-
Posts
206 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by PaulAllen
-
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
I only use 1 at the moment -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
It still seems to do it while I am browsing just did it just now, it's random timing when it try's and always outbound. Detection, 23/04/2015 15:08:14, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound, -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2015 01 Ran by Earth at 2015-04-23 14:59:28 Run:2 Running from C:\Users\Earth\Desktop Loaded Profiles: Earth (Available profiles: Earth) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = EmptyTemp: Reboot: end ***************** Processes closed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. EmptyTemp: => Removed 83.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:00:16 ==== -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-04-2015 01 Ran by Earth at 2015-04-23 14:42:58 Running from C:\Users\Earth\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) COMODO Firewall (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation) Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 15-04-2015 21:26:26 Scheduled Checkpoint 18-04-2015 22:03:56 Scheduled Checkpoint 19-04-2015 13:53:19 Scheduled Checkpoint 21-04-2015 08:54:33 Scheduled Checkpoint 21-04-2015 09:06:57 Installed Microsoft Fix it 50267 21-04-2015 21:44:32 Scheduled Checkpoint 22-04-2015 11:06:36 Scheduled Checkpoint 22-04-2015 11:25:01 Windows Update 22-04-2015 16:34:06 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-03-31 21:41 - 2013-09-03 17:19 - 00000759 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {056CA88A-173F-44DE-95E3-D2CADEF48CF2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.) Task: {28811A99-9E43-4C61-A166-751088E0548D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO) Task: {2E9BE86C-C8AC-49F3-B551-0C5FC694BEEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-22] (Piriform Ltd) Task: {744D7388-ACC0-4A2C-9534-C32AF11DA6B6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation) Task: {A3DDFCD4-F63D-42E3-AA78-77091AA7F8C3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO) Task: {BE69959B-50A7-494D-8FEC-36E98117D732} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-20] (COMODO) Task: {C2EF5941-0DCB-49CC-BE55-37875E076DDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.) Task: {EC11806B-13F2-47A6-A731-6A906F9251AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-22 15:27 - 2015-04-22 16:35 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-22 15:27 - 2015-04-22 16:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-04-22 21:01 - 2015-04-22 21:01 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042202\algo.dll 2015-04-23 08:50 - 2015-04-23 08:50 - 02927104 _____ () C:\Program Files\AVAST Software\Avast\defs\15042300\algo.dll 2015-03-22 15:27 - 2015-03-22 15:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_DCINST.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_FBCBADE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_FBCHADE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_FLMADE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\fdco6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\GameUXLegacyGDFs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iccvid.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\idecoi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\idecoiins.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc40u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSCOMCTL.OCX:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshta.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSSTDFMT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvconrm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcuvenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvd3dum.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvoglv32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvuninst.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvunrm.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvwgf2um.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrm.vbs:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrsmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ASACPI.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvmfdx32.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvstor32.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Rtnicxp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbprint.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\etc\hosts.old:$CmdZnID AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\cissp-cib.pdf:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\ComboFix.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\ComboFix.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\FRST.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\FRST.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\hosts.zip:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\JRT.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\OTL.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\OTL.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Desktop\tdsskiller.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Desktop\tdsskiller.exe:$CmdZnID AlternateDataStreams: C:\Users\Earth\Documents\KeyScrambler_Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf:$CmdZnID AlternateDataStreams: C:\Users\Earth\Documents\npp.6.7.3.Installer.exe:$CmdTcID AlternateDataStreams: C:\Users\Earth\Documents\privatetunnel-win-2.4.exe:$CmdTcID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13810967.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13810967.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1001movie.com -> 1001movie.com There are 6091 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2376867508-200169253-45356126-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: ArcService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Monitor 4.lnk => C:\Windows\pss\Device Monitor 4.lnk.CommonStartup MSCONFIG\startupreg: EPSON Stylus DX4800 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SB7ED.tmp" /EF "HKLM" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== Accounts: ============================= Administrator (S-1-5-21-2376867508-200169253-45356126-500 - Administrator - Disabled) Earth (S-1-5-21-2376867508-200169253-45356126-1000 - Administrator - Enabled) => C:\Users\Earth Guest (S-1-5-21-2376867508-200169253-45356126-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2015 06:26:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application gimp-2.8.exe, version 2.8.14.0, time stamp 0x00000000, faulting module libpixman-1-0.dll, version 0.0.0.0, time stamp 0x3f2e3eab, exception code 0xc0000005, fault offset 0x0006fc33, process id 0x13d4, application start time 0xgimp-2.8.exe0. Error: (04/22/2015 04:50:09 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (04/22/2015 04:34:06 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {29475c8a-0268-4327-848f-469db4dd3a31} Error: (04/21/2015 10:57:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\EARTH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis System errors: ============= Error: (04/22/2015 09:14:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (04/22/2015 09:05:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (04/22/2015 09:00:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (04/21/2015 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Software Licensing23000001Restart the service Error: (04/21/2015 10:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Print Spooler2600001Restart the service Error: (04/21/2015 10:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Windows Search1300001Restart the service Error: (04/21/2015 10:33:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: MBAMService1 Error: (04/21/2015 10:33:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: MBAMScheduler1 Error: (04/21/2015 10:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Print Spooler1600001Restart the service Error: (04/21/2015 10:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Software Licensing11200001Restart the service Microsoft Office Sessions: ========================= Error: (04/22/2015 06:26:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: gimp-2.8.exe2.8.14.000000000libpixman-1-0.dll0.0.0.03f2e3eabc00000050006fc3313d401d07d1fbc38130d Error: (04/22/2015 04:50:09 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (04/22/2015 04:34:06 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {29475c8a-0268-4327-848f-469db4dd3a31} Error: (04/21/2015 10:57:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\EARTH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis CodeIntegrity Errors: =================================== Date: 2015-04-23 14:42:30.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 14:42:30.179 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 14:42:30.038 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 14:42:29.898 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:41.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:40.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:23.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 09:07:23.673 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 08:48:00.334 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-22 19:08:45.331 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz Percentage of memory in use: 42% Total physical RAM: 3581.63 MB Available physical RAM: 2060.25 MB Total Pagefile: 7372.23 MB Available Pagefile: 5706.28 MB Total Virtual: 2047.88 MB Available Virtual: 1914.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:866 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 93D0ECF1) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2015 01 Ran by Earth (administrator) on EARTH-PC on 23-04-2015 14:42:18 Running from C:\Users\Earth\Desktop Loaded Profiles: Earth (Available profiles: Earth) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Ruiware LLC) C:\Program Files\WinPatrol\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1359064 2015-04-20] (COMODO) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-22] (Avast Software s.r.o.) HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [509216 2015-03-26] (QFX Software Corporation) HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\Run: [WinPatrol] => C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-03-24] (Ruiware LLC) HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Program Files\ArcPlugins\NPSWF32.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-22] Chrome: ======= CHR HomePage: Default -> https://www.google.co.uk/ CHR StartupUrls: Default -> "https://www.google.co.uk/" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File CHR Profile: C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22] CHR Extension: (YouTube) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22] CHR Extension: (Google Search) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22] CHR Extension: (Bookmark Manager) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17] CHR Extension: (Avast Online Security) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22] CHR Extension: (Google Wallet) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22] CHR Extension: (Gmail) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ArcService; C:\Program Files\Arc\ArcService.exe [88584 2015-04-19] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-22] (Avast Software) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4351816 2015-04-20] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664728 2015-04-20] (COMODO) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] () R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-04-01] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [622192 2015-04-01] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40736 2015-04-01] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-04-01] (COMODO) R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [210512 2015-02-07] (QFX Software Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2015-03-22] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-22] (Avast Software) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\Earth\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 14:42 - 2015-04-23 14:42 - 01139200 _____ (Farbar) C:\Users\Earth\Desktop\FRST.exe 2015-04-23 14:42 - 2015-04-23 14:42 - 00011621 _____ () C:\Users\Earth\Desktop\FRST.txt 2015-04-23 09:02 - 2015-04-23 09:02 - 00138355 _____ () C:\Users\Earth\Desktop\hosts.zip 2015-04-22 22:43 - 2015-04-22 22:44 - 02347384 _____ (ESET) C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe 2015-04-22 18:48 - 2015-04-22 18:48 - 00000833 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel 2015-04-22 18:41 - 2015-04-22 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Earth\Desktop\OTL.exe 2015-04-22 17:48 - 2015-02-11 13:44 - 644050851 _____ () C:\Users\Earth\Desktop\bits.zip 2015-04-22 16:35 - 2015-04-22 16:35 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-04-22 16:35 - 2015-04-22 16:35 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-04-22 10:33 - 2015-04-22 10:33 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Earth\Desktop\tdsskiller.exe 2015-04-22 09:18 - 2015-04-22 09:18 - 00019299 _____ () C:\ComboFix.txt 2015-04-22 08:59 - 2015-04-22 08:57 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00098816 _____ () C:\Windows\sed.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00080412 _____ () C:\Windows\grep.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00068096 _____ () C:\Windows\zip.exe 2015-04-22 08:59 - 2015-04-22 08:57 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-22 08:58 - 2015-04-22 09:18 - 00000000 ____D () C:\Qoobox 2015-04-22 08:57 - 2015-04-22 09:15 - 00000000 ____D () C:\Windows\erdnt 2015-04-22 08:55 - 2015-04-22 08:55 - 05619466 ____R (Swearware) C:\Users\Earth\Desktop\ComboFix.exe 2015-04-21 23:50 - 2015-04-21 23:51 - 00000000 ____D () C:\Users\Earth\Desktop\New Folder 2015-04-21 22:42 - 2015-04-21 22:44 - 00000000 ____D () C:\AdwCleaner 2015-04-21 22:32 - 2015-04-21 22:32 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat 2015-04-21 22:32 - 2015-04-21 22:32 - 00000000 ____D () C:\RegBackup 2015-04-21 22:28 - 2015-04-21 22:28 - 02685507 _____ (Thisisu) C:\Users\Earth\Desktop\JRT.exe 2015-04-21 22:28 - 2015-04-21 22:28 - 02217984 _____ () C:\Users\Earth\Desktop\adwcleaner_4.201.exe 2015-04-21 19:33 - 2015-04-21 19:33 - 00000050 _____ () C:\Users\Earth\Desktop\globe.txt 2015-04-21 09:19 - 2015-04-23 00:08 - 00000000 ____D () C:\Users\Earth\Desktop\old 2015-04-20 23:05 - 2015-04-20 23:06 - 00000000 ____D () C:\Users\Earth\Desktop\sound and vid intro 2015-04-20 14:52 - 2015-04-23 14:42 - 00000000 ____D () C:\FRST 2015-04-20 14:40 - 2015-04-21 00:07 - 00003608 _____ () C:\Windows\system32\Drivers\fvstore.dat 2015-04-20 14:40 - 2015-04-20 14:40 - 00000000 ____D () C:\VTRoot 2015-04-19 12:22 - 2015-04-19 12:26 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-04-19 12:22 - 2015-04-19 12:22 - 00000000 ____D () C:\Program Files\HitmanPro 2015-04-19 10:27 - 2015-04-19 10:27 - 00000219 _____ () C:\Users\Earth\Desktop\secureing wordpress.txt 2015-04-14 23:08 - 2015-04-14 23:08 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-14 23:03 - 2015-04-14 23:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-14 23:03 - 2015-04-14 23:03 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-14 23:03 - 2015-04-14 23:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-14 23:02 - 2015-04-14 23:02 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-14 23:02 - 2015-04-14 23:02 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-14 23:02 - 2015-04-14 23:02 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-14 22:57 - 2015-04-14 22:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-14 22:57 - 2015-04-14 22:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-04-14 22:57 - 2015-04-14 22:57 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-04-14 22:57 - 2015-04-14 22:57 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-04-14 22:57 - 2015-03-10 00:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-14 22:57 - 2015-03-09 23:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-13 09:37 - 2015-04-22 13:48 - 00000667 _____ () C:\Users\Earth\Desktop\music.txt 2015-04-08 08:53 - 2015-04-08 08:53 - 00106593 _____ () C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html 2015-04-08 08:53 - 2015-04-08 08:53 - 00000000 ____D () C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe_files 2015-04-08 08:03 - 2015-04-17 12:10 - 00000349 _____ () C:\Users\Earth\Desktop\GG.txt 2015-04-05 14:24 - 2015-04-05 14:24 - 00000000 ____D () C:\Users\Earth\AppData\Roaming\QFX Software 2015-04-05 14:24 - 2015-04-05 14:24 - 00000000 ____D () C:\ProgramData\QFX Software 2015-04-05 11:04 - 2015-04-22 10:18 - 00000827 _____ () C:\Users\Earth\Desktop\p.txt 2015-04-02 12:05 - 2015-04-05 07:53 - 00000573 _____ () C:\Users\Earth\Desktop\Tent stuff.txt 2015-04-02 10:42 - 2015-04-02 10:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-02 10:42 - 2015-04-02 10:42 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-04-02 10:28 - 2015-04-02 10:29 - 226547341 _____ () C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip 2015-04-01 09:47 - 2015-04-01 09:47 - 00000000 ____D () C:\Users\Earth\Desktop\Bookings - Badgells Wood_files 2015-04-01 09:46 - 2015-04-01 09:47 - 00028723 _____ () C:\Users\Earth\Desktop\Bookings - Badgells Wood.html 2015-03-31 21:41 - 2015-04-19 12:28 - 00524227 _____ () C:\Windows\system32\Drivers\etc\hosts.old 2015-03-31 10:40 - 2015-04-05 14:49 - 00000000 ____D () C:\Users\Earth\Desktop\Natural pathways 2015-03-29 09:34 - 2015-03-29 09:34 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe 2015-03-29 09:34 - 2008-07-08 08:45 - 00004984 _____ () C:\Windows\system32\Drivers\nvphy.bin 2015-03-26 18:04 - 2015-04-22 18:48 - 00000000 ____D () C:\Users\Earth\AppData\Local\gtk-2.0 2015-03-26 18:04 - 2015-03-26 18:04 - 00000000 ____D () C:\Users\Earth\.thumbnails 2015-03-26 17:36 - 2015-03-26 17:36 - 00000765 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2015-03-26 17:36 - 2015-03-26 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan 2015-03-26 17:36 - 2006-10-13 01:00 - 00061952 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escwiad.dll 2015-03-26 17:35 - 2015-03-26 17:36 - 00000000 ____D () C:\Program Files\EPSON 2015-03-26 17:35 - 2015-03-26 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2015-03-26 17:34 - 2015-03-26 17:34 - 00079679 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLMADE.