22 14:38 - 2009-02-18 12:38 - 11967524 _____ () C:\Windows\system32\korwbrkr.lex 2015-03-22 14:38 - 2009-02-18 12:38 - 00035168 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl 2015-03-22 14:35 - 2015-03-22 14:35 - 00000000 ____D () C:\Windows\system32\EventProviders 2015-03-22 14:14 - 2008-01-19 00:36 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll 2015-03-22 14:14 - 2008-01-19 00:36 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\sdspres.dll 2015-03-22 14:14 - 2008-01-19 00:33 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe 2015-03-22 14:13 - 2015-03-26 17:32 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys 2015-03-22 14:13 - 2015-03-22 19:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\hcrstco.dll 2015-03-22 14:13 - 2008-01-19 00:42 - 00142904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00094776 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe 2015-03-22 14:13 - 2008-01-19 00:42 - 00058936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00057400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00052792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00045112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00034360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00031288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00024120 _____ (Microsoft Corporation) C:\Windows\system32\BOOTVID.DLL 2015-03-22 14:13 - 2008-01-19 00:41 - 00021048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00016440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00015288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys 2015-03-22 14:13 - 2008-01-19 00:38 - 04595712 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll 2015-03-22 14:13 - 2008-01-19 00:38 - 00155704 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll 2015-03-22 14:13 - 2008-01-19 00:38 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL 2015-03-22 14:13 - 2008-01-19 00:38 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 01675264 _____ (Microsoft Corporation) C:\Windows\system32\xpssvcs.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 01642496 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 01329152 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 01295360 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\XPSSHHDR.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\xwizards.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\wmvdspa.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\xwtpw32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\xactsrv.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\wpclsp.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\wzcdlg.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wscmisetup.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\wtsapi32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\wmiprop.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\wmpcm.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\xmlprovi.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wsock32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\WSHTCPIP.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\wship6.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 02588160 _____ (Microsoft Corporation) C:\Windows\system32\UIHub.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 01502208 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 01298432 _____ (Microsoft Corporation) C:\Windows\system32\TMM.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\ogldrv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\RASMM.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00913408 _____ (Microsoft Corporation) C:\Windows\system32\WlanMM.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\unbcl.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\WLanConn.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\sqlceqp30.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00531456 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\wlandlg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wiashext.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\p2pcollab.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\qwave.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\unattend.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\provthrd.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\verifier.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\rgb9rast.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\RstrtMgr.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\SmiInstaller.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\p2pnetsh.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\WLanHC.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\sstpsvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\SSShim.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\shrink.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\oledlg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\sdshext.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\TapiMigPlugin.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Tabbtn.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\wlancfg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\txflog.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\ntdsapi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\wiascanprofiles.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\usbui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\olecli32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\olethk32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\trkwks.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\rasqec.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\winethc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pnrpnsp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\tbssvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\PNPXAssocPrx.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\TabbtnEx.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Sens.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\rshx32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\TimeDateMUICallback.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\osblprov.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\vdmredir.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00041472 _____ (Microsoft) C:\Windows\system32\WlanMmHC.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\RegCtrl.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\psbase.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\sfc_os.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\vds_ps.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\utildll.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\odbcbcp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\olesvr32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\srwmi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\sxsstore.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\perfnet.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\osbaseln.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\PlaySndSrv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\perfts.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\WINSRPC.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\pots.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\serialui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\rasctrs.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\usbperf.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\txfw32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\pnpts.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\procinst.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 09847296 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04875776 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0009.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04497408 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0019.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0816.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0416.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0414.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001d.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0010.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03466752 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0013.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004e.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004c.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004b.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0049.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.