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00064000 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCBADE.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00049152 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00034304 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCHADE.DLL 2015-03-26 17:34 - 2015-03-26 17:34 - 00000000 ____D () C:\ProgramData\EPSON 2015-03-26 17:18 - 2015-04-22 18:49 - 00000000 ____D () C:\Users\Earth\.gimp-2.8 2015-03-26 17:18 - 2015-03-26 17:18 - 00000874 _____ () C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk 2015-03-26 17:18 - 2015-03-26 17:18 - 00000000 ____D () C:\Users\Earth\AppData\Local\gegl-0.2 2015-03-26 17:18 - 2015-03-26 17:18 - 00000000 ____D () C:\Users\Earth\AppData\Local\fontconfig 2015-03-26 17:17 - 2015-03-26 17:17 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-03-26 17:14 - 2015-03-26 17:17 - 00000000 ____D () C:\Program Files\GIMP 2 2015-03-26 17:13 - 2015-03-26 17:14 - 00000000 ____D () C:\Users\Earth\Desktop\Great Canoe Trail 2015-03-26 16:57 - 2015-03-26 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler 2015-03-26 16:57 - 2015-03-26 16:57 - 00000000 ____D () C:\Program Files\KeyScrambler 2015-03-26 16:57 - 2015-02-07 04:37 - 00210512 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys 2015-03-26 12:59 - 2015-03-26 13:25 - 00000000 ____D () C:\Users\Earth\AppData\Local\Nvidia Corporation 2015-03-25 22:27 - 2015-03-25 22:27 - 00000000 ____D () C:\Program Files\AGEIA Technologies 2015-03-25 09:18 - 2015-04-20 23:08 - 00015872 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-25 09:17 - 2015-03-25 09:17 - 00000000 ____D () C:\Windows\pss 2015-03-25 08:58 - 2015-03-25 08:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2015-03-24 20:16 - 2015-03-27 18:49 - 00002145 _____ () C:\Users\Earth\Desktop\kids event.txt 2015-03-24 01:43 - 2015-03-25 09:00 - 00000000 ____D () C:\Users\Earth\AppData\Roaming\WinPatrol 2015-03-24 01:43 - 2015-03-24 01:43 - 00000000 ____D () C:\ProgramData\InstallMate 2015-03-24 01:43 - 2015-03-24 01:43 - 00000000 ____D () C:\Program Files\WinPatrol ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 13:48 - 2015-03-22 15:29 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-23 12:47 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-23 12:47 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-23 10:57 - 2006-11-02 13:52 - 00755764 _____ () C:\Windows\WindowsUpdate.log 2015-04-23 10:21 - 2006-11-02 11:33 - 00865966 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-23 08:48 - 2015-03-22 15:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-23 08:48 - 2015-03-22 14:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-23 08:47 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-23 00:09 - 2006-11-02 14:01 - 00029244 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-22 16:35 - 2015-03-22 15:28 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-04-22 16:35 - 2015-03-22 15:28 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-04-22 16:35 - 2015-03-22 15:07 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-22 16:34 - 2015-03-22 15:07 - 00000000 ____D () C:\Program Files\SpywareBlaster 2015-04-22 15:30 - 2015-03-22 14:02 - 00000000 ____D () C:\Users\Earth 2015-04-22 11:25 - 2015-03-22 20:37 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-04-22 09:18 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-04-22 09:18 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-04-22 09:14 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2015-04-22 08:57 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2015-04-20 14:40 - 2015-03-22 14:55 - 00001777 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk 2015-04-19 14:32 - 2015-03-22 16:32 - 00000000 ____D () C:\Program Files\Arc 2015-04-15 10:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-14 23:08 - 2015-03-22 21:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-14 23:03 - 2006-11-02 11:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-04-02 10:41 - 2015-03-22 14:02 - 00001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-04-02 10:40 - 2012-02-09 22:43 - 19443520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 17543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 15009600 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 10816832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-04-02 10:40 - 2012-02-09 22:43 - 07713088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 05892928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02517312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02437440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02301248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-04-02 10:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help 2015-04-01 18:49 - 2015-01-30 13:27 - 00622192 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00040736 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2015-04-01 18:48 - 2015-01-30 13:27 - 00444472 _____ (COMODO) C:\Windows\system32\guard32.dll 2015-04-01 18:48 - 2015-01-30 13:27 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00288472 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll 2015-04-01 08:40 - 2006-11-02 13:47 - 00228936 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-29 09:35 - 2007-07-13 08:18 - 00050688 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\Rtnicxp.sys 2015-03-29 09:34 - 2008-09-02 15:03 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvunrm.exe 2015-03-29 09:34 - 2008-08-01 19:51 - 01052704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx32.sys 2015-03-29 09:34 - 2008-08-01 18:35 - 00207872 _____ (NVIDIA Corporation) C:\Windows\system32\fdco6.dll 2015-03-29 09:34 - 2008-07-29 20:33 - 00122880 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll 2015-03-26 17:36 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32 2015-03-26 17:32 - 2015-03-22 14:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys 2015-03-26 14:35 - 2015-03-20 11:21 - 27410776 _____ (OpenVPN Technologies) C:\Users\Earth\Documents\privatetunnel-win-2.4.exe 2015-03-26 14:35 - 2015-03-06 18:28 - 01552128 _____ () C:\Users\Earth\Documents\KeyScrambler_Setup.exe 2015-03-26 14:35 - 2015-02-21 12:53 - 76663632 _____ (Lightworks) C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe 2015-03-26 14:35 - 2015-02-21 02:23 - 07962144 _____ () C:\Users\Earth\Documents\npp.6.7.3.Installer.exe 2015-03-25 22:16 - 2007-08-09 19:12 - 00110624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoiins.dll 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoi.dll 2015-03-25 10:11 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-03-25 10:07 - 2015-03-22 14:02 - 00000944 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-25 09:00 - 2015-03-22 16:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-03-24 01:43 - 2015-03-22 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol ==================== Files in the root of some directories ======= 2015-03-22 14:02 - 2015-04-02 10:41 - 0001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-03-25 09:18 - 2015-04-20 23:08 - 0015872 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-22 18:48 - 2015-04-22 18:48 - 0000833 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-23 08:53 ==================== End Of Log ============================ -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Hello Yes still getting them -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Oh I forgot to add can I re-install my MVP host file yet? Thank you -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
At the end of the scan it found nothing and only had a finished button and a box to check that was for uninstalling the software. No list threat and no export or save file. Thank you -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
It's still going out here's another recent log.. Detection, 22/04/2015 20:38:21, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound, -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
OTL logfile created on: 22/04/2015 18:51:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Earth\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.50 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 62.08% Memory free 7.20 Gb Paging File | 5.86 Gb Available in Paging File | 81.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931.51 Gb Total Space | 865.87 Gb Free Space | 92.95% Space Free | Partition Type: NTFS Computer Name: EARTH-PC | User Name: Earth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/04/22 18:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe PRC - [2015/04/22 16:35:29 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2015/04/22 16:35:27 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2015/04/22 16:35:15 | 003,207,800 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe PRC - [2015/04/20 14:35:23 | 000,455,384 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe PRC - [2015/04/20 14:30:50 | 001,359,064 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe PRC - [2015/04/20 14:30:45 | 007,689,432 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe PRC - [2015/04/20 14:30:09 | 004,351,816 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2015/03/26 16:57:01 | 000,509,216 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe PRC - [2015/03/17 07:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2015/03/17 07:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/03/17 07:14:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2015/04/22 16:35:28 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll MOD - [2015/04/22 16:35:27 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll MOD - [2015/03/22 15:28:06 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll ========== Services (SafeList) ========== SRV - [2015/04/22 16:35:27 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2015/04/22 16:35:15 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc) SRV - [2015/04/20 14:30:18 | 001,664,728 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV - [2015/04/20 14:30:09 | 004,351,816 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent) SRV - [2015/04/19 08:25:08 | 000,088,584 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files\Arc\ArcService.exe -- (ArcService) SRV - [2015/03/17 07:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/03/17 07:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Earth\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2015/04/22 16:38:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2015/04/22 16:35:32 | 000,427,992 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2015/04/22 16:35:32 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2015/04/22 16:35:32 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2015/04/22 16:35:32 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2015/04/22 16:35:32 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2015/04/22 16:35:32 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2015/04/22 16:35:32 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid) DRV - [2015/04/22 16:35:19 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2015/04/22 16:35:15 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv) DRV - [2015/04/02 10:40:56 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2015/04/01 18:49:18 | 000,091,200 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2015/04/01 18:49:15 | 000,040,736 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2015/04/01 18:49:12 | 000,622,192 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2015/04/01 18:49:09 | 000,017,088 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd) DRV - [2015/03/29 09:35:11 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2015/03/29 09:34:38 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2015/03/25 22:16:46 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2015/03/22 22:37:59 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2015/03/17 07:15:32 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl) DRV - [2015/03/17 07:15:22 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2015/02/07 04:37:08 | 000,210,512 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Program Files\ArcPlugins\NPSWF32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/04/22 16:35:23 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.421.10417_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2013/09/03 17:19:52 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation) O4 - HKU\S-1-5-21-2376867508-200169253-45356126-1000..\Run: [WinPatrol] C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe (Ruiware LLC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7B2022-369D-496D-9906-0B853F11E601}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2015/04/22 18:41:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe [2015/04/22 16:35:33 | 000,291,312 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe [2015/04/22 16:35:29 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr [2015/04/22 10:33:07 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Earth\Desktop\tdsskiller.exe [2015/04/22 09:18:53 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\temp [2015/04/22 09:17:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2015/04/22 08:59:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2015/04/22 08:59:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2015/04/22 08:59:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2015/04/22 08:58:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2015/04/22 08:57:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2015/04/22 08:55:04 | 005,619,466 | R--- | C] (Swearware) -- C:\Users\Earth\Desktop\ComboFix.exe [2015/04/21 23:50:59 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\New Folder [2015/04/21 22:42:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015/04/21 22:32:49 | 000,000,000 | ---D | C] -- C:\RegBackup [2015/04/21 22:28:11 | 002,685,507 | ---- | C] (Thisisu) -- C:\Users\Earth\Desktop\JRT.exe [2015/04/21 09:19:45 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\old [2015/04/21 09:09:40 | 001,139,200 | ---- | C] (Farbar) -- C:\Users\Earth\Desktop\FRST.exe [2015/04/20 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\sound and vid intro [2015/04/20 14:52:36 | 000,000,000 | ---D | C] -- C:\FRST [2015/04/20 14:40:42 | 000,000,000 | ---D | C] -- C:\VTRoot [2015/04/19 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2015/04/19 12:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2015/04/08 08:53:27 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe_files [2015/04/05 14:24:26 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Roaming\QFX Software [2015/04/05 14:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software [2015/04/02 10:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2015/04/02 10:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2015/04/01 09:47:00 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Bookings - Badgells Wood_files [2015/03/31 10:40:09 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Natural pathways [2015/03/26 18:04:58 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\gtk-2.0 [2015/03/26 18:04:12 | 000,000,000 | ---D | C] -- C:\Users\Earth\.thumbnails [2015/03/26 17:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan [2015/03/26 17:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2015/03/26 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON [2015/03/26 17:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2015/03/26 17:18:42 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\fontconfig [2015/03/26 17:18:39 | 000,000,000 | ---D | C] -- C:\Users\Earth\.gimp-2.8 [2015/03/26 17:18:38 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\gegl-0.2 [2015/03/26 17:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2015/03/26 17:13:47 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Great Canoe Trail [2015/03/26 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler [2015/03/26 16:57:04 | 000,210,512 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys [2015/03/26 16:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler [2015/03/26 12:59:56 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\Nvidia Corporation [2015/03/25 22:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2015/03/25 13:38:46 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\ElevatedDiagnostics [2015/03/25 10:11:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2015/03/25 09:17:21 | 000,000,000 | ---D | C] -- C:\Windows\pss [2015/03/24 01:43:21 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Roaming\WinPatrol [2015/03/24 01:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinPatrol [2015/03/24 01:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2015/03/23 21:44:16 | 000,000,000 | ---D | C] -- C:\Windows\Migration ========== Files - Modified Within 30 Days ========== [2015/04/22 18:48:05 | 000,000,833 | ---- | M] () -- C:\Users\Earth\AppData\Local\recently-used.xbel [2015/04/22 18:48:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015/04/22 18:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe [2015/04/22 18:37:27 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2015/04/22 18:37:27 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2015/04/22 18:09:58 | 000,729,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2015/04/22 18:09:58 | 000,146,942 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2015/04/22 16:38:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015/04/22 16:38:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015/04/22 16:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015/04/22 16:37:22 | 3756,580,864 | -HS- | M] () -- C:\hiberfil.sys [2015/04/22 16:35:32 | 000,427,992 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSP.sys [2015/04/22 16:35:32 | 000,209,048 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2015/04/22 16:35:32 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys [2015/04/22 16:35:32 | 000,057,888 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswTdi.sys [2015/04/22 16:35:32 | 000,055,200 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr.sys [2015/04/22 16:35:32 | 000,049,904 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2015/04/22 16:35:32 | 000,024,144 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys [2015/04/22 16:35:29 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe [2015/04/22 16:35:29 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr [2015/04/22 16:35:19 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys [2015/04/22 15:33:08 | 000,362,595 | ---- | M] () -- C:\Users\Earth\Desktop\forest fires.jpg [2015/04/22 15:30:07 | 000,359,941 | ---- | M] () -- C:\Users\Earth\forest fires.jpg [2015/04/22 10:33:09 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Earth\Desktop\tdsskiller.exe [2015/04/22 08:57:53 | 000,518,144 | ---- | M] (SteelWerX) -- C:\Windows\SWREG.exe [2015/04/22 08:57:53 | 000,406,528 | ---- | M] (SteelWerX) -- C:\Windows\SWSC.exe [2015/04/22 08:57:53 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2015/04/22 08:57:53 | 000,212,480 | ---- | M] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2015/04/22 08:57:53 | 000,208,896 | ---- | M] () -- C:\Windows\MBR.exe [2015/04/22 08:57:53 | 000,098,816 | ---- | M] () -- C:\Windows\sed.exe [2015/04/22 08:57:53 | 000,080,412 | ---- | M] () -- C:\Windows\grep.exe [2015/04/22 08:57:53 | 000,068,096 | ---- | M] () -- C:\Windows\zip.exe [2015/04/22 08:57:52 | 000,060,416 | ---- | M] (NirSoft) -- C:\Windows\NIRCMD.exe [2015/04/22 08:55:07 | 005,619,466 | R--- | M] (Swearware) -- C:\Users\Earth\Desktop\ComboFix.exe [2015/04/21 22:32:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat [2015/04/21 22:28:32 | 002,217,984 | ---- | M] () -- C:\Users\Earth\Desktop\adwcleaner_4.201.exe [2015/04/21 22:28:13 | 002,685,507 | ---- | M] (Thisisu) -- C:\Users\Earth\Desktop\JRT.exe [2015/04/21 15:49:47 | 001,968,287 | ---- | M] () -- C:\Users\Earth\Desktop\cissp-cib.pdf [2015/04/21 09:09:41 | 001,139,200 | ---- | M] (Farbar) -- C:\Users\Earth\Desktop\FRST.exe [2015/04/21 00:07:54 | 000,003,608 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat [2015/04/20 23:08:11 | 000,015,872 | ---- | M] () -- C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015/04/20 14:40:34 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2015/04/19 12:28:00 | 000,524,227 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old [2015/04/08 08:53:27 | 000,106,593 | ---- | M] () -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html [2015/04/02 12:53:18 | 000,001,995 | ---- | M] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/04/02 10:41:29 | 000,001,356 | ---- | M] () -- C:\Users\Earth\AppData\Local\d3d9caps.dat [2015/04/02 10:29:13 | 226,547,341 | ---- | M] () -- C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip [2015/04/01 18:49:18 | 000,091,200 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys [2015/04/01 18:49:15 | 000,040,736 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys [2015/04/01 18:49:12 | 000,622,192 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys [2015/04/01 18:49:09 | 000,017,088 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys [2015/04/01 18:48:21 | 000,033,520 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll [2015/04/01 18:48:18 | 000,444,472 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll [2015/04/01 18:45:54 | 000,288,472 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll [2015/04/01 18:45:27 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll [2015/04/01 09:47:00 | 000,028,723 | ---- | M] () -- C:\Users\Earth\Desktop\Bookings - Badgells Wood.html [2015/04/01 08:40:27 | 000,228,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2015/03/26 17:36:40 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2015/03/26 17:18:48 | 000,000,874 | ---- | M] () -- C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk [2015/03/26 14:35:48 | 027,410,776 | ---- | M] (OpenVPN Technologies) -- C:\Users\Earth\Documents\privatetunnel-win-2.4.exe [2015/03/26 14:35:44 | 007,962,144 | ---- | M] () -- C:\Users\Earth\Documents\npp.6.7.3.Installer.exe [2015/03/26 14:35:34 | 076,663,632 | ---- | M] (Lightworks) -- C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe [2015/03/26 14:35:19 | 001,552,128 | ---- | M] () -- C:\Users\Earth\Documents\KeyScrambler_Setup.exe [2015/03/25 10:07:40 | 000,000,938 | ---- | M] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2015/03/25 09:10:07 | 028,997,775 | ---- | M] () -- C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf [2015/03/25 08:58:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf ========== Files Created - No Company Name ========== [2015/04/22 18:48:05 | 000,000,833 | ---- | C] () -- C:\Users\Earth\AppData\Local\recently-used.xbel [2015/04/22 17:48:41 | 644,050,851 | ---- | C] () -- C:\Users\Earth\Desktop\bits.zip [2015/04/22 15:30:07 | 000,359,941 | ---- | C] () -- C:\Users\Earth\forest fires.jpg [2015/04/22 10:28:14 | 000,362,595 | ---- | C] () -- C:\Users\Earth\Desktop\forest fires.jpg [2015/04/22 08:59:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2015/04/22 08:59:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2015/04/22 08:59:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2015/04/22 08:59:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2015/04/22 08:59:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2015/04/21 22:32:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat [2015/04/21 22:28:32 | 002,217,984 | ---- | C] () -- C:\Users\Earth\Desktop\adwcleaner_4.201.exe [2015/04/21 15:49:46 | 001,968,287 | ---- | C] () -- C:\Users\Earth\Desktop\cissp-cib.pdf [2015/04/20 14:40:39 | 000,003,608 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat [2015/04/08 08:53:25 | 000,106,593 | ---- | C] () -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html [2015/04/02 10:28:35 | 226,547,341 | ---- | C] () -- C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip [2015/04/01 09:46:59 | 000,028,723 | ---- | C] () -- C:\Users\Earth\Desktop\Bookings - Badgells Wood.html [2015/03/29 09:34:43 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2015/03/26 17:36:40 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2015/03/26 17:18:48 | 000,000,874 | ---- | C] () -- C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk [2015/03/26 17:17:45 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2015/03/26 13:40:32 | 3756,580,864 | -HS- | C] () -- C:\hiberfil.sys [2015/03/25 10:07:40 | 000,000,938 | ---- | C] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2015/03/25 09:18:48 | 000,015,872 | ---- | C] () -- C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015/03/25 09:10:05 | 028,997,775 | ---- | C] () -- C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf [2015/03/25 08:58:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2015/03/24 11:18:19 | 000,001,995 | ---- | C] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/03/22 15:28:21 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2015/03/22 15:28:19 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2015/03/22 15:28:17 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys [2015/03/22 14:38:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2015/03/22 14:38:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2015/03/22 14:38:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2015/03/22 14:02:10 | 000,001,356 | ---- | C] () -- C:\Users\Earth\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/03/22 20:24:15 | 011,587,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2015/03/22 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\Arc [2015/03/22 15:32:57 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\AVAST Software [2015/04/05 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\QFX Software [2015/03/25 09:00:56 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\WinPatrol ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Windows\zip.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XpsPrint.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XpsGdiConverter.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xmllite.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_9.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_8.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_7.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_5.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuwebv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups2.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wudriver.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFx.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFSvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFPlatform.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFHost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFCoinstaller.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wucltux.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuaueng.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuauclt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapp.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmWmiPl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmSvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmRes.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmprovhost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmplpxy.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmAuto.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManMigrationPlugin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManHTTPConfig.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wshom.ocx:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wshcon.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSDApi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wscript.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDSp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDShServiceObj.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDShextAutoplay.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpdshext.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpdbusenum.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpd_ci.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMVDECOD.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMVCORE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMSPDMOD.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmpmde.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmploc.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMPhoto.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmpdxm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmicmiplugin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMALFXGFXDSP.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlansvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlansec.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlanmsm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlanapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wkssvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winusb.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wintrust.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winsrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrssrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrsmgr.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrshost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrscmd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrs.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrm.vbs:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winmm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wininet.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\winhttp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\WindowsCodecs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32spl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32k.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wevtfwd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wer.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecutil.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\wdigest.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\Wdfres.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\vbscript.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\usp10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\urlmon.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\url.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\unregmp2.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIRibbonRes.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIRibbon.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIAutomationCore.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIAnimation.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\tzres.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\TsWpfWrp.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\tsbyuv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\timedate.cpl:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\themeui.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\termsrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\TCPSVCS.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskschd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskeng.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskcomp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\t2embed.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\SysFxUI.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\synceng.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\srvsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\spwmp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\spoolsv.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\smss.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\shsvcs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\shlwapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\shell32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secur32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_ssp_isv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_ssp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_isv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\sdclt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\scrrun.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\schedsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\schannel.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\scesrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\sbeio.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\sbe.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rtutils.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rpcrt4.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ROUTE.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_ssp_isv.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_ssp.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_isv.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rdpencom.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\rastls.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\quartz.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\qedit.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\qdvd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\pwrshplugin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\psisrndr.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\psisdecd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\profsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\printcom.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationHostProxy.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationHost.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceWMDRM.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceTypes.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceConnectApi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceClassExtension.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceApi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\packager.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleaut32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleaccrc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleacc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ole32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\odbc32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvwgf2um.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvunrm.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvuninst.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvoglv32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvd3dum.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuvid.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuvenc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuda.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvconrm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcompiler.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntoskrnl.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntkrnlpa.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntdll.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nshhttp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nlasvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\nlaapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\NETSTAT.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netiohlp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netfxperf.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netevent.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\netapi32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ncsi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ncrypt.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msyuv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml3r.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml3.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvidc32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvfw32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvcrt.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msv1_0.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mstscax.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mstsc.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSSTDFMT.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msshsq.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msrle32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msihnd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtmled.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtml.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshta.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeedssync.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeedsbs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeeds.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msdxm.ocx:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSDvbNP.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msdrm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msctf.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscories.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscorier.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscoree.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSCOMCTL.OCX:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msaudite.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\msasn1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mrt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MRINFO.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MpSigStub.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mpg2splt.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\Mpeg2Data.ax:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\MP4SDECD.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc42u.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc40u.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mciseq.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\mciavi32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsass.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsasrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\lpk.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\localspl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\l3codecp.acm:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\l3codeca.acm:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\L2SecHC.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\kernel32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\kerberos.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\jsproxy.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript9.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iyuv_32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iphlpsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\infocardapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcpl.cpl:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcomm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\IMJP10K.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\imagehlp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\IKEEXT.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieUnatt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieui.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iertutil.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieframe.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\idecoiins.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\idecoi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\iccvid.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\icardres.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\icardagt.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\icaapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\httpapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\HOSTNAME.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\hcrstco.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\hccoin.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\gdi32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\GameUXLegacyGDFs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\gameux.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\FWPUCLNT.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\fontsub.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\FntCache.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\finger.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\fdco6.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\EncDump.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\EncDec.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FLMADE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FBCHADE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FBCBADE.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_DCINST.DLL:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtrans.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtmsft.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxmasf.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\DWrite.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WUDFRd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WUDFPf.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WdfLdr.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Wdf01000.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\volsnap.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbscan.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbprint.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbport.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbohci.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbhub.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbehci.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbccgp.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usb8023.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\UMDF\WpdFs.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tunnel.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tssecsrv.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tcpipreg.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tcpip.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srvnet.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv2.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Rtnicxp.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\rdpwd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\portcls.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\partmgr.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvstor32.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvmfdx32.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvlddmkm.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ntfs.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb20.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb10.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxdav.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ksecdd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\http.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\fs_rec.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\fastfat.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\dxgkrnl.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\drmk.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\dfsc.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\bowser.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ASACPI.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\afd.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dpnsvr.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dpnet.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnsrslvr.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnscacheugc.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnsapi.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dfshim.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\dciman32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_41.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_39.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_38.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_37.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_36.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_35.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_34.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_33.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_31.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_30.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_29.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_28.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_27.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_26.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_25.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_24.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx11_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_41.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_39.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_38.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_37.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_36.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_35.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_34.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_33.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dcsx_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_42.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_41.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_40.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_39.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_38.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_37.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_36.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_35.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_34.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_33.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10warp.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10level9.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10core.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10_1core.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10_1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\d2d1.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\csrsrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cscript.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptsvc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptnet.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptdlg.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\crypt32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\consent.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\comctl32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\clfsw32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\clfs.sys:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\certutil.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\certenc.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cdd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\cabview.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\BthMtpContextHandler.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\avifil32.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\authui.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\audiosrv.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\AUDIOKSE.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\AudioEng.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmlib.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmfd.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\atl.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\asycfilt.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\ARP.EXE:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\appinfo.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\Apphlpdm.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\System32\adtschema.dll:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\SWXCACLS.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\SWSC.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\SWREG.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\sed.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\PEV.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\NIRCMD.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\MBR.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\grep.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Windows\avastSS.scr:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\privatetunnel-win-2.4.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\npp.6.7.3.Installer.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\KeyScrambler_Setup.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\tdsskiller.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\OTL.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\JRT.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\FRST.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\ComboFix.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe:$CmdTcID @Alternate Data Stream - 64 bytes -> C:\Program Files\KeyScrambler\keyscrambler.exe:$CmdTcID @Alternate Data Stream - 26 bytes -> C:\Windows\System32\drivers\etc\hosts.old:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\tdsskiller.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\OTL.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\JRT.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\FRST.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\ComboFix.exe:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\cissp-cib.pdf:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdZnID @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
OTL Extras logfile created on: 22/04/2015 18:51:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Earth\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.50 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 62.08% Memory free 7.20 Gb Paging File | 5.86 Gb Available in Paging File | 81.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931.51 Gb Total Space | 865.87 Gb Free Space | 92.95% Space Free | Partition Type: NTFS Computer Name: EARTH-PC | User Name: Earth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{684D7D20-525A-48BC-8C17-2A153CEB3C6A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{182C9667-60B9-4DD7-849C-3C416DEBDF21}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "{8C818C07-A531-44D6-8EA1-0C2360D5695C}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "TCP Query User{67C53C57-435C-4803-9F6D-AFC7E58B8C11}C:\program files\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\neverwinter_en\neverwinter\live\gameclient.exe | "UDP Query User{964554DB-D3AA-4838-9DFF-2C800B69A830}C:\program files\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\neverwinter_en\neverwinter\live\gameclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{68BE8BAB-5375-4C99-9116-1808F5968D40}" = COMODO Firewall "{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol "{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc "Avast" = Avast Free Antivirus "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "GIMP-2_is1" = GIMP 2.8.14 "Google Chrome" = Google Chrome "KeyScrambler" = KeyScrambler "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.4.1018 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "SpywareBlaster_is1" = SpywareBlaster 5.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24 Description = Error - 21/04/2015 17:57:30 | Computer Name = Earth-PC | Source = Windows Search Service | ID = 3013 Description = Error - 22/04/2015 11:34:06 | Computer Name = Earth-PC | Source = VSS | ID = 8194 Description = Error - 22/04/2015 11:50:09 | Computer Name = Earth-PC | Source = Perflib | ID = 1010 Description = Error - 22/04/2015 13:26:40 | Computer Name = Earth-PC | Source = Application Error | ID = 1000 Description = Faulting application gimp-2.8.exe, version 2.8.14.0, time stamp 0x00000000, faulting module libpixman-1-0.dll, version 0.0.0.0, time stamp 0x3f2e3eab, exception code 0xc0000005, fault offset 0x0006fc33, process id 0x13d4, application start time 0x01d07d1fbc38130d. [ System Events ] Error - 09/04/2015 15:16:39 | Computer Name = Earth-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 09/04/2015 15:20:10 | Computer Name = Earth-PC | Source = DCOM | ID = 10005 Description = Error - 09/04/2015 15:20:11 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7009 Description = Error - 09/04/2015 15:20:11 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09/04/2015 15:22:13 | Computer Name = Earth-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 20:20:41 on 09/04/2015 was unexpected. Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031 Description = Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031 Description = Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7034 Description = Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7034 Description = Error - 12/04/2015 18:20:20 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031 Description = < End of report > -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Logs above It says that there is a NDTLL code modification ZwClose does this indicate a kernel modification and a rootkit has installed itself some how? Thank you -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
ComboFix 15-04-19.01 - Earth 22/04/2015 9:00.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2451 [GMT 1:00] Running from: c:\users\Earth\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: COMODO Firewall *Disabled* {C8870897-C358-086B-2944-184866CC6D0A} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2015-03-22 to 2015-04-22 ))))))))))))))))))))))))))))))) . . 2015-04-22 08:13 . 2015-04-22 08:14 -------- d-----w- c:\users\Earth\AppData\Local\temp 2015-04-22 08:13 . 2015-04-22 08:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-04-21 21:42 . 2015-04-21 21:44 -------- d-----w- C:\AdwCleaner 2015-04-21 21:32 . 2015-04-21 21:32 -------- d-----w- C:\RegBackup 2015-04-20 13:52 . 2015-04-21 08:20 -------- d-----w- C:\FRST 2015-04-20 13:40 . 2015-04-20 13:40 -------- d-----w- C:\VTRoot 2015-04-20 13:40 . 2015-04-20 23:07 3608 ----a-w- c:\windows\system32\drivers\fvstore.dat 2015-04-19 11:22 . 2015-04-19 11:22 -------- d-----w- c:\program files\HitmanPro 2015-04-19 11:22 . 2015-04-19 11:26 -------- d-----w- c:\programdata\HitmanPro 2015-04-17 17:26 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{025D98AE-363B-4870-BCAA-C4B6670A0556}\mpengine.dll 2015-04-14 22:08 . 2015-04-14 22:08 1249280 ----a-w- c:\windows\system32\msxml3.dll 2015-04-14 22:03 . 2015-04-14 22:03 297984 ----a-w- c:\windows\system32\gdi32.dll 2015-04-14 22:03 . 2015-04-14 22:03 57344 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-14 22:03 . 2015-04-14 22:03 244152 ----a-w- c:\windows\system32\clfs.sys 2015-04-14 22:02 . 2015-04-14 22:02 1205168 ----a-w- c:\windows\system32\ntdll.dll 2015-04-14 22:02 . 2015-04-14 22:02 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-04-14 22:02 . 2015-04-14 22:02 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-04-05 13:24 . 2015-04-05 13:24 -------- d-----w- c:\users\Earth\AppData\Roaming\QFX Software 2015-04-05 13:24 . 2015-04-05 13:24 -------- d-----w- c:\programdata\QFX Software 2015-04-02 09:42 . 2015-04-02 09:42 -------- d-----w- c:\programdata\NVIDIA Corporation 2015-04-02 09:42 . 2015-04-02 09:43 -------- d-----w- c:\program files\NVIDIA Corporation 2015-03-29 08:34 . 2015-03-29 08:34 453152 ----a-w- c:\windows\system32\nvuninst.exe 2015-03-29 08:34 . 2008-07-08 07:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin 2015-03-26 17:04 . 2015-03-26 17:11 -------- d-----w- c:\users\Earth\AppData\Local\gtk-2.0 2015-03-26 17:04 . 2015-03-26 17:04 -------- d-----w- c:\users\Earth\.thumbnails 2015-03-26 16:36 . 2006-10-13 00:00 61952 ----a-w- c:\windows\system32\escwiad.dll 2015-03-26 16:35 . 2015-03-26 16:36 -------- d-----w- c:\program files\EPSON 2015-03-26 16:34 . 2015-03-26 16:34 64000 ----a-w- c:\windows\system32\E_FBCBADE.DLL 2015-03-26 16:34 . 2015-03-26 16:34 34304 ----a-w- c:\windows\system32\E_FBCHADE.DLL 2015-03-26 16:34 . 2015-03-26 16:34 79679 ----a-w- c:\windows\system32\E_FLMADE.DLL 2015-03-26 16:34 . 2015-03-26 16:34 49152 ----a-w- c:\windows\system32\E_DCINST.DLL 2015-03-26 16:34 . 2015-03-26 16:34 -------- d-----w- c:\programdata\EPSON 2015-03-26 16:18 . 2015-03-26 16:18 -------- d-----w- c:\users\Earth\AppData\Local\fontconfig 2015-03-26 16:18 . 2015-03-26 17:15 -------- d-----w- c:\users\Earth\.gimp-2.8 2015-03-26 16:18 . 2015-03-26 16:18 -------- d-----w- c:\users\Earth\AppData\Local\gegl-0.2 2015-03-26 16:14 . 2015-03-26 16:17 -------- d-----w- c:\program files\GIMP 2 2015-03-26 15:57 . 2015-02-07 03:37 210512 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2015-03-26 15:57 . 2015-03-26 15:57 -------- d-----w- c:\program files\KeyScrambler 2015-03-26 11:59 . 2015-03-26 12:25 -------- d-----w- c:\users\Earth\AppData\Local\Nvidia Corporation 2015-03-26 08:37 . 2015-03-26 08:37 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2015-03-25 21:27 . 2015-03-25 21:27 -------- d-----w- c:\program files\AGEIA Technologies 2015-03-25 12:38 . 2015-03-25 12:38 -------- d-----w- c:\users\Earth\AppData\Local\ElevatedDiagnostics 2015-03-24 00:43 . 2015-03-25 08:00 -------- d-----w- c:\users\Earth\AppData\Roaming\WinPatrol 2015-03-24 00:43 . 2015-03-24 00:43 -------- d-----w- c:\programdata\InstallMate 2015-03-24 00:43 . 2015-03-24 00:43 -------- d-----w- c:\program files\WinPatrol 2015-03-23 20:44 . 2015-03-23 20:44 -------- d-----w- c:\windows\Migration 2015-03-23 20:42 . 2015-03-23 20:41 291312 ----a-w- c:\windows\system32\aswBoot.exe 2015-03-23 20:41 . 2015-03-23 20:41 43112 ----a-w- c:\windows\avastSS.scr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-22 07:26 . 2015-03-22 13:53 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-04-02 09:40 . 2012-02-09 21:43 5892928 ----a-w- c:\windows\system32\nvcuda.dll 2015-04-02 09:40 . 2012-02-09 21:43 2301248 ----a-w- c:\windows\system32\nvapi.dll 2015-04-02 09:40 . 2012-02-09 21:43 17543488 ----a-w- c:\windows\system32\nvcompiler.dll 2015-04-02 09:40 . 2012-02-09 21:43 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll 2015-04-02 09:40 . 2012-02-09 21:43 2517312 ----a-w- c:\windows\system32\nvcuvid.dll 2015-04-02 09:40 . 2012-02-09 21:43 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2015-04-02 09:40 . 2012-02-09 21:43 19443520 ----a-w- c:\windows\system32\nvoglv32.dll 2015-04-02 09:40 . 2012-02-09 21:43 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2015-04-02 09:40 . 2012-02-09 21:43 15009600 ----a-w- c:\windows\system32\nvd3dum.dll 2015-04-01 17:49 . 2015-01-30 12:27 91200 ----a-w- c:\windows\system32\drivers\inspect.sys 2015-04-01 17:49 . 2015-01-30 12:27 40736 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2015-04-01 17:49 . 2015-01-30 12:27 622192 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2015-04-01 17:49 . 2015-01-30 12:27 17088 ----a-w- c:\windows\system32\drivers\cmderd.sys 2015-04-01 17:48 . 2015-01-30 12:27 33520 ----a-w- c:\windows\system32\cmdcsr.dll 2015-04-01 17:48 . 2015-01-30 12:27 444472 ----a-w- c:\windows\system32\guard32.dll 2015-04-01 17:45 . 2015-01-30 12:27 288472 ----a-w- c:\windows\system32\cmdvrt32.dll 2015-04-01 17:45 . 2015-01-30 12:27 40664 ----a-w- c:\windows\system32\cmdkbd32.dll 2015-03-29 08:35 . 2007-07-13 07:18 50688 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys 2015-03-29 08:34 . 2008-08-01 18:51 1052704 ----a-w- c:\windows\system32\drivers\nvmfdx32.sys 2015-03-29 08:34 . 2008-08-01 17:35 207872 ----a-w- c:\windows\system32\fdco6.dll 2015-03-29 08:34 . 2008-07-29 19:33 122880 ----a-w- c:\windows\system32\nvconrm.dll 2015-03-29 08:34 . 2008-09-02 14:03 453152 ----a-w- c:\windows\system32\nvunrm.exe 2015-03-26 16:32 . 2015-03-22 13:13 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys 2015-03-25 21:16 . 2007-08-09 18:12 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys 2015-03-25 21:16 . 2007-08-09 18:03 353280 ----a-w- c:\windows\system32\idecoiins.dll 2015-03-25 21:16 . 2007-08-09 18:03 353280 ----a-w- c:\windows\system32\idecoi.dll 2015-03-25 07:25 . 2015-03-22 19:37 246920 ------w- c:\windows\system32\MpSigStub.exe 2015-03-23 20:41 . 2015-03-22 14:28 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2015-03-23 20:41 . 2015-03-22 14:28 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-03-23 20:41 . 2015-03-22 14:28 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-03-23 20:41 . 2015-03-22 14:28 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-03-23 20:41 . 2015-03-22 14:28 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-03-23 20:41 . 2015-03-22 14:28 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-03-23 20:41 . 2015-03-22 14:28 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2015-03-23 20:40 . 2015-03-22 14:28 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-03-22 22:50 . 2015-03-22 22:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2015-03-22 22:50 . 2015-03-22 22:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2015-03-22 22:50 . 2015-03-22 22:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2015-03-22 22:50 . 2015-03-22 22:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2015-03-22 22:50 . 2015-03-22 22:50 189952 ----a-w- c:\windows\system32\d3d10core.dll 2015-03-22 22:50 . 2015-03-22 22:50 798208 ----a-w- c:\windows\system32\FntCache.dll 2015-03-22 22:50 . 2015-03-22 22:50 683008 ----a-w- c:\windows\system32\d2d1.dll 2015-03-22 22:50 . 2015-03-22 22:50 1069056 ----a-w- c:\windows\system32\DWrite.dll 2015-03-22 22:50 . 2015-03-22 22:50 1029120 ----a-w- c:\windows\system32\d3d10.dll 2015-03-22 22:50 . 2015-03-22 22:50 125952 ----a-w- c:\windows\system32\srvsvc.dll 2015-03-22 22:50 . 2015-03-22 22:50 17920 ----a-w- c:\windows\system32\netevent.dll 2015-03-22 22:50 . 2015-03-22 22:50 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui 2015-03-22 22:49 . 2015-03-22 22:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2015-03-22 21:45 . 2015-03-22 21:45 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2015-03-22 21:40 . 2015-03-22 21:40 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-03-22 21:37 . 2004-08-13 09:56 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys 2015-03-22 21:20 . 2015-03-22 21:20 99480 ----a-w- c:\windows\system32\infocardapi.dll 2015-03-22 21:20 . 2015-03-22 21:20 8856 ----a-w- c:\windows\system32\icardres.dll 2015-03-22 21:20 . 2015-03-22 21:20 619664 ----a-w- c:\windows\system32\icardagt.exe 2015-03-22 21:20 . 2015-03-22 21:20 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2015-03-22 21:16 . 2015-03-22 21:16 2064384 ----a-w- c:\windows\system32\win32k.sys 2015-03-22 21:14 . 2015-03-22 21:14 81560 ----a-w- c:\windows\system32\mscories.dll 2015-03-22 21:14 . 2015-03-22 21:14 156824 ----a-w- c:\windows\system32\mscorier.dll 2015-03-22 21:14 . 2015-03-22 21:14 1131664 ----a-w- c:\windows\system32\dfshim.dll 2015-03-22 21:08 . 2015-03-22 21:08 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-03-22 21:08 . 2015-03-22 21:08 619520 ----a-w- c:\windows\system32\adtschema.dll 2015-03-22 21:08 . 2015-03-22 21:08 449536 ----a-w- c:\windows\system32\termsrv.dll 2015-03-22 21:07 . 2015-03-22 21:07 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2015-03-22 21:05 . 2015-03-22 21:05 2048 ----a-w- c:\windows\system32\tzres.dll 2015-03-22 20:58 . 2015-03-22 20:58 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2015-03-22 20:58 . 2015-03-22 20:58 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2015-03-22 20:58 . 2015-03-22 20:58 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2015-03-22 20:55 . 2015-03-22 20:55 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2015-03-22 20:55 . 2015-03-22 20:55 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2015-03-22 20:55 . 2015-03-22 20:55 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2015-03-22 20:55 . 2015-03-22 20:55 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2015-03-22 20:55 . 2015-03-22 20:55 3072 ----a-w- c:\windows\system32\drivers\UMDF\en-US\wpdmtpdr.dll.mui 2015-03-22 20:55 . 2015-03-22 20:55 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2015-03-22 20:55 . 2015-03-22 20:55 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2015-03-22 20:55 . 2015-03-22 20:55 350208 ----a-w- c:\windows\system32\WPDSp.dll 2015-03-22 20:55 . 2015-03-22 20:55 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2015-03-22 20:55 . 2015-03-22 20:55 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2015-03-22 20:55 . 2015-03-22 20:55 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll 2015-03-22 20:55 . 2015-03-22 20:55 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2015-03-22 20:55 . 2015-03-22 20:55 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2015-03-22 20:55 . 2015-03-22 20:55 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2015-03-22 20:39 . 2015-03-22 20:39 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-03-22 20:34 . 2015-03-22 20:34 499200 ----a-w- c:\windows\system32\kerberos.dll 2015-03-22 20:32 . 2015-03-22 20:32 67072 ----a-w- c:\windows\system32\packager.dll 2015-03-22 20:14 . 2015-03-22 20:14 564224 ----a-w- c:\windows\system32\oleaut32.dll 2015-03-22 20:08 . 2015-03-22 20:08 72704 ----a-w- c:\windows\system32\fontsub.dll 2015-03-22 20:08 . 2015-03-22 20:08 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-03-22 20:08 . 2015-03-22 20:08 296960 ----a-w- c:\windows\system32\atmfd.dll 2015-03-22 20:08 . 2015-03-22 20:08 23552 ----a-w- c:\windows\system32\lpk.dll 2015-03-22 20:08 . 2015-03-22 20:08 10240 ----a-w- c:\windows\system32\dciman32.dll 2015-03-22 20:00 . 2015-03-22 20:00 64000 ----a-w- c:\windows\system32\smss.exe 2015-03-22 20:00 . 2015-03-22 20:00 49152 ----a-w- c:\windows\system32\csrsrv.dll 2015-03-22 19:59 . 2015-03-22 19:59 807936 ----a-w- c:\windows\system32\msctf.dll 2015-03-22 19:57 . 2015-03-22 19:57 729600 ----a-w- c:\windows\system32\IMJP10K.DLL 2015-03-22 19:53 . 2015-03-22 19:53 161792 ----a-w- c:\windows\system32\msls31.dll 2015-03-22 19:53 . 2015-03-22 19:53 86528 ----a-w- c:\windows\system32\iesysprep.dll 2015-03-22 19:53 . 2015-03-22 19:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2015-03-22 19:53 . 2015-03-22 19:53 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2015-03-22 19:53 . 2015-03-22 19:53 48640 ----a-w- c:\windows\system32\mshtmler.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-03-23 20:40 644608 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files\WinPatrol\WinPatrol\winpatrol.exe" [2015-03-24 1160536] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-04-20 1359064] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-23 5512912] "KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2015-03-26 509216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Monitor 4.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk backup=c:\windows\pss\Device Monitor 4.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series] 2015-03-26 16:34 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIADE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-18 23:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-04-17 17:49 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 14:28] . 2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 14:28] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-04-22 09:14 Windows 6.0.6002 Service Pack 2 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Configurations] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Data] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Options] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3788) c:\windows\System32\fwpuclnt.dll . Completion time: 2015-04-22 09:18:46 ComboFix-quarantined-files.txt 2015-04-22 08:18 . Pre-Run: 939,031,236,608 bytes free Post-Run: 938,947,457,024 bytes free . - - End Of File - - 3BD1982572F299BE523FFC9604D2AD86 5C616939100B85E558DA92B899A0FC36 -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
All 3 are posted above Maniac thank you -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 21/04/2015 Scan Time: 22:48:56 Logfile: mbam.txt Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.04.21.06 Rootkit Database: v2015.04.21.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Earth Scan Type: Threat Scan Result: Completed Objects Scanned: 285893 Time Elapsed: 8 min, 32 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
# AdwCleaner v4.201 - Logfile created 21/04/2015 at 22:44:56 # Updated 08/04/2015 by Xplode # Database : 2015-04-08.1 [Local] # Operating system : Windows Vista Home Premium Service Pack 2 (x86) # Username : Earth - EARTH-PC # Running from : C:\Users\Earth\Desktop\adwcleaner_4.201.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16636 -\\ Google Chrome v42.0.2311.90 [C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} ************************* AdwCleaner[R1].txt - [897 bytes] - [21/04/2015 22:42:14] AdwCleaner[s1].txt - [825 bytes] - [21/04/2015 22:44:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [883 bytes] ########## -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.0 (04.20.2015:1) OS: Windows Vista Home Premium x86 Ran by Earth on 21/04/2015 at 22:32:44.63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/04/2015 at 22:39:44.48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
The log is above. It is still trying to dial out here's a log from Mbam Detection, 21/04/2015 20:28:02, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound, -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015 Ran by Earth at 2015-04-21 09:20:00 Run:1 Running from C:\Users\Earth\Desktop Loaded Profiles: Earth (Available profiles: Earth) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. ==== End of Fixlog 09:20:00 ==== -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
Thank you for your help I will do all this now. Will I be able to re-add MVP hosts file? or is something wrong with it on the main site? -
Thanks guy's I will look into your suggestions, I only want to play with them not for any reason other than I have never used them before. Privacy shouldn't be an issue as I will set a second email up and send them to my self lol All the best Paul
-
I'm thinking of using http://www.getsidekick.com/e-mail tracker I'm new to them does anyone know any of any better software that tracks your e-mail safely to it's destination and tells you when its been opened and by who. It's more just to play with than anything. Thanks
-
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
I kept getting "you can't post as you added it to quickly" and "post to long" would be easier and quicker to add as a zip -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
C:\Windows\system32\NlsData0047.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0046.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0045.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0039.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0020.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0011.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02643456 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000c.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02599936 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0001.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02342912 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000d.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0007.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01966592 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0027.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0c1a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData081a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0026.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0024.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001b.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0018.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000f.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0003.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData003e.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData002a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0022.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0021.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01523712 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0000.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\netprof.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2015-03-22 14:13 - 2008-01-19 00:35 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\msidcrl30.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL 2015-03-22 14:13 - 2008-01-19 00:35 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\mycomput.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\msoeacct.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mssha.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\msrdc.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\nlmgp.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\NAPMONTR.DLL 2015-03-22 14:13 - 2008-01-19 00:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\ndfapi.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\msoert2.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\msident.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NapiNSP.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\mspatcha.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\napipsec.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\ndfetw.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\mtxlegih.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Nlsdl.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\mtxdm.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\msidle.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\d3d8.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\d3dim700.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\colorui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00614400 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\ddraw.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\filemgmt.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00415232 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\dsquery.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\dmdlgs.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\d3dim.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\msdtckrm.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\msdelta.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\CompatUI.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\comsnap.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\msdtcuiu.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\msdt.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\mdminst.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\lltdsvc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\mlang.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\dmdskmgr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\dmime.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\dsdmo.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\msdadiag.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\dinput8.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\keymgr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\icsfiltr.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\dbnetlib.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\McxDriv.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\msdart.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\mprmsg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\msaatext.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\loadperf.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\comrepl.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\msdtclog.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\efsadu.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dskquota.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\dmscript.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\IPBusEnum.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\loghours.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\GuidedHelp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\EAPQEC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\HelpPaneProxy.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\DHCPQEC.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\dxva2.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\colbact.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\eapsvc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\fwcfg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\DfsShlEx.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\d3dxof.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\dnshc.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\dot3dlg.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\mmcss.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dssec.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpclnt.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\dmocx.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dfdts.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\dmloader.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\esentprf.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dispci.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dimsjob.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lltdapi.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\mfcsubs.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\cofiredm.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\idndl.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\LangCleanupSysprepAction.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\ias.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\dmutil.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\hnetmon.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\localui.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\fdPHost.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\KBDJPN.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\KBDKOR.DLL 2015-03-22 14:13 - 2008-01-19 00:34 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iscsied.dll 2015-03-22 14:13 - 2008-01-19 00:34 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 08139264 _____ (Microsoft Corporation) C:\Windows\system32\ssBranded.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 05714432 _____ (Microsoft Corporation) C:\Windows\system32\logon.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 02585088 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 01405952 _____ (Microsoft Corporation) C:\Windows\system32\ActiveContentWizard.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00879616 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00805888 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2015-03-22 14:13 - 2008-01-19 00:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\clbcatq.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00520704 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWGP.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00498176 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\catsrv.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\shrpubw.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\cmipnpinstall.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\NAPSTAT.EXE 2015-03-22 14:13 - 2008-01-19 00:33 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\adsnt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\authfwcfg.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00226816 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr 2015-03-22 14:13 - 2008-01-19 00:33 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\apircl.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgrade.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\WinFXDocObj.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\activeds.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\apss.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\p2phost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\adsldp.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00163840 _____ (Microsoft Corp.) C:\Windows\system32\DfrgNtfs.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msdt.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\raserver.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\DpiScaling.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\CompMgmtLauncher.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00134656 _____ (Microsoft Corporation) C:\Windows\regedit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\SoundRecorder.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\mtstocom.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\dispdiag.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\verifier.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\msscript.ocx 2015-03-22 14:13 - 2008-01-19 00:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\msdtc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2015-03-22 14:13 - 2008-01-19 00:33 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayApi.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\makecab.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\OptionalFeatures.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00096768 _____ (Microsoft Corp.) C:\Windows\system32\dfrgfat.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\diantz.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\vssadmin.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\esentutl.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\btpanui.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\dmview.ocx 2015-03-22 14:13 - 2008-01-19 00:33 - 00087552 _____ (Microsoft) C:\Windows\system32\Robocopy.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TpmInit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\bootcfg.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\ACW.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\systeminfo.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wlanext.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\cmdl32.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\DFDWiz.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\cmifw.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\MuiUnattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\driverquery.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\getmac.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\cmicryptinstall.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\alg.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\dfrgifc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\extrac32.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\expand.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\brcplsdw.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\gacinstall.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\net.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\bcdprov.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\cmutil.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\ucsvc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\regini.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\lodctr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\lnkstub.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\rasphone.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\xcopy.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\ComputerDefaults.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\SecEdit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\waitfor.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\RpcPing.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\unlodctr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\cmlua.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax 2015-03-22 14:13 - 2008-01-19 00:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\cmcfg32.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rdrleakdiag.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\shutdown.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\unattendedjoin.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\AtBroker.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\syskey.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\sxstrace.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\icacls.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\cmpbk32.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Netplwiz.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\netcfg.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\cacls.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\at.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\RacAgent.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\capisp.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sfc.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\PING.EXE 2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nbtstat.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\bridgeunattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\cmstplua.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\ktmutil.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\icsunattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\setupSNK.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mountvol.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\fveupdate.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\batt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\avrt.dll 2015-03-22 14:13 - 2008-01-19 00:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\sbunattend.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\InfDefaultInstall.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe 2015-03-22 14:13 - 2008-01-19 00:33 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\csrss.exe 2015-03-22 14:13 - 2008-01-19 00:32 - 02249216 _____ (Microsoft Corporation) C:\Windows\system32\Firewall.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 01370624 _____ (Microsoft Corporation) C:\Windows\system32\Aurora.scr 2015-03-22 14:13 - 2008-01-19 00:32 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\joy.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl 2015-03-22 14:13 - 2008-01-19 00:32 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl 2015-03-22 14:13 - 2008-01-19 00:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll 2015-03-22 14:13 - 2008-01-19 00:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-03-22 14:13 - 2008-01-19 00:31 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll 2015-03-22 14:13 - 2008-01-19 00:29 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\imagesp1.dll 2015-03-22 14:13 - 2008-01-19 00:29 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-22 14:13 - 2008-01-18 23:01 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll 2015-03-22 14:13 - 2008-01-18 23:01 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2015-03-22 14:13 - 2008-01-18 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys 2015-03-22 14:13 - 2008-01-18 23:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\tsddd.dll 2015-03-22 14:13 - 2008-01-18 23:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys 2015-03-22 14:13 - 2008-01-18 23:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys 2015-03-22 14:13 - 2008-01-18 22:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys 2015-03-22 14:13 - 2008-01-18 22:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys 2015-03-22 14:13 - 2008-01-18 22:57 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys 2015-03-22 14:13 - 2008-01-18 22:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys 2015-03-22 14:13 - 2008-01-18 22:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS 2015-03-22 14:13 - 2008-01-18 22:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys 2015-03-22 14:13 - 2008-01-18 22:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00053376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bdasup.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys 2015-03-22 14:13 - 2008-01-18 22:53 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\vga256.dll 2015-03-22 14:13 - 2008-01-18 22:52 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys 2015-03-22 14:13 - 2008-01-18 22:52 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\vga64k.dll 2015-03-22 14:13 - 2008-01-18 22:52 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\framebuf.dll 2015-03-22 14:13 - 2008-01-18 22:52 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\vga.dll 2015-03-22 14:13 - 2008-01-18 22:50 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parvdm.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00005504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys 2015-03-22 14:13 - 2008-01-18 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\dmdskres2.dll 2015-03-22 14:13 - 2008-01-18 22:48 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\comres.dll 2015-03-22 14:13 - 2008-01-18 22:48 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\msdtcVSp1res.dll 2015-03-22 14:13 - 2008-01-18 22:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2015-03-22 14:13 - 2008-01-18 22:45 - 00016896 _____ (Microsoft) C:\Windows\system32\grb.rs 2015-03-22 14:13 - 2008-01-18 22:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb 2015-03-22 14:13 - 2008-01-18 22:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\wertargets.wtl 2015-03-22 14:13 - 2008-01-18 22:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys 2015-03-22 14:13 - 2008-01-18 22:33 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\graftabl.com 2015-03-22 14:13 - 2008-01-18 22:31 - 08322048 _____ (Microsoft Corporation) C:\Windows\system32\spwizimg.dll 2015-03-22 14:13 - 2008-01-18 22:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2015-03-22 14:13 - 2008-01-18 22:30 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys 2015-03-22 14:13 - 2008-01-18 22:28 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys 2015-03-22 14:13 - 2008-01-18 22:28 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys 2015-03-22 14:13 - 2008-01-18 22:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2015-03-22 14:13 - 2008-01-18 22:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\bootstr.dll 2015-03-22 14:13 - 2008-01-05 04:34 - 00015181 _____ () C:\Windows\system32\gatherWirelessInfo.vbs 2015-03-22 14:13 - 2008-01-05 04:32 - 00001820 _____ () C:\Windows\system32\rasctrnm.h 2015-03-22 14:13 - 2008-01-05 04:31 - 00145455 _____ () C:\Windows\system32\perfmon.msc 2015-03-22 14:13 - 2008-01-05 04:23 - 00060124 _____ () C:\Windows\system32\tcpmon.ini 2015-03-22 14:13 - 2008-01-05 04:22 - 00144909 _____ () C:\Windows\system32\fsmgmt.msc 2015-03-22 14:13 - 2008-01-05 04:21 - 00012198 _____ () C:\Windows\system32\gatherWiredInfo.vbs 2015-03-22 14:12 - 2007-12-06 05:04 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll 2015-03-22 14:10 - 2015-03-22 14:20 - 00327680 _____ () C:\Windows\SPInstall.etl 2015-03-22 14:02 - 2015-04-02 10:42 - 00000000 ____D () C:\Users\Earth 2015-03-22 14:02 - 2015-04-02 10:41 - 00001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-03-22 14:02 - 2015-03-25 10:07 - 00000944 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-22 14:02 - 2015-03-22 23:01 - 00049168 _____ () C:\Users\Earth\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-22 14:02 - 2015-03-22 23:00 - 00000949 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-22 14:02 - 2015-03-22 14:50 - 00000915 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2015-03-22 14:02 - 2015-03-22 14:02 - 00000020 ___SH () C:\Users\Earth\ntuser.ini 2015-03-22 14:02 - 2015-03-22 14:02 - 00000000 ____D () C:\Users\Earth\AppData\Local\VirtualStore 2015-03-22 14:02 - 2006-11-02 13:54 - 00000000 ___RD () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 14:02 - 2006-11-02 13:50 - 00000000 ___RD () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 13:54 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-20 13:54 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-20 10:57 - 2006-11-02 13:52 - 00658187 _____ () C:\Windows\WindowsUpdate.log 2015-04-20 08:00 - 2006-11-02 11:33 - 00844736 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-20 07:54 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-19 23:19 - 2006-11-02 14:01 - 00026268 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-15 10:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-14 23:03 - 2006-11-02 11:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-04-02 10:40 - 2012-02-09 22:43 - 19443520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 17543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 15009600 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 10816832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-04-02 10:40 - 2012-02-09 22:43 - 07713088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 05892928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02517312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02437440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2015-04-02 10:40 - 2012-02-09 22:43 - 02301248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-04-02 10:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help 2015-04-01 18:49 - 2015-01-30 13:27 - 00622192 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00040736 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2015-04-01 18:49 - 2015-01-30 13:27 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2015-04-01 18:48 - 2015-01-30 13:27 - 00444472 _____ (COMODO) C:\Windows\system32\guard32.dll 2015-04-01 18:48 - 2015-01-30 13:27 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00288472 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll 2015-04-01 18:45 - 2015-01-30 13:27 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll 2015-04-01 08:40 - 2006-11-02 13:47 - 00228936 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-29 09:35 - 2007-07-13 08:18 - 00050688 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\Rtnicxp.sys 2015-03-29 09:34 - 2008-09-02 15:03 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvunrm.exe 2015-03-29 09:34 - 2008-08-01 19:51 - 01052704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx32.sys 2015-03-29 09:34 - 2008-08-01 18:35 - 00207872 _____ (NVIDIA Corporation) C:\Windows\system32\fdco6.dll 2015-03-29 09:34 - 2008-07-29 20:33 - 00122880 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll 2015-03-26 17:36 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32 2015-03-26 14:35 - 2015-03-20 11:21 - 27410776 _____ (OpenVPN Technologies) C:\Users\Earth\Documents\privatetunnel-win-2.4.exe 2015-03-26 14:35 - 2015-03-06 18:28 - 01552128 _____ () C:\Users\Earth\Documents\KeyScrambler_Setup.exe 2015-03-26 14:35 - 2015-02-21 12:53 - 76663632 _____ (Lightworks) C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe 2015-03-26 14:35 - 2015-02-21 02:23 - 07962144 _____ () C:\Users\Earth\Documents\npp.6.7.3.Installer.exe 2015-03-25 22:16 - 2007-08-09 19:12 - 00110624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoiins.dll 2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoi.dll 2015-03-25 10:11 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-03-23 21:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2015-03-22 22:51 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-TW 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-HK 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-CN 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\th-TH 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sv-SE 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sl-SI 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sk-SK 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ru-RU 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ro-RO 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-PT 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-BR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pl-PL 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nl-NL 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nb-NO 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lv-LV 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lt-LT 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ko-KR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ja-JP 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\it-IT 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hu-HU 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hr-HR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\he-IL 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fr-FR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fi-FI 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\et-EE 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\el-GR 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-03-22 22:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ar-SA 2015-03-22 22:50 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2015-03-22 22:50 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Movie Maker 2015-03-22 22:50 - 2006-11-02 12:18 - 00000000 ___RD () C:\Windows\Offline Web Pages 2015-03-22 22:50 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 22:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-22 22:37 - 2004-08-13 10:56 - 00005810 _____ () C:\Windows\system32\Drivers\ASACPI.sys 2015-03-22 21:51 - 2006-11-02 13:43 - 00037888 ____H () C:\Windows\system32\config\BCD-Template.LOG 2015-03-22 21:51 - 2006-11-02 13:37 - 00262144 _____ () C:\Windows\system32\config\BCD-Template 2015-03-22 20:53 - 2006-11-02 07:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat 2015-03-22 20:53 - 2006-11-02 07:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat 2015-03-22 19:07 - 2006-11-02 11:25 - 01304064 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2015-03-22 19:07 - 2006-11-02 09:55 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\hccoin.dll 2015-03-22 16:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-22 15:19 - 2006-11-02 13:50 - 00001661 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Collaboration 2015-03-22 14:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Calendar 2015-03-22 14:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\SLUI 2015-03-22 14:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-03-22 14:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\IME 2015-03-22 14:33 - 2006-11-02 13:55 - 00001743 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2015-03-22 14:33 - 2006-11-02 13:50 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest 2015-03-22 14:33 - 2006-11-02 13:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-22 14:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades 2015-03-22 14:29 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ras 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\icsxml 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ias 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\com 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\MSAgent 2015-03-22 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\L2Schemas 2015-03-22 14:24 - 2006-11-02 11:32 - 00101888 _____ (Infineon Technologies AG) C:\Windows\system32\ifxcardm.dll 2015-03-22 14:24 - 2006-11-02 11:32 - 00082432 _____ (Gemalto, Inc.) C:\Windows\system32\axaltocm.dll 2015-03-22 14:11 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\restore ==================== Files in the root of some directories ======= 2015-03-22 14:02 - 2015-04-02 10:41 - 0001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat 2015-03-25 09:18 - 2015-03-26 15:04 - 0014336 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-26 18:14 - 2015-03-26 18:14 - 0000832 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-20 07:59 ==================== End Of Log ============================ -
gone8.com keeps trying to dial out
PaulAllen replied to PaulAllen's topic in Resolved Malware Removal Logs
2015-03-22 14:38 - 2009-04-11 00:32 - 00125928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00122344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00109032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00099816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-03-22 14:38 - 2009-04-11 00:32 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00053224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00050664 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL 2015-03-22 14:38 - 2009-04-11 00:32 - 00048104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00035304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00027624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00027112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll 2015-03-22 14:38 - 2009-04-11 00:32 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys 2015-03-22 14:38 - 2009-04-11 00:32 - 00017896 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll 2015-03-22 14:38 - 2009-04-11 00:32 - 00017384 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 03174400 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 03072000 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02515968 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02225664 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02205184 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02167808 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01856512 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01788416 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\apds.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01589248 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01580544 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01576960 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01533440 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01524736 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01502720 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01480704 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01459200 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01382912 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 01342464 _____ (Microsoft Corporation) C:\Windows\system32\brcpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01324032 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01224192 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01152000 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\wercon.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01086464 _____ (Microsoft Corporation) C:\Windows\system32\NetProjW.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01081344 _____ (Microsoft Corporation) C:\Windows\system32\SLCExt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01055232 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 01053696 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00971264 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00968192 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz2.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00852992 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00777216 _____ (Microsoft Corporation) C:\Windows\system32\slcc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\ipsecsnp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00670720 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00657408 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\SLCommDlg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00532992 _____ (Microsoft Corporation) C:\Windows\system32\wpcao.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00516608 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00507904 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\IasMigReader.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00454144 _____ (Microsoft) C:\Windows\system32\IasMigPlugin.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\msvcp60.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\devmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00364032 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\SLUI.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\WscEapPr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\wow32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\es.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iassdo.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\SLC.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\mscandui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\adsldpc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\sperror.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\SLLUA.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\fundisc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wpcsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\dsprop.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\softkbd.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00117248 _____ () C:\Windows\system32\EhStorAuthn.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayDriverLib.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\EhStorShell.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\imapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\dmsynth.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\dmusic.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL 2015-03-22 14:38 - 2009-04-11 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\msctfui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mstlsapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\msctfp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00083456 _____ (Microsoft) C:\Windows\system32\SMBHelperClass.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\wlgpclnt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\iashlpr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\slwmi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tscupgrd.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\SLUINotify.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Storprop.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingProxy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\feclient.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\mmci.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\l2nacp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\bthci.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\slcinst.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\networkitemfactory.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\TSTheme.exe 2015-03-22 14:38 - 2009-04-11 00:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\EhStorPwdMgr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\bitsigd.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\whealogr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\msimtf.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\ifmon.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\uxsms.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\hidserv.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\version.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\winrnr.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\NcdProp.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\MsCtfMonitor.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\vdmdbg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\midimap.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\spcmsg.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mmcico.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\spwinsat.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\CHxReadingStringIME.dll 2015-03-22 14:38 - 2009-04-11 00:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\fdBthProxy.dll 2015-03-22 14:38 - 2009-04-11 00:27 - 03408896 _____ (Microsoft Corporation) C:\Windows\system32\SLsvc.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 02926592 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 02092544 _____ (Microsoft Corporation) C:\Windows\system32\dfsr.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 01122304 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 01102848 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl 2015-03-22 14:38 - 2009-04-11 00:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\dpapimig.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx 2015-03-22 14:38 - 2009-04-11 00:27 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp 2015-03-22 14:38 - 2009-04-11 00:27 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv 2015-03-22 14:38 - 2009-04-11 00:27 - 00130024 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll 2015-03-22 14:38 - 2009-04-11 00:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax 2015-03-22 14:38 - 2009-04-11 00:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2015-03-22 14:38 - 2009-04-11 00:27 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\hdwwiz.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\conime.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingWizard.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\cmmon32.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\csrstub.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\bthudtask.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ipconfig.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEject.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv 2015-03-22 14:38 - 2009-04-11 00:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\fc.exe 2015-03-22 14:38 - 2009-04-11 00:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\gpupdate.exe 2015-03-22 14:38 - 2009-04-11 00:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2015-03-22 14:38 - 2009-04-11 00:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2015-03-22 14:38 - 2009-04-11 00:22 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2015-03-22 14:38 - 2009-04-11 00:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2015-03-22 14:38 - 2009-04-11 00:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2015-03-22 14:38 - 2009-04-11 00:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll 2015-03-22 14:38 - 2009-04-10 23:42 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys 2015-03-22 14:38 - 2009-04-10 22:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-22 14:38 - 2009-04-10 22:48 - 00344698 _____ () C:\Windows\system32\eaphost.tmf 2015-03-22 14:38 - 2009-04-10 22:46 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys 2015-03-22 14:38 - 2009-04-10 22:45 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2015-03-22 14:38 - 2009-04-10 22:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-03-22 14:38 - 2009-04-10 22:45 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys 2015-03-22 14:38 - 2009-04-10 22:43 - 00442788 _____ () C:\Windows\system32\dot3.tmf 2015-03-22 14:38 - 2009-04-10 22:43 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2015-03-22 14:38 - 2009-04-10 22:42 - 00052992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys 2015-03-22 14:38 - 2009-04-10 22:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys 2015-03-22 14:38 - 2009-04-10 22:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys 2015-03-22 14:38 - 2009-04-10 22:39 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2015-03-22 14:38 - 2009-04-10 22:39 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll 2015-03-22 14:38 - 2009-04-10 22:38 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2015-03-22 14:38 - 2009-04-10 22:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-03-22 14:38 - 2009-04-10 22:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys 2015-03-22 14:38 - 2009-04-10 22:22 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys 2015-03-22 14:38 - 2009-04-10 22:14 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2015-03-22 14:38 - 2009-04-10 22:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys 2015-03-22 14:38 - 2009-04-10 20:52 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys 2015-03-22 14:38 - 2009-04-10 19:59 - 00107612 _____ () C:\Windows\system32\StructuredQuerySchema.bin 2015-03-22 14:38 - 2009-04-10 19:59 - 00018904 _____ () C:\Windows\system32\StructuredQuerySchemaTrivial.bin 2015-03-22 14:38 - 2009-04-10 19:54 - 03662128 _____ () C:\Windows\system32\locale.nls 2015-03-22 14:38 - 2009-03-06 19:11 - 00130008 _____ () C:\Windows\system32\systemsf.ebd 2015-03-22 14:38 - 2009-02-19 18:20 - 00009239 _____ () C:\Windows\system32\spcinstrumentation.man 2015-03-22 14:38 - 2009-02-18 12:39 - 00092918 _____ () C:\Windows\system32\slmgr.vbs 2015-03-22 14:38 - 2009-02-18 12:38 - 11967524 _____ () C:\Windows\system32\korwbrkr.lex 2015-03-22 14:38 - 2009-02-18 12:38 - 00035168 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl 2015-03-22 14:35 - 2015-03-22 14:35 - 00000000 ____D () C:\Windows\system32\EventProviders 2015-03-22 14:14 - 2008-01-19 00:36 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll 2015-03-22 14:14 - 2008-01-19 00:36 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\sdspres.dll 2015-03-22 14:14 - 2008-01-19 00:33 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe 2015-03-22 14:13 - 2015-03-26 17:32 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys 2015-03-22 14:13 - 2015-03-22 19:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\hcrstco.dll 2015-03-22 14:13 - 2008-01-19 00:42 - 00142904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00094776 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe 2015-03-22 14:13 - 2008-01-19 00:42 - 00058936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00057400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00052792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys 2015-03-22 14:13 - 2008-01-19 00:42 - 00045112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00034360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00031288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00024120 _____ (Microsoft Corporation) C:\Windows\system32\BOOTVID.DLL 2015-03-22 14:13 - 2008-01-19 00:41 - 00021048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00016440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys 2015-03-22 14:13 - 2008-01-19 00:41 - 00015288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys 2015-03-22 14:13 - 2008-01-19 00:38 - 04595712 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll 2015-03-22 14:13 - 2008-01-19 00:38 - 00155704 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll 2015-03-22 14:13 - 2008-01-19 00:38 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL 2015-03-22 14:13 - 2008-01-19 00:38 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 01675264 _____ (Microsoft Corporation) C:\Windows\system32\xpssvcs.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 01642496 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 01329152 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 01295360 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\XPSSHHDR.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\xwizards.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\wmvdspa.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\xwtpw32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\xactsrv.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\wpclsp.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\wzcdlg.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wscmisetup.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\wtsapi32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\wmiprop.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\wmpcm.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\xmlprovi.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wsock32.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll 2015-03-22 14:13 - 2008-01-19 00:37 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\WSHTCPIP.DLL 2015-03-22 14:13 - 2008-01-19 00:37 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\wship6.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 02588160 _____ (Microsoft Corporation) C:\Windows\system32\UIHub.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 01502208 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 01298432 _____ (Microsoft Corporation) C:\Windows\system32\TMM.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\ogldrv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\RASMM.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00913408 _____ (Microsoft Corporation) C:\Windows\system32\WlanMM.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\unbcl.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\WLanConn.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\sqlceqp30.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00531456 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\wlandlg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wiashext.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\p2pcollab.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\qwave.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\unattend.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\provthrd.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\verifier.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\rgb9rast.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\RstrtMgr.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\SmiInstaller.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\p2pnetsh.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\WLanHC.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\sstpsvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\SSShim.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\shrink.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\oledlg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\sdshext.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\TapiMigPlugin.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Tabbtn.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\wlancfg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\txflog.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\ntdsapi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\wiascanprofiles.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\usbui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\olecli32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\olethk32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\trkwks.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\rasqec.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\winethc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pnrpnsp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\tbssvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\PNPXAssocPrx.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\TabbtnEx.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Sens.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\rshx32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\TimeDateMUICallback.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\osblprov.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\vdmredir.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00041472 _____ (Microsoft) C:\Windows\system32\WlanMmHC.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\RegCtrl.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\psbase.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\sfc_os.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\vds_ps.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\utildll.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\odbcbcp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\olesvr32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\srwmi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\sxsstore.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\perfnet.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\osbaseln.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\PlaySndSrv.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\perfts.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\WINSRPC.DLL 2015-03-22 14:13 - 2008-01-19 00:36 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\pots.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\serialui.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\rasctrs.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\usbperf.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\txfw32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\pnpts.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll 2015-03-22 14:13 - 2008-01-19 00:36 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\procinst.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 09847296 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04875776 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0009.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04497408 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0019.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0816.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0416.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0414.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001d.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0010.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03466752 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0013.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004e.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004c.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004b.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004a.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0049.dll 2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation)