PDA

View Full Version : Email Bug/DDS Freezes



screamineagle
2012-01-25, 12:54
I noticed 2 days ago that my email had sent out 6 messages after I had logged off the night before to all of my contacts. I was unable to run either dds, the .scr or the .com and malwarebytes would not run. I reran the windows 7 upgrade disc trying to clean this up but DDS still freezes and malwarbytes opens but when I click scan it just closes? Spybot ran but found nothing. HELP!!!

Kevin

--- Search result list ---
Congratulations!: No immediate threats were found. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-01-24 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-01-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-01-17 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-01-17 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-01-16 Includes\TrojansC-02.sbi (*)
2012-01-18 Includes\TrojansC-03.sbi (*)
2012-01-18 Includes\TrojansC-04.sbi (*)
2012-01-02 Includes\TrojansC-05.sbi (*)
2012-01-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


--- Startup entries list ---
Located: HK_LM:Run, AVG_TRAY
command: "E:\Program Files\AVG\AVG2012\avgtray.exe"
file: E:\Program Files\AVG\AVG2012\avgtray.exe
size: 2415456
MD5: 4441D7C2FF6094CCEDD8FB15C9406B63

Located: HK_LM:Run, IntelliPoint
command: "e:\Program Files\Microsoft IntelliPoint\ipoint.exe"
file: e:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 1821576
MD5: E774F875819DEE4A312A921A88F779FE



--- Browser helper object list ---
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: E:\Program Files\AVG\AVG2012\
Long name: avgssie.dll
Short name:
Date (created): 11/11/2011 2:29:52 AM
Date (last access): 1/24/2012 5:12:52 PM
Date (last write): 11/11/2011 2:29:52 AM
Filesize: 1378144
Attributes: archive
MD5: 973E131DEC4E14804C5B4E1BA04B0115
CRC32: 7C8D41E8
Version: 12.0.0.1870



--- ActiveX list ---


--- Process list ---
PID: 2464 ( 740) E:\Windows\system32\taskhost.exe
size: 49152
MD5: 7FA8BA5A780E4757964AC9D4238302B9
PID: 2576 (1172) E:\Windows\system32\Dwm.exe
size: 92672
MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D
PID: 2600 (2560) E:\Windows\Explorer.EXE
size: 2616320
MD5: 8B88EBBB05A0E56B7DCC708498C02B3E
PID: 2756 (2600) E:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 1821576
MD5: E774F875819DEE4A312A921A88F779FE
PID: 2764 (2600) E:\Program Files\AVG\AVG2012\avgtray.exe
size: 2415456
MD5: 4441D7C2FF6094CCEDD8FB15C9406B63
PID: 2908 ( 312) E:\Program Files\NVIDIA Corporation\Display\nvtray.exe
size: 373864
MD5: 04DB1E60FBFB9A77AF16238A209C2CDD
PID: 2988 (2600) E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 1244 (2600) E:\Program Files\Mozilla Firefox\firefox.exe
size: 924632
MD5: 11CCA710674739E3DB8F7450A5B650B6
PID: 3320 (1244) E:\Program Files\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: 0619C9E7A3682C54BD226A831897CD06
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 268 ( 4) smss.exe
size: 69632
PID: 320 ( 312) avgrsx.exe
PID: 352 ( 320) avgcsrvx.exe
PID: 600 ( 588) csrss.exe
size: 6144
PID: 656 ( 644) csrss.exe
size: 6144
PID: 664 ( 588) wininit.exe
size: 96256
PID: 740 ( 664) services.exe
size: 259072
PID: 748 ( 664) lsass.exe
size: 22528
PID: 760 ( 664) lsm.exe
size: 267776
PID: 772 ( 644) winlogon.exe
size: 286720
PID: 936 ( 740) svchost.exe
size: 20992
PID: 996 ( 740) nvvsvc.exe
size: 615528
PID: 1036 ( 740) svchost.exe
size: 20992
PID: 1120 ( 740) svchost.exe
size: 20992
PID: 1172 ( 740) svchost.exe
size: 20992
PID: 1200 ( 740) svchost.exe
size: 20992
PID: 1336 ( 740) svchost.exe
size: 20992
PID: 1420 ( 740) svchost.exe
size: 20992
PID: 1544 ( 740) spoolsv.exe
size: 317440
PID: 1596 ( 740) svchost.exe
size: 20992
PID: 1696 ( 740) avgwdsvc.exe
PID: 1736 ( 740) svchost.exe
size: 20992
PID: 1832 ( 740) svchost.exe
size: 20992
PID: 1976 ( 740) AVGIDSAgent.exe
PID: 112 (1696) avgnsx.exe
PID: 308 (1696) avgemcx.exe
PID: 312 ( 996) nvxdsync.exe
PID: 532 ( 996) nvvsvc.exe
size: 615528
PID: 2280 (1172) WUDFHost.exe
size: 195584
PID: 3072 ( 740) SearchIndexer.exe
size: 427520
PID: 3340 ( 740) wmpnetwk.exe
PID: 3724 ( 740) svchost.exe
size: 20992
PID: 3304 ( 740) daemonu.exe
PID: 1196 ( 740) sppsvc.exe
size: 3179520
PID: 2328 ( 740) svchost.exe
size: 20992
PID: 2364 (2584) TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
PID: 3368 ( 936) dllhost.exe
size: 7168
PID: 3940 (1120) audiodg.exe
size: 100864

ken545
2012-01-30, 23:55
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

screamineagle
2012-01-31, 01:37
Here we go Ken, I can't thank you enough !!!

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 16:09:46
-----------------------------
16:09:46.678 OS Version: Windows 6.1.7601 Service Pack 1
16:09:46.678 Number of processors: 2 586 0x401
16:09:46.694 ComputerName: MAXIMUS-PC UserName: Maximus
16:09:47.413 Initialize success
16:10:32.140 AVAST engine defs: 12013000
16:10:42.421 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
16:10:42.421 Disk 0 Vendor: WDC_WD1600JB-98GVA0 08.02D08 Size: 152627MB BusType: 3
16:10:42.421 Device \Driver\USBSTOR -> DriverStartIo USBSTOR.SYS 8f0f7dee
16:10:42.453 Disk 1 MBR read successfully
16:10:42.468 Disk 1 MBR scan
16:10:42.468 Disk 1 Windows 7 default MBR code
16:10:42.484 Disk 1 MBR hidden
16:10:42.484 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
16:10:42.515 Disk 1 scanning E:\Windows\system32\drivers
16:11:20.562 Service scanning
16:12:07.625 Modules scanning
16:14:12.312 Disk 1 trace - called modules:
16:14:12.328
16:14:14.000 AVAST engine scan E:\Windows
16:14:19.203 AVAST engine scan E:\Windows\system32
16:24:47.703 AVAST engine scan E:\Windows\system32\drivers
16:25:13.984 AVAST engine scan E:\Users\Maximus
17:21:11.284 AVAST engine scan E:\ProgramData
17:22:11.862 Scan finished successfully
17:34:22.582 Disk 1 MBR has been saved successfully to "E:\Users\Maximus\Desktop\MBR.dat"
17:34:22.597 The log file has been saved successfully to "E:\Users\Maximus\Desktop\aswMBR.txt"

ken545
2012-01-31, 02:15
Lets take a look at your MBR

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

screamineagle
2012-01-31, 02:44
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 159):
0x82819000 \SystemRoot\system32\ntkrnlpa.exe
0x82C2B000 \SystemRoot\system32\halmacpi.dll
0x80BC8000 \SystemRoot\system32\kdcom.dll
0x82E2D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82EB2000 \SystemRoot\system32\PSHED.dll
0x82EC3000 \SystemRoot\system32\BOOTVID.dll
0x82ECB000 \SystemRoot\system32\CLFS.SYS
0x82F0D000 \SystemRoot\system32\CI.dll
0x8863F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x886B0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x886BE000 \SystemRoot\system32\drivers\ACPI.sys
0x88706000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8870F000 \SystemRoot\system32\drivers\msisadrv.sys
0x88717000 \SystemRoot\system32\drivers\pci.sys
0x88741000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8874C000 \SystemRoot\System32\drivers\partmgr.sys
0x8875D000 \SystemRoot\system32\drivers\volmgr.sys
0x8876D000 \SystemRoot\System32\drivers\volmgrx.sys
0x887B8000 \SystemRoot\system32\drivers\intelide.sys
0x887BF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x887CD000 \SystemRoot\System32\drivers\mountmgr.sys
0x887E3000 \SystemRoot\system32\drivers\atapi.sys
0x88600000 \SystemRoot\system32\drivers\ataport.SYS
0x88623000 \SystemRoot\system32\drivers\amdxata.sys
0x82FB8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8862C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8880F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8893E000 \SystemRoot\System32\Drivers\msrpc.sys
0x88969000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8897C000 \SystemRoot\System32\Drivers\cng.sys
0x889D9000 \SystemRoot\System32\drivers\pcw.sys
0x889E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88A0A000 \SystemRoot\system32\drivers\ndis.sys
0x88AC1000 \SystemRoot\system32\drivers\NETIO.SYS
0x88AFF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88C39000 \SystemRoot\System32\drivers\tcpip.sys
0x88D83000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88DB4000 \SystemRoot\system32\drivers\volsnap.sys
0x88DF3000 \SystemRoot\System32\Drivers\spldr.sys
0x88C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x88B24000 \SystemRoot\System32\Drivers\mup.sys
0x88C2D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88B34000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88B66000 \SystemRoot\system32\DRIVERS\disk.sys
0x88B77000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88B9C000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x88C35000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x88BD5000 \SystemRoot\system32\drivers\cdrom.sys
0x889F0000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x88BF4000 \SystemRoot\System32\Drivers\Null.SYS
0x88A00000 \SystemRoot\System32\Drivers\Beep.SYS
0x88800000 \SystemRoot\System32\drivers\vga.sys
0x82E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x887EC000 \SystemRoot\System32\drivers\watchdog.sys
0x82E21000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x82FEC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82FF4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8E227000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E232000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E240000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E257000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E263000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8E2AA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E2DC000 \SystemRoot\system32\drivers\afd.sys
0x8E336000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E33D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E35C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E36A000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E384000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E397000 \SystemRoot\system32\drivers\termdd.sys
0x8E3A8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E3E9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E3F3000 \SystemRoot\system32\drivers\mssmbios.sys
0x8E200000 \SystemRoot\System32\drivers\discache.sys
0x8E20C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E00C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8E01A000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8E051000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E072000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FA35000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90462000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x90466000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9051D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90556000 \SystemRoot\system32\drivers\HDAudBus.sys
0x90575000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90580000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x905CB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\e100b325.sys
0x905DA000 \SystemRoot\system32\drivers\i8042prt.sys
0x905F2000 \SystemRoot\system32\drivers\kbdclass.sys
0x8FA27000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8E084000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8E08E000 \SystemRoot\system32\DRIVERS\parport.sys
0x8E0A6000 \SystemRoot\system32\drivers\CompositeBus.sys
0x8E0B3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8E0C5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E0DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E0E8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E10A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E122000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E139000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E150000 \SystemRoot\system32\drivers\mouclass.sys
0x8FA32000 \SystemRoot\system32\drivers\swenum.sys
0x8E15D000 \SystemRoot\system32\drivers\ks.sys
0x8E191000 \SystemRoot\system32\drivers\umbus.sys
0x8E19F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E1E3000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8E1ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F029000 \SystemRoot\system32\drivers\HdAudio.sys
0x8F079000 \SystemRoot\system32\drivers\portcls.sys
0x8F0A8000 \SystemRoot\system32\drivers\drmk.sys
0x8F0C1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F0D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F0DA000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8F0E8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8F0F3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8F10A000 \SystemRoot\system32\drivers\hidusb.sys
0x8F115000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x8F128000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8F12F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x946C0000 \SystemRoot\System32\win32k.sys
0x8F13A000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F144000 \SystemRoot\system32\DRIVERS\point32.sys
0x8F14D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F15A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F165000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8F16E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8F17F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94920000 \SystemRoot\System32\TSDDD.dll
0x94950000 \SystemRoot\System32\cdd.dll
0x94970000 \SystemRoot\System32\ATMFD.DLL
0x8F18A000 \SystemRoot\system32\drivers\luafv.sys
0x8F1A5000 \SystemRoot\system32\drivers\WudfPf.sys
0x8F1BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F1CF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97A16000 \SystemRoot\system32\drivers\HTTP.sys
0x97A9B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97AB4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97AC6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x97AE9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x97B24000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97B3F000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x97B46000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x97B49000 \SystemRoot\system32\drivers\peauth.sys
0x97BE0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8F000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x97BEA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x97BF7000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x9A032000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A082000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x9A0A2000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A0F4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9A115000 \SystemRoot\system32\drivers\spsys.sys
0x9A17F000 \??\E:\Windows\system32\drivers\mbamswissarmy.sys
0x9A187000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9A1B1000 \??\E:\Users\Maximus\AppData\Local\Temp\aswMBR.sys
0x778E0000 \Windows\System32\ntdll.dll
0x480D0000 \Windows\System32\smss.exe
0x77B20000 \Windows\System32\apisetschema.dll

Processes (total 51):
0 System Idle Process
4 System
264 E:\Windows\System32\smss.exe
316 E:\PROGRA~1\AVG\AVG2012\avgrsx.exe
348 E:\Program Files\AVG\AVG2012\avgcsrvx.exe
580 csrss.exe
640 csrss.exe
648 E:\Windows\System32\wininit.exe
688 E:\Windows\System32\services.exe
716 E:\Windows\System32\lsass.exe
724 E:\Windows\System32\lsm.exe
756 E:\Windows\System32\winlogon.exe
872 E:\Windows\System32\svchost.exe
932 E:\Windows\System32\nvvsvc.exe
976 E:\Windows\System32\svchost.exe
1052 E:\Windows\System32\svchost.exe
1124 E:\Windows\System32\svchost.exe
1172 E:\Windows\System32\svchost.exe
1300 E:\Windows\System32\svchost.exe
1408 E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1420 E:\Windows\System32\nvvsvc.exe
1492 E:\Windows\System32\svchost.exe
1676 E:\Windows\System32\spoolsv.exe
1688 E:\Windows\System32\dwm.exe
1720 E:\Windows\explorer.exe
1756 E:\Windows\System32\svchost.exe
1880 E:\Windows\System32\taskhost.exe
1968 E:\Program Files\AVG\AVG2012\avgwdsvc.exe
2004 E:\Windows\System32\svchost.exe
284 E:\Windows\System32\svchost.exe
540 E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
1588 E:\Program Files\AVG\AVG2012\avgnsx.exe
2116 E:\Program Files\AVG\AVG2012\avgemcx.exe
2632 WUDFHost.exe
2836 E:\Program Files\Microsoft IntelliPoint\ipoint.exe
2852 E:\Program Files\AVG\AVG2012\avgtray.exe
3024 E:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3212 E:\Windows\System32\SearchIndexer.exe
3376 E:\Program Files\Windows Media Player\wmpnetwk.exe
3764 E:\Windows\System32\svchost.exe
2884 E:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
3364 E:\Windows\System32\sppsvc.exe
3564 E:\Windows\System32\svchost.exe
5820 E:\Windows\System32\taskhost.exe
6032 E:\Program Files\Mozilla Firefox\firefox.exe
3552 E:\Program Files\Mozilla Firefox\plugin-container.exe
5916 E:\Windows\System32\SearchProtocolHost.exe
5416 E:\Windows\System32\audiodg.exe
1844 E:\Users\Maximus\Desktop\MBRCheck.exe
4620 E:\Windows\System32\conhost.exe
5760 E:\Windows\System32\dllhost.exe

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-98GVA0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ken545
2012-01-31, 10:32
Good Morning,

I was concerned about your Master Boot Record being infected, lots of that going around lately but it appears ok, see if you can run this program

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

screamineagle
2012-01-31, 12:47
Your hours are as strange as mine! Towards the end of the scan I received a OTL.exe-No Disk error that wanted me to insert a disk into \Device\Harddisk1\DR1 ?

OTL logfile created on: 1/31/2012 4:31:56 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = E:\Users\Maximus\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.26% Memory free
4.00 Gb Paging File | 2.92 Gb Available in Paging File | 73.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive E: | 149.04 Gb Total Space | 33.28 Gb Free Space | 22.33% Space Free | Partition Type: NTFS

Computer Name: MAXIMUS-PC | User Name: Maximus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\Users\Maximus\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgmfapx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - E:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - E:\Windows\explorer.exe (Microsoft Corporation)
PRC - E:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- E:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- E:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- E:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (SensrSvc) -- E:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- E:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- E:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Avgldx86) -- E:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- E:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- E:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- E:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- E:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- E:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- E:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- E:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (nvlddmkm) -- E:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TsUsbFlt) -- E:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (Serial) -- E:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========







IE - HKU\S-1-5-21-3574072951-386191322-3505562031-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3574072951-386191322-3505562031-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3574072951-386191322-3505562031-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 2B BD EA EC DA CC 01 [binary data]
IE - HKU\S-1-5-21-3574072951-386191322-3505562031-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://forums.spybot.info/showthread.php?p=420766#post420766|http://www.offshoreonly.com/forums/cigarette-32/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: E:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/24 17:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012/01/24 17:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins

[2012/01/24 17:28:24 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Maximus\AppData\Roaming\Mozilla\Extensions
[2012/01/24 17:27:52 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/24 20:06:02 | 000,440,287 | R--- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15136 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG_TRAY] E:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3574072951-386191322-3505562031-1003..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543FAB8C-8671-4D5E-B325-371E6A3ABBB1}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\Windows\system32\userinit.exe) -E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (E:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 04:30:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- E:\Users\Maximus\Desktop\OTL.exe
[2012/01/30 16:04:21 | 004,733,440 | ---- | C] (AVAST Software) -- E:\Users\Maximus\Desktop\aswMBR.exe
[2012/01/30 15:51:07 | 000,000,000 | ---D | C] -- E:\Users\Maximus\Documents\Cigarette Bullet
[2012/01/25 15:52:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/25 15:52:12 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Roaming\Malwarebytes
[2012/01/25 15:52:04 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/25 15:52:03 | 000,000,000 | ---D | C] -- E:\ProgramData\Malwarebytes
[2012/01/25 15:52:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbam.sys
[2012/01/25 15:52:02 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2012/01/24 19:50:04 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/24 19:49:57 | 000,000,000 | ---D | C] -- E:\ProgramData\Spybot - Search & Destroy
[2012/01/24 19:49:57 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
[2012/01/24 18:50:30 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Roaming\Macromedia
[2012/01/24 18:50:30 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Roaming\Adobe
[2012/01/24 18:50:18 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/24 18:50:17 | 000,000,000 | ---D | C] -- E:\Windows\System32\Macromed
[2012/01/24 18:28:29 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Local\Diagnostics
[2012/01/24 17:28:11 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Roaming\Mozilla
[2012/01/24 17:28:11 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Local\Mozilla
[2012/01/24 17:27:43 | 000,000,000 | ---D | C] -- E:\Program Files\Mozilla Firefox
[2012/01/24 17:14:35 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Roaming\AVG2012
[2012/01/24 17:13:34 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/24 17:12:45 | 000,000,000 | ---D | C] -- E:\ProgramData\AVG2012
[2012/01/24 17:12:45 | 000,000,000 | ---D | C] -- E:\Windows\System32\drivers\AVG
[2012/01/24 17:11:03 | 000,000,000 | ---D | C] -- E:\Program Files\AVG
[2012/01/24 16:14:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/24 16:14:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2012/01/24 16:14:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2012/01/24 16:14:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/01/24 16:14:33 | 000,162,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2012/01/24 16:14:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieakeng.dll
[2012/01/24 16:14:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2012/01/24 16:14:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2012/01/24 16:14:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2012/01/24 16:14:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2012/01/24 16:14:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2012/01/24 16:14:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2012/01/24 16:14:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2012/01/24 16:14:31 | 000,353,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2012/01/24 16:14:31 | 000,223,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2012/01/24 16:14:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2012/01/24 16:14:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/01/24 16:14:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2012/01/24 16:14:30 | 000,353,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2012/01/24 16:14:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/01/24 16:14:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2012/01/24 16:14:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2012/01/24 16:14:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2012/01/24 16:14:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2012/01/24 16:14:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2012/01/24 16:14:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2012/01/24 16:14:29 | 001,798,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/01/24 16:14:29 | 000,580,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/01/24 16:14:29 | 000,227,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieaksie.dll
[2012/01/24 16:14:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieakui.dll
[2012/01/24 16:14:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2012/01/24 16:14:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2012/01/24 16:14:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/01/24 16:14:29 | 000,118,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2012/01/24 16:14:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\admparse.dll
[2012/01/24 16:14:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2012/01/24 16:14:29 | 000,035,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2012/01/24 16:04:30 | 000,000,000 | ---D | C] -- E:\Windows\System32\SPReview
[2012/01/24 16:03:49 | 000,000,000 | ---D | C] -- E:\Windows\System32\EventProviders
[2012/01/24 15:37:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\TsUsbFlt.sys
[2012/01/24 15:37:05 | 000,011,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/01/24 15:36:59 | 001,171,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10warp.dll
[2012/01/24 15:36:59 | 000,954,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mfc40.dll
[2012/01/24 15:36:59 | 000,954,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mfc40u.dll
[2012/01/24 15:36:56 | 000,423,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\secproc_isv.dll
[2012/01/24 15:36:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\secproc.dll
[2012/01/24 15:36:54 | 000,327,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RMActivate_isv.exe
[2012/01/24 15:36:52 | 000,322,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RMActivate.exe
[2012/01/24 15:36:50 | 000,253,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spwizui.dll
[2012/01/24 15:36:49 | 003,207,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mf.dll
[2012/01/24 15:36:47 | 001,334,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\CertEnroll.dll
[2012/01/24 15:36:47 | 000,520,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mcupdate_GenuineIntel.dll
[2012/01/24 15:36:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PresentationHost.exe
[2012/01/24 15:36:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PresentationHostProxy.dll
[2012/01/24 15:36:43 | 001,115,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RacEngn.dll
[2012/01/24 15:36:42 | 005,066,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\AuthFWSnapin.dll
[2012/01/24 15:36:39 | 001,493,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ExplorerFrame.dll
[2012/01/24 15:36:37 | 001,828,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d9.dll
[2012/01/24 15:36:36 | 000,505,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskschd.dll
[2012/01/24 15:36:34 | 000,456,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spinstall.exe
[2012/01/24 15:36:34 | 000,381,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wer.dll
[2012/01/24 15:36:34 | 000,280,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spreview.exe
[2012/01/24 15:36:33 | 001,371,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dwmcore.dll
[2012/01/24 15:36:32 | 000,863,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\diagperf.dll
[2012/01/24 15:36:31 | 003,367,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WinSAT.exe
[2012/01/24 15:36:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\scavengeui.dll
[2012/01/24 15:36:30 | 000,597,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TSWorkspace.dll
[2012/01/24 15:36:30 | 000,270,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tsmf.dll
[2012/01/24 15:36:28 | 002,522,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dbgeng.dll
[2012/01/24 15:36:27 | 000,522,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d11.dll
[2012/01/24 15:36:26 | 001,619,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMVDECOD.DLL
[2012/01/24 15:36:24 | 000,252,928 | ---- | C] (Microsoft) -- E:\Windows\System32\DShowRdpFilter.dll
[2012/01/24 15:36:23 | 002,151,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mmcndmgr.dll
[2012/01/24 15:36:23 | 001,792,000 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\authui.dll
[2012/01/24 15:36:23 | 000,732,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imapi2fs.dll
[2012/01/24 15:36:23 | 000,341,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msdrm.dll
[2012/01/24 15:36:23 | 000,049,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netfxperf.dll
[2012/01/24 15:36:22 | 000,974,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sppobjs.dll
[2012/01/24 15:36:22 | 000,547,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PortableDeviceApi.dll
[2012/01/24 15:36:21 | 001,555,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\certmgr.dll
[2012/01/24 15:36:21 | 000,220,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mcbuilder.exe
[2012/01/24 15:36:20 | 001,712,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xpsservices.dll
[2012/01/24 15:36:20 | 000,508,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winload.exe
[2012/01/24 15:36:20 | 000,323,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drvstore.dll
[2012/01/24 15:36:19 | 000,412,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sppwinob.dll
[2012/01/24 15:36:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\cmd.exe
[2012/01/24 15:36:18 | 000,206,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\framedynos.dll
[2012/01/24 15:36:17 | 000,296,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mfds.dll
[2012/01/24 15:36:16 | 002,414,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wucltux.dll
[2012/01/24 15:36:16 | 000,442,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winresume.exe
[2012/01/24 15:36:16 | 000,351,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmicmiplugin.dll
[2012/01/24 15:36:16 | 000,240,000 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\netio.sys
[2012/01/24 15:36:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncsi.dll
[2012/01/24 15:36:15 | 001,063,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\werconcpl.dll
[2012/01/24 15:36:15 | 000,762,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\azroles.dll
[2012/01/24 15:36:13 | 000,508,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxgi.dll
[2012/01/24 15:36:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mfreadwrite.dll
[2012/01/24 15:36:13 | 000,144,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\basecsp.dll
[2012/01/24 15:36:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\NaturalLanguage6.dll
[2012/01/24 15:36:12 | 000,488,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\evr.dll
[2012/01/24 15:36:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskcomp.dll
[2012/01/24 15:36:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\calc.exe
[2012/01/24 15:36:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WinSATAPI.dll
[2012/01/24 15:36:10 | 000,778,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sqlsrv32.dll
[2012/01/24 15:36:10 | 000,242,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vpnike.dll
[2012/01/24 15:36:09 | 002,983,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\UIRibbon.dll
[2012/01/24 15:36:09 | 000,477,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lpksetup.exe
[2012/01/24 15:36:09 | 000,271,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\fveapi.dll
[2012/01/24 15:36:07 | 000,155,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\hgprint.dll
[2012/01/24 15:36:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\prncache.dll
[2012/01/24 15:36:05 | 000,458,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WSDApi.dll
[2012/01/24 15:36:05 | 000,352,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmpeffects.dll
[2012/01/24 15:36:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\net1.exe
[2012/01/24 15:36:04 | 000,690,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ci.dll
[2012/01/24 15:36:04 | 000,321,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aepdu.dll
[2012/01/24 15:36:04 | 000,139,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rpchttp.dll
[2012/01/24 15:36:04 | 000,119,808 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aitagent.exe
[2012/01/24 15:36:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\scansetting.dll
[2012/01/24 15:36:03 | 000,213,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MMDevAPI.dll
[2012/01/24 15:36:02 | 002,504,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMVCORE.DLL
[2012/01/24 15:36:02 | 000,411,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wlangpui.dll
[2012/01/24 15:36:02 | 000,167,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\QSHVHOST.DLL
[2012/01/24 15:36:02 | 000,131,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aaclient.dll
[2012/01/24 15:36:02 | 000,101,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\consent.exe
[2012/01/24 15:36:01 | 001,750,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\pnidui.dll
[2012/01/24 15:36:01 | 000,782,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\webservices.dll
[2012/01/24 15:36:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\t2embed.dll
[2012/01/24 15:36:00 | 000,225,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netdiagfx.dll
[2012/01/24 15:36:00 | 000,124,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\fde.dll
[2012/01/24 15:35:59 | 002,146,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SyncCenter.dll
[2012/01/24 15:35:59 | 000,907,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sdengin2.dll
[2012/01/24 15:35:59 | 000,560,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wuapi.dll
[2012/01/24 15:35:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wscapi.dll
[2012/01/24 15:35:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/01/24 15:35:57 | 000,830,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MSMPEG2ENC.DLL
[2012/01/24 15:35:57 | 000,826,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcore.dll
[2012/01/24 15:35:57 | 000,727,040 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mcmde.dll
[2012/01/24 15:35:55 | 000,392,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imapi2.dll
[2012/01/24 15:35:55 | 000,103,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\setupcl.exe
[2012/01/24 15:35:54 | 000,630,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DXPTaskRingtone.dll
[2012/01/24 15:35:54 | 000,302,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aeinv.dll
[2012/01/24 15:35:53 | 002,576,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2012/01/24 15:35:52 | 001,624,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMPEncEn.dll
[2012/01/24 15:35:52 | 000,097,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dwmredir.dll
[2012/01/24 15:35:51 | 002,217,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\bootres.dll
[2012/01/24 15:35:51 | 001,077,248 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Narrator.exe
[2012/01/24 15:35:51 | 000,658,944 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\autofmt.exe
[2012/01/24 15:35:51 | 000,196,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vaultsvc.dll
[2012/01/24 15:35:51 | 000,166,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netiohlp.dll
[2012/01/24 15:35:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\audiodg.exe
[2012/01/24 15:35:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\hbaapi.dll
[2012/01/24 15:35:50 | 000,679,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\autoconv.exe
[2012/01/24 15:35:50 | 000,303,104 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msinfo32.exe
[2012/01/24 15:35:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\AudioSes.dll
[2012/01/24 15:35:50 | 000,194,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\halmacpi.dll
[2012/01/24 15:35:50 | 000,194,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\hal.dll
[2012/01/24 15:35:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\proquota.exe
[2012/01/24 15:35:49 | 000,441,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\powercpl.dll
[2012/01/24 15:35:49 | 000,400,896 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ipsmsnap.dll
[2012/01/24 15:35:49 | 000,337,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msihnd.dll
[2012/01/24 15:35:49 | 000,301,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\srchadmin.dll
[2012/01/24 15:35:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\eapphost.dll
[2012/01/24 15:35:49 | 000,202,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\framedyn.dll
[2012/01/24 15:35:49 | 000,181,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tcpipcfg.dll
[2012/01/24 15:35:49 | 000,179,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\schtasks.exe
[2012/01/24 15:35:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mimefilt.dll
[2012/01/24 15:35:48 | 000,155,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscorier.dll
[2012/01/24 15:35:47 | 000,665,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012/01/24 15:35:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\timedate.cpl
[2012/01/24 15:35:47 | 000,171,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\QAGENT.DLL
[2012/01/24 15:35:46 | 000,399,872 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DXP.dll
[2012/01/24 15:35:46 | 000,117,248 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netid.dll
[2012/01/24 15:35:45 | 001,227,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wdc.dll
[2012/01/24 15:35:44 | 000,933,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Vault.dll
[2012/01/24 15:35:44 | 000,346,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\untfs.dll
[2012/01/24 15:35:44 | 000,132,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\ataport.sys
[2012/01/24 15:35:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\nci.dll
[2012/01/24 15:35:43 | 001,326,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wlanpref.dll
[2012/01/24 15:35:43 | 001,131,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sdclt.exe
[2012/01/24 15:35:43 | 001,003,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMNetMgr.dll
[2012/01/24 15:35:42 | 000,098,816 | ---- | C] (Microsoft) -- E:\Windows\System32\Robocopy.exe
[2012/01/24 15:35:41 | 001,400,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DxpTaskSync.dll
[2012/01/24 15:35:41 | 001,040,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Display.dll
[2012/01/24 15:35:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msdri.dll
[2012/01/24 15:35:41 | 000,135,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XpsRasterService.dll
[2012/01/24 15:35:40 | 000,352,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\termmgr.dll
[2012/01/24 15:35:40 | 000,324,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\puiobj.dll
[2012/01/24 15:35:40 | 000,316,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sharemediacpl.dll
[2012/01/24 15:35:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\userinit.exe
[2012/01/24 15:35:39 | 001,188,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DiagCpl.dll
[2012/01/24 15:35:39 | 000,288,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\eudcedit.exe
[2012/01/24 15:35:39 | 000,140,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\scsiport.sys
[2012/01/24 15:35:39 | 000,127,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\logoncli.dll
[2012/01/24 15:35:38 | 001,066,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msdtctm.dll
[2012/01/24 15:35:38 | 000,856,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\FirewallControlPanel.dll
[2012/01/24 15:35:38 | 000,428,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\biocpl.dll
[2012/01/24 15:35:38 | 000,416,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wiadefui.dll
[2012/01/24 15:35:38 | 000,233,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msconfig.exe
[2012/01/24 15:35:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sppcomapi.dll
[2012/01/24 15:35:38 | 000,111,104 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\shsetup.dll
[2012/01/24 15:35:37 | 002,202,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SensorsCpl.dll
[2012/01/24 15:35:37 | 002,157,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\themecpl.dll
[2012/01/24 15:35:37 | 000,766,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wpccpl.dll
[2012/01/24 15:35:37 | 000,216,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\FWPUCLNT.DLL
[2012/01/24 15:35:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dnscmmc.dll
[2012/01/24 15:35:35 | 000,413,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PhotoScreensaver.scr
[2012/01/24 15:35:35 | 000,312,832 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\hgcpl.dll
[2012/01/24 15:35:35 | 000,080,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscories.dll
[2012/01/24 15:35:34 | 000,600,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\usercpl.dll
[2012/01/24 15:35:34 | 000,481,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscms.dll
[2012/01/24 15:35:34 | 000,429,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\localsec.dll
[2012/01/24 15:35:34 | 000,400,896 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\srcore.dll
[2012/01/24 15:35:34 | 000,268,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mprddm.dll
[2012/01/24 15:35:34 | 000,220,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SndVolSSO.dll
[2012/01/24 15:35:34 | 000,133,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\bcdsrv.dll
[2012/01/24 15:35:34 | 000,078,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iasacct.dll
[2012/01/24 15:35:33 | 001,644,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netcenter.dll
[2012/01/24 15:35:33 | 000,941,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mblctr.exe
[2012/01/24 15:35:33 | 000,638,976 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\VAN.dll
[2012/01/24 15:35:33 | 000,600,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PerfCenterCPL.dll
[2012/01/24 15:35:33 | 000,509,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qedit.dll
[2012/01/24 15:35:33 | 000,410,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wlanui.dll
[2012/01/24 15:35:33 | 000,314,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SndVol.exe
[2012/01/24 15:35:33 | 000,120,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\prntvpt.dll
[2012/01/24 15:35:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\w32tm.exe
[2012/01/24 15:35:32 | 003,727,872 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\accessibilitycpl.dll
[2012/01/24 15:35:32 | 000,352,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spwizeng.dll
[2012/01/24 15:35:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\azroleui.dll
[2012/01/24 15:35:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wksprt.exe
[2012/01/24 15:35:32 | 000,190,976 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\ks.sys
[2012/01/24 15:35:31 | 000,516,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\main.cpl
[2012/01/24 15:35:31 | 000,226,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MSAC3ENC.DLL
[2012/01/24 15:35:31 | 000,186,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\adsldp.dll
[2012/01/24 15:35:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netjoin.dll
[2012/01/24 15:35:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\fdeploy.dll
[2012/01/24 15:35:30 | 002,130,944 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\networkmap.dll
[2012/01/24 15:35:30 | 000,414,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mspbda.dll
[2012/01/24 15:35:30 | 000,320,512 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Faultrep.dll
[2012/01/24 15:35:29 | 000,395,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\prnfldr.dll
[2012/01/24 15:35:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wusa.exe
[2012/01/24 15:35:29 | 000,312,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2012/01/24 15:35:28 | 000,755,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sud.dll
[2012/01/24 15:35:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ActionCenter.dll
[2012/01/24 15:35:28 | 000,218,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\OnLineIDCpl.dll
[2012/01/24 15:35:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sysmon.ocx
[2012/01/24 15:35:27 | 000,325,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\slui.exe
[2012/01/24 15:35:27 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iprtrmgr.dll
[2012/01/24 15:35:27 | 000,266,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MediaMetadataHandler.dll
[2012/01/24 15:35:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskbarcpl.dll
[2012/01/24 15:35:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\defaultlocationcpl.dll
[2012/01/24 15:35:27 | 000,172,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iasrad.dll
[2012/01/24 15:35:27 | 000,137,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\halacpi.dll
[2012/01/24 15:35:27 | 000,129,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorekmts.dll
[2012/01/24 15:35:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dot3cfg.dll
[2012/01/24 15:35:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\hidclass.sys
[2012/01/24 15:35:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskhost.exe
[2012/01/24 15:35:27 | 000,042,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ftp.exe
[2012/01/24 15:35:26 | 000,692,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\bthprops.cpl
[2012/01/24 15:35:26 | 000,577,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wpd_ci.dll
[2012/01/24 15:35:26 | 000,428,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\shwebsvc.dll
[2012/01/24 15:35:26 | 000,345,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\intl.cpl
[2012/01/24 15:35:26 | 000,205,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\efscore.dll
[2012/01/24 15:35:26 | 000,148,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ifsutil.dll
[2012/01/24 15:35:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sisbkup.dll
[2012/01/24 15:35:25 | 000,750,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sdcpl.dll
[2012/01/24 15:35:25 | 000,600,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TabletPC.cpl
[2012/01/24 15:35:25 | 000,537,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ActionCenterCPL.dll
[2012/01/24 15:35:25 | 000,484,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DeviceCenter.dll
[2012/01/24 15:35:25 | 000,295,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\bcdedit.exe
[2012/01/24 15:35:25 | 000,146,944 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\autoplay.dll
[2012/01/24 15:35:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\recovery.dll
[2012/01/24 15:35:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sppnp.dll
[2012/01/24 15:35:25 | 000,058,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpwsx.dll
[2012/01/24 15:35:24 | 000,859,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\OobeFldr.dll
[2012/01/24 15:35:24 | 000,738,816 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmpmde.dll
[2012/01/24 15:35:24 | 000,410,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\systemcpl.dll
[2012/01/24 15:35:24 | 000,210,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\recdisc.exe
[2012/01/24 15:35:24 | 000,151,040 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vdsutil.dll
[2012/01/24 15:35:24 | 000,068,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WSTPager.ax
[2012/01/24 15:35:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\blackbox.dll
[2012/01/24 15:35:23 | 000,656,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\nshwfp.dll
[2012/01/24 15:35:23 | 000,297,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntprint.dll
[2012/01/24 15:35:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sethc.exe
[2012/01/24 15:35:23 | 000,262,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rstrui.exe
[2012/01/24 15:35:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SmartcardCredentialProvider.dll
[2012/01/24 15:35:23 | 000,146,944 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\bcdboot.exe
[2012/01/24 15:35:22 | 000,257,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dpx.dll
[2012/01/24 15:35:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ksproxy.ax
[2012/01/24 15:35:22 | 000,182,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmpsrcwp.dll
[2012/01/24 15:35:22 | 000,107,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\NAPHLPR.DLL
[2012/01/24 15:35:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\migisol.dll
[2012/01/24 15:35:22 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- E:\Windows\System32\fms.dll
[2012/01/24 15:35:21 | 000,805,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\cdosys.dll
[2012/01/24 15:35:21 | 000,346,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\nshipsec.dll
[2012/01/24 15:35:21 | 000,254,976 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wsqmcons.exe
[2012/01/24 15:35:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\AuxiliaryDisplayServices.dll
[2012/01/24 15:35:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\isoburn.exe
[2012/01/24 15:35:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\asycfilt.dll
[2012/01/24 15:35:20 | 000,592,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msftedit.dll
[2012/01/24 15:35:20 | 000,586,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dfrgui.exe
[2012/01/24 15:35:20 | 000,428,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wlanmsm.dll
[2012/01/24 15:35:20 | 000,333,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dot3ui.dll
[2012/01/24 15:35:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ReAgent.dll
[2012/01/24 15:35:20 | 000,222,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wavemsp.dll
[2012/01/24 15:35:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wuwebv.dll
[2012/01/24 15:35:19 | 000,444,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wvc.dll
[2012/01/24 15:35:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wimgapi.dll
[2012/01/24 15:35:19 | 000,198,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sysclass.dll
[2012/01/24 15:35:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ocsetup.exe
[2012/01/24 15:35:19 | 000,047,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzutil.exe
[2012/01/24 15:35:18 | 000,209,920 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PkgMgr.exe
[2012/01/24 15:35:18 | 000,190,976 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qcap.dll
[2012/01/24 15:35:18 | 000,113,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\setupugc.exe
[2012/01/24 15:35:18 | 000,051,200 | ---- | C] (Twain Working Group) -- E:\Windows\twain_32.dll
[2012/01/24 15:35:17 | 000,697,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SmiEngine.dll
[2012/01/24 15:35:17 | 000,293,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ssText3d.scr
[2012/01/24 15:35:17 | 000,257,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\srrstr.dll
[2012/01/24 15:35:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qasf.dll
[2012/01/24 15:35:17 | 000,196,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanconn.dll
[2012/01/24 15:35:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\uxlib.dll
[2012/01/24 15:35:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\slwga.dll
[2012/01/24 15:35:16 | 000,616,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmdrmsdk.dll
[2012/01/24 15:35:16 | 000,211,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DevicePairingFolder.dll
[2012/01/24 15:35:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\nslookup.exe
[2012/01/24 15:35:16 | 000,084,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mciavi32.dll
[2012/01/24 15:35:15 | 000,504,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msscp.dll
[2012/01/24 15:35:15 | 000,402,944 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drmmgrtn.dll
[2012/01/24 15:35:15 | 000,327,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wimserv.exe
[2012/01/24 15:35:15 | 000,276,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\diskraid.exe
[2012/01/24 15:35:15 | 000,186,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpencom.dll
[2012/01/24 15:35:15 | 000,157,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\perfmon.exe
[2012/01/24 15:35:15 | 000,045,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\acppage.dll
[2012/01/24 15:35:14 | 000,327,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\nltest.exe
[2012/01/24 15:35:14 | 000,292,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2012/01/24 15:35:14 | 000,202,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\input.dll
[2012/01/24 15:35:14 | 000,174,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ocsetapi.dll
[2012/01/24 15:35:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\UserAccountControlSettings.dll
[2012/01/24 15:35:14 | 000,046,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\NAPCRYPT.DLL
[2012/01/24 15:35:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vpnikeapi.dll
[2012/01/24 15:35:13 | 001,111,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\onexui.dll
[2012/01/24 15:35:13 | 000,219,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iTVData.dll
[2012/01/24 15:35:13 | 000,210,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxdiagn.dll
[2012/01/24 15:35:13 | 000,198,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wpdwcn.dll
[2012/01/24 15:35:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vdsbas.dll
[2012/01/24 15:35:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\bfsvc.exe
[2012/01/24 15:35:13 | 000,050,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\runonce.exe
[2012/01/24 15:35:12 | 000,242,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\eapp3hst.dll
[2012/01/24 15:35:12 | 000,176,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MFPlay.dll
[2012/01/24 15:35:12 | 000,095,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\logagent.exe
[2012/01/24 15:35:11 | 000,507,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmdrmdev.dll
[2012/01/24 15:35:11 | 000,489,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10level9.dll
[2012/01/24 15:35:11 | 000,117,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\rmcast.sys
[2012/01/24 15:35:11 | 000,108,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\shacct.dll
[2012/01/24 15:35:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PnPUnattend.exe
[2012/01/24 15:35:10 | 000,186,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\bitsadmin.exe
[2012/01/24 15:35:10 | 000,087,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wudriver.dll
[2012/01/24 15:35:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\unimdmat.dll
[2012/01/24 15:35:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lsmproxy.dll
[2012/01/24 15:35:09 | 001,160,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\OpcServices.dll
[2012/01/24 15:35:09 | 000,878,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Bubbles.scr
[2012/01/24 15:35:09 | 000,350,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WPDSp.dll
[2012/01/24 15:35:09 | 000,309,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sqlcese30.dll
[2012/01/24 15:35:09 | 000,183,296 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PortableDeviceSyncProvider.dll
[2012/01/24 15:35:09 | 000,084,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\kstvtune.ax
[2012/01/24 15:35:09 | 000,082,944 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\logman.exe
[2012/01/24 15:35:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tabcal.exe
[2012/01/24 15:35:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncryptui.dll
[2012/01/24 15:35:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpd3d.dll
[2012/01/24 15:35:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iscsium.dll
[2012/01/24 15:35:08 | 000,427,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PortableDeviceStatus.dll
[2012/01/24 15:35:08 | 000,318,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMPhoto.dll
[2012/01/24 15:35:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Mystify.scr
[2012/01/24 15:35:08 | 000,220,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Ribbons.scr
[2012/01/24 15:35:08 | 000,179,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ActionQueue.dll
[2012/01/24 15:35:08 | 000,162,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WUDFPlatform.dll
[2012/01/24 15:35:08 | 000,142,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\powercfg.cpl
[2012/01/24 15:35:08 | 000,132,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MdSched.exe
[2012/01/24 15:35:08 | 000,099,328 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\QSVRMGMT.DLL
[2012/01/24 15:35:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\olethk32.dll
[2012/01/24 15:35:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mapistub.dll
[2012/01/24 15:35:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mapi32.dll
[2012/01/24 15:35:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lpremove.exe
[2012/01/24 15:35:08 | 000,059,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\djoin.exe
[2012/01/24 15:35:08 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanprotdim.dll
[2012/01/24 15:35:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tsgqec.dll
[2012/01/24 15:35:07 | 000,902,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMADMOD.DLL
[2012/01/24 15:35:07 | 000,541,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMVSDECD.DLL
[2012/01/24 15:35:07 | 000,436,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmdrmnet.dll
[2012/01/24 15:35:07 | 000,257,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WindowsAnytimeUpgrade.exe
[2012/01/24 15:35:07 | 000,153,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\VBICodec.ax
[2012/01/24 15:35:07 | 000,115,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dot3msm.dll
[2012/01/24 15:35:07 | 000,109,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wiavideo.dll
[2012/01/24 15:35:07 | 000,107,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Kswdmcap.ax
[2012/01/24 15:35:07 | 000,098,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\fphc.dll
[2012/01/24 15:35:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\takeown.exe
[2012/01/24 15:35:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\utildll.dll
[2012/01/24 15:35:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/01/24 15:35:06 | 000,567,808 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WUDFx.dll
[2012/01/24 15:35:06 | 000,283,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qdv.dll
[2012/01/24 15:35:06 | 000,265,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msnetobj.dll
[2012/01/24 15:35:06 | 000,202,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\unattend.dll
[2012/01/24 15:35:06 | 000,182,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RelPost.exe
[2012/01/24 15:35:06 | 000,128,512 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\EhStorAPI.dll
[2012/01/24 15:35:06 | 000,100,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sppinst.dll
[2012/01/24 15:35:06 | 000,084,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\cmstp.exe
[2012/01/24 15:35:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\QCLIPROV.DLL
[2012/01/24 15:35:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\cca.dll
[2012/01/24 15:35:05 | 000,739,328 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMSPDMOD.DLL
[2012/01/24 15:35:05 | 000,176,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msorcl32.dll
[2012/01/24 15:35:05 | 000,122,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iasrecst.dll
[2012/01/24 15:35:05 | 000,115,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\setupcln.dll
[2012/01/24 15:35:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MuiUnattend.exe
[2012/01/24 15:35:05 | 000,056,832 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vfwwdm32.dll
[2012/01/24 15:35:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wsnmp32.dll
[2012/01/24 15:35:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\umb.dll
[2012/01/24 15:35:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\pdhui.dll
[2012/01/24 15:35:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\basesrv.dll
[2012/01/24 15:35:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\AzSqlExt.dll
[2012/01/24 15:35:04 | 000,144,896 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iscsicli.exe
[2012/01/24 15:35:04 | 000,128,000 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\desk.cpl
[2012/01/24 15:35:04 | 000,047,104 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wkscli.dll
[2012/01/24 15:35:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WavDest.dll
[2012/01/24 15:35:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\relog.exe
[2012/01/24 15:35:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\PrintIsolationProxy.dll

screamineagle
2012-01-31, 12:49
[2012/01/24 15:35:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netiougc.exe
[2012/01/24 15:35:03 | 001,027,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\IMJP10.IME
[2012/01/24 15:35:03 | 000,430,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\FXSTIFF.dll
[2012/01/24 15:35:03 | 000,158,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\itircl.dll
[2012/01/24 15:35:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmpps.dll
[2012/01/24 15:35:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\diskpart.exe
[2012/01/24 15:35:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\secproc_ssp_isv.dll
[2012/01/24 15:35:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\secproc_ssp.dll
[2012/01/24 15:35:03 | 000,070,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\amstream.dll
[2012/01/24 15:35:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\CertPolEng.dll
[2012/01/24 15:35:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spbcd.dll
[2012/01/24 15:35:03 | 000,053,248 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MultiDigiMon.exe
[2012/01/24 15:35:03 | 000,050,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\setbcdlocale.dll
[2012/01/24 15:35:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ksxbar.ax
[2012/01/24 15:35:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netbtugc.exe
[2012/01/24 15:35:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\syssetup.dll
[2012/01/24 15:35:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\nrpsrv.dll
[2012/01/24 15:35:02 | 000,280,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RMActivate_ssp.exe
[2012/01/24 15:35:02 | 000,278,016 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RMActivate_ssp_isv.exe
[2012/01/24 15:35:02 | 000,094,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\eappgnui.dll
[2012/01/24 15:35:02 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tlscsp.dll
[2012/01/24 15:35:02 | 000,062,976 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\findstr.exe
[2012/01/24 15:35:02 | 000,036,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mciqtz32.dll
[2012/01/24 15:35:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wuapp.exe
[2012/01/24 15:35:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wiarpc.dll
[2012/01/24 15:35:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WerFaultSecure.exe
[2012/01/24 15:35:02 | 000,022,016 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ReAgentc.exe
[2012/01/24 15:35:01 | 000,121,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sppc.dll
[2012/01/24 15:35:01 | 000,082,944 | ---- | C] (Radius Inc.) -- E:\Windows\System32\iccvid.dll
[2012/01/24 15:35:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\luainstall.dll
[2012/01/24 15:35:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\usbrpm.sys
[2012/01/24 15:35:01 | 000,022,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\HotStartUserAgent.dll
[2012/01/24 15:35:01 | 000,021,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\tdi.sys
[2012/01/24 15:35:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spopk.dll
[2012/01/24 15:35:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\muifontsetup.dll
[2012/01/24 15:35:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\manage-bde.exe
[2012/01/24 15:35:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\repair-bde.exe
[2012/01/24 15:35:00 | 000,052,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetmib1.dll
[2012/01/24 15:35:00 | 000,045,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\g711codc.ax
[2012/01/24 15:35:00 | 000,034,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\unlodctr.exe
[2012/01/24 15:35:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbisurf.ax
[2012/01/24 15:35:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wdiasqmmodule.dll
[2012/01/24 15:35:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msdmo.dll
[2012/01/24 15:35:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\netcfg.exe
[2012/01/24 15:35:00 | 000,021,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdprefdrvapi.dll
[2012/01/24 15:34:59 | 001,164,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\UIRibbonRes.dll
[2012/01/24 15:34:59 | 000,041,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\browcli.dll
[2012/01/24 15:34:59 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbcconf.dll
[2012/01/24 15:34:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WUDFCoinstaller.dll
[2012/01/24 15:34:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\profprov.dll
[2012/01/24 15:34:59 | 000,027,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wups.dll
[2012/01/24 15:34:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\FXSMON.dll
[2012/01/24 15:34:58 | 000,017,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\perfts.dll
[2012/01/24 15:34:57 | 000,121,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RDPENCDD.dll
[2012/01/24 15:34:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\napdsnap.dll
[2012/01/24 15:34:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dsauth.dll
[2012/01/24 15:34:57 | 000,022,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\elsTrans.dll
[2012/01/24 15:34:57 | 000,021,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TRAPI.dll
[2012/01/24 15:34:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\bitsperf.dll
[2012/01/24 15:34:57 | 000,017,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\schedcli.dll
[2012/01/24 15:34:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sscore.dll
[2012/01/24 15:34:55 | 000,430,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imkr80.ime
[2012/01/24 15:34:55 | 000,036,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wups2.dll
[2012/01/24 15:34:55 | 000,021,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wsdchngr.dll
[2012/01/24 15:34:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\riched32.dll
[2012/01/24 15:34:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcfgex.dll
[2012/01/24 15:34:52 | 000,011,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wshirda.dll
[2012/01/24 15:34:51 | 000,025,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\USBCAMD2.sys
[2012/01/24 15:34:51 | 000,025,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\USBCAMD.sys
[2012/01/24 15:34:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spwmp.dll
[2012/01/24 15:34:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RDPREFDD.dll
[2012/01/24 15:34:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\C_ISCII.DLL
[2012/01/24 15:34:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\shunimpl.dll
[2012/01/24 15:34:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msdxm.ocx
[2012/01/24 15:34:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxmasf.dll
[2012/01/24 15:34:47 | 012,625,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmploc.DLL
[2012/01/24 15:34:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDUS.DLL
[2012/01/24 15:34:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDUGHR1.DLL
[2012/01/24 15:34:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDTURME.DLL
[2012/01/24 15:34:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDTAJIK.DLL
[2012/01/24 15:34:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDINTEL.DLL
[2012/01/24 15:34:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDINKAN.DLL
[2012/01/24 15:34:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDSF.DLL
[2012/01/24 15:34:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDMON.DLL
[2012/01/24 15:34:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDMAORI.DLL
[2012/01/24 15:34:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDLT1.DLL
[2012/01/24 15:34:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDINORI.DLL
[2012/01/24 15:34:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDBULG.DLL
[2012/01/24 15:34:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDBLR.DLL
[2012/01/24 15:34:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDBASH.DLL
[2012/01/24 15:34:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDGEO.DLL
[2012/01/24 15:34:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDSG.DLL
[2012/01/24 15:34:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\kbdlk41a.dll
[2012/01/24 15:34:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDTUQ.DLL
[2012/01/24 15:34:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDTUF.DLL
[2012/01/24 15:34:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDPO.DLL
[2012/01/24 15:34:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDNEPR.DLL
[2012/01/24 15:34:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDINBEN.DLL
[2012/01/24 15:34:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDGR1.DLL
[2012/01/24 15:34:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDGKL.DLL
[2012/01/24 15:34:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDINTAM.DLL
[2012/01/24 15:34:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDINMAR.DLL
[2012/01/24 15:34:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDINHIN.DLL
[2012/01/24 15:34:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\nlsbres.dll
[2012/01/24 15:34:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\BlbEvents.dll
[2012/01/24 15:34:43 | 000,035,328 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\pifmgr.dll
[2012/01/24 15:34:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spwizres.dll
[2012/01/24 15:34:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KBDCZ1.DLL
[2012/01/24 15:34:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dpnaddr.dll
[2012/01/24 15:34:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wdscore.dll
[2012/01/24 15:34:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wbemcomn.dll
[2012/01/24 15:33:57 | 000,189,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sqmapi.dll
[2012/01/24 15:30:11 | 000,148,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\storport.sys
[2012/01/24 15:30:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\fsutil.exe
[2012/01/24 15:28:07 | 000,000,000 | -H-D | C] -- E:\ProgramData\Common Files
[2012/01/24 15:08:39 | 000,284,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\usbport.sys
[2012/01/24 15:08:37 | 000,005,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\usbd.sys
[2012/01/24 15:08:26 | 000,314,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\webio.dll
[2012/01/24 15:08:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sspisrv.dll
[2012/01/24 15:07:08 | 000,000,000 | ---D | C] -- E:\ProgramData\MFAData
[2012/01/24 15:00:18 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/01/24 14:59:48 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft IntelliPoint
[2012/01/24 14:58:54 | 000,000,000 | ---D | C] -- E:\Windows\PCHEALTH
[2012/01/24 14:52:20 | 000,000,000 | ---D | C] -- E:\Windows\System32\Wat
[2012/01/24 05:31:54 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft.NET
[2012/01/24 05:27:47 | 000,000,000 | -HSD | C] -- E:\Windows\Installer
[2012/01/24 05:02:56 | 000,000,000 | ---D | C] -- E:\ProgramData\NVIDIA
[2012/01/24 05:02:47 | 003,693,672 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcpl.dll
[2012/01/24 05:02:47 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvsvcr.dll
[2012/01/24 05:02:47 | 002,557,544 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvsvc.dll
[2012/01/24 05:02:47 | 000,543,336 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\easyupdatusapiu.dll
[2012/01/24 05:02:47 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvmctray.dll
[2012/01/24 05:02:47 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvshext.dll
[2012/01/24 05:01:35 | 000,000,000 | ---D | C] -- E:\ProgramData\NVIDIA Corporation
[2012/01/24 05:01:30 | 000,000,000 | ---D | C] -- E:\Program Files\NVIDIA Corporation
[2012/01/24 04:56:04 | 000,870,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XpsPrint.dll
[2012/01/24 04:54:40 | 001,549,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tquery.dll
[2012/01/24 04:54:40 | 001,401,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mssrch.dll
[2012/01/24 04:54:39 | 000,666,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mssvp.dll
[2012/01/24 04:54:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mssph.dll
[2012/01/24 04:54:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mssphtb.dll
[2012/01/24 04:54:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msscntrs.dll
[2012/01/24 04:54:36 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2012/01/24 04:54:36 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2012/01/24 04:54:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/01/24 04:54:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/01/24 04:54:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/24 04:54:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/24 04:54:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/24 04:54:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/01/24 04:54:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/01/24 04:54:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/01/24 04:54:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/24 04:54:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/01/24 04:54:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/01/24 04:54:31 | 001,076,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DWrite.dll
[2012/01/24 04:54:31 | 000,739,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d2d1.dll
[2012/01/24 04:54:26 | 000,187,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/01/24 04:54:12 | 001,328,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\quartz.dll
[2012/01/24 04:54:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qdvd.dll
[2012/01/24 04:54:02 | 000,465,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\psisdecd.dll
[2012/01/24 04:54:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MSNP.ax
[2012/01/24 04:54:02 | 000,075,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\psisrndr.ax
[2012/01/24 04:54:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Mpeg2Data.ax
[2012/01/24 04:54:01 | 000,059,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MSDvbNP.ax
[2012/01/24 04:53:55 | 000,850,944 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\sbe.dll
[2012/01/24 04:53:55 | 000,642,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\CPFilters.dll
[2012/01/24 04:53:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mpg2splt.ax
[2012/01/24 04:53:52 | 000,319,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbcjt32.dll
[2012/01/24 04:53:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbctrac.dll
[2012/01/24 04:53:51 | 000,122,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccp32.dll
[2012/01/24 04:53:51 | 000,086,016 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccu32.dll
[2012/01/24 04:53:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccr32.dll
[2012/01/24 04:53:50 | 000,534,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\EncDec.dll
[2012/01/24 04:53:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[2012/01/24 04:53:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\packager.dll
[2012/01/24 04:53:39 | 000,288,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XpsGdiConverter.dll
[2012/01/24 04:53:38 | 003,967,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2012/01/24 04:53:38 | 003,912,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2012/01/24 04:53:34 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- E:\Windows\System32\atmfd.dll
[2012/01/24 04:53:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\fontsub.dll
[2012/01/24 04:53:34 | 000,034,304 | ---- | C] (Adobe Systems) -- E:\Windows\System32\atmlib.dll
[2012/01/24 04:53:28 | 000,802,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WFS.exe
[2012/01/24 04:53:28 | 000,191,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\FXSCOVER.exe
[2012/01/24 04:53:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dnscacheugc.exe
[2012/01/24 04:53:09 | 002,342,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2012/01/24 04:53:04 | 000,219,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10_1core.dll
[2012/01/24 04:53:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10_1.dll
[2012/01/24 04:53:00 | 000,123,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\poqexec.exe
[2012/01/24 04:52:54 | 002,616,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\explorer.exe
[2012/01/24 04:52:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\csrsrv.dll
[2012/01/24 04:52:46 | 001,164,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mfc42u.dll
[2012/01/24 04:52:46 | 001,137,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mfc42.dll
[2012/01/24 04:52:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\prevhost.exe
[2012/01/24 04:38:49 | 000,219,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\dxgmms1.sys
[2012/01/24 04:38:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\cdd.dll
[2012/01/24 04:38:47 | 000,027,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\Diskdump.sys
[2012/01/24 04:32:49 | 000,000,000 | R--D | C] -- E:\Users\Maximus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/24 04:32:49 | 000,000,000 | R--D | C] -- E:\Users\Maximus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/24 04:32:48 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Searches
[2012/01/24 04:32:48 | 000,000,000 | -H-D | C] -- E:\Users\Maximus\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/01/24 04:32:34 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Roaming\Identities
[2012/01/24 04:32:28 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Contacts
[2012/01/24 04:32:18 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Local\VirtualStore
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\AppData\Local\Temporary Internet Files
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Templates
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Start Menu
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\SendTo
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Recent
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\PrintHood
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\NetHood
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Documents\My Videos
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Documents\My Pictures
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Documents\My Music
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\My Documents
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Local Settings
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\AppData\Local\History
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Cookies
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\Application Data
[2012/01/24 04:32:14 | 000,000,000 | -HSD | C] -- E:\Users\Maximus\AppData\Local\Application Data
[2012/01/24 04:32:13 | 000,000,000 | --SD | C] -- E:\Users\Maximus\AppData\Roaming\Microsoft
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Videos
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Saved Games
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Pictures
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Music
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Links
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Favorites
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Downloads
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Documents
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\Desktop
[2012/01/24 04:32:13 | 000,000,000 | R--D | C] -- E:\Users\Maximus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/24 04:32:13 | 000,000,000 | -H-D | C] -- E:\Users\Maximus\AppData
[2012/01/24 04:32:13 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Local\Temp
[2012/01/24 04:32:13 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Local\Microsoft
[2012/01/24 04:32:13 | 000,000,000 | ---D | C] -- E:\Users\Maximus\AppData\Roaming\Media Center Programs
[2012/01/23 22:58:54 | 000,000,000 | ---D | C] -- E:\Windows\SoftwareDistribution
[2012/01/23 22:56:21 | 000,000,000 | ---D | C] -- E:\Windows\Prefetch
[2012/01/23 22:53:54 | 000,000,000 | ---D | C] -- E:\Windows\Panther
[2012/01/23 22:37:55 | 000,000,000 | ---D | C] -- E:\Windows.old
[2012/01/23 21:14:28 | 000,236,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe

========== Files - Modified Within 30 Days ==========

[2012/01/31 04:32:18 | 087,817,706 | ---- | M] () -- E:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/31 04:30:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Users\Maximus\Desktop\OTL.exe
[2012/01/31 04:28:17 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/01/31 04:28:17 | 000,012,752 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 04:28:17 | 000,012,752 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 18:40:58 | 000,080,384 | ---- | M] () -- E:\Users\Maximus\Desktop\MBRCheck.exe
[2012/01/30 17:34:22 | 000,000,512 | ---- | M] () -- E:\Users\Maximus\Desktop\MBR.dat
[2012/01/30 16:04:46 | 004,733,440 | ---- | M] (AVAST Software) -- E:\Users\Maximus\Desktop\aswMBR.exe
[2012/01/30 15:52:05 | 000,623,940 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/01/30 15:52:05 | 000,106,316 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/01/28 07:07:55 | 000,007,575 | ---- | M] () -- E:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/27 16:21:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/26 20:41:13 | 1609,666,560 | -HS- | M] () -- E:\hiberfil.sys
[2012/01/25 15:52:05 | 000,001,067 | ---- | M] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 20:06:02 | 000,440,287 | R--- | M] () -- E:\Windows\System32\drivers\etc\hosts
[2012/01/24 19:50:08 | 000,001,240 | ---- | M] () -- E:\Users\Maximus\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/24 18:50:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/24 17:28:00 | 000,001,096 | ---- | M] () -- E:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/24 17:25:27 | 000,268,184 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/01/24 17:13:35 | 000,000,935 | ---- | M] () -- E:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/24 16:52:39 | 000,001,407 | ---- | M] () -- E:\Users\Maximus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/24 16:36:19 | 000,152,576 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msclmd.dll
[2012/01/24 16:14:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/24 16:14:35 | 000,161,792 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2012/01/24 16:14:35 | 000,065,024 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2012/01/24 16:14:33 | 000,176,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/01/24 16:14:33 | 000,162,304 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2012/01/24 16:14:33 | 000,130,560 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieakeng.dll
[2012/01/24 16:14:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2012/01/24 16:14:33 | 000,086,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2012/01/24 16:14:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2012/01/24 16:14:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2012/01/24 16:14:33 | 000,041,472 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2012/01/24 16:14:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2012/01/24 16:14:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2012/01/24 16:14:32 | 000,223,232 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2012/01/24 16:14:31 | 003,695,416 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2012/01/24 16:14:31 | 000,353,792 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2012/01/24 16:14:30 | 001,427,456 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/01/24 16:14:30 | 000,434,176 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2012/01/24 16:14:30 | 000,353,584 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2012/01/24 16:14:30 | 000,231,936 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/01/24 16:14:30 | 000,078,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2012/01/24 16:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2012/01/24 16:14:30 | 000,074,240 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2012/01/24 16:14:30 | 000,072,822 | ---- | M] () -- E:\Windows\System32\ieuinit.inf
[2012/01/24 16:14:30 | 000,031,744 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2012/01/24 16:14:30 | 000,023,552 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2012/01/24 16:14:29 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2012/01/24 16:14:29 | 001,798,144 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/01/24 16:14:29 | 000,580,608 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/01/24 16:14:29 | 000,227,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieaksie.dll
[2012/01/24 16:14:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieakui.dll
[2012/01/24 16:14:29 | 000,152,064 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2012/01/24 16:14:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2012/01/24 16:14:29 | 000,142,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/01/24 16:14:29 | 000,118,784 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2012/01/24 16:14:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\admparse.dll
[2012/01/24 16:14:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2012/01/24 16:14:29 | 000,035,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2012/01/24 15:00:18 | 000,000,000 | -H-- | M] () -- E:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012/01/23 22:57:52 | 000,000,000 | -H-- | M] () -- E:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/23 22:53:41 | 000,008,192 | RHS- | M] () -- E:\BOOTSECT.BAK
[2012/01/23 21:01:26 | 000,041,962 | ---- | M] () -- E:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2012/01/31 04:32:18 | 087,817,706 | ---- | C] () -- E:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/30 18:40:54 | 000,080,384 | ---- | C] () -- E:\Users\Maximus\Desktop\MBRCheck.exe
[2012/01/30 17:34:22 | 000,000,512 | ---- | C] () -- E:\Users\Maximus\Desktop\MBR.dat
[2012/01/28 07:07:55 | 000,007,575 | ---- | C] () -- E:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/25 15:52:05 | 000,001,067 | ---- | C] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 19:50:08 | 000,001,240 | ---- | C] () -- E:\Users\Maximus\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/24 17:27:59 | 000,001,096 | ---- | C] () -- E:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/24 17:27:58 | 000,001,108 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/24 17:13:35 | 000,000,935 | ---- | C] () -- E:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/24 16:14:30 | 000,072,822 | ---- | C] () -- E:\Windows\System32\ieuinit.inf
[2012/01/24 15:36:40 | 000,146,852 | ---- | C] () -- E:\Windows\System32\systemsf.ebd
[2012/01/24 15:34:58 | 000,010,429 | ---- | C] () -- E:\Windows\System32\ScavengeSpace.xml
[2012/01/24 15:34:41 | 000,105,559 | ---- | C] () -- E:\Windows\System32\RacRules.xml
[2012/01/24 15:03:09 | 000,001,407 | ---- | C] () -- E:\Users\Maximus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/24 15:00:18 | 000,000,000 | -H-- | C] () -- E:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012/01/24 04:32:51 | 000,001,413 | ---- | C] () -- E:\Users\Maximus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/24 04:32:14 | 000,000,290 | ---- | C] () -- E:\Users\Maximus\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/24 04:32:14 | 000,000,272 | ---- | C] () -- E:\Users\Maximus\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/23 22:57:52 | 000,000,000 | -H-- | C] () -- E:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/23 22:54:52 | 1609,666,560 | -HS- | C] () -- E:\hiberfil.sys
[2012/01/23 21:01:05 | 000,001,345 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/23 21:00:52 | 000,001,326 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,268,184 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,623,940 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,316 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/24 17:14:35 | 000,000,000 | ---D | M] -- E:\Users\Maximus\AppData\Roaming\AVG2012
[2009/07/13 22:53:46 | 000,003,864 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

screamineagle
2012-01-31, 12:54
It does not look like OTL created an extras.txt file and I am unable to find an OTL folder?

Thanks,

Kevin

ken545
2012-01-31, 14:17
Thats fine, let me see a picture of your Disk Management, You can right click on the picture and save it to your desktop and than attach it in your next reply


Click on the Start button and then choose Control Panel.

Click on the System and Security link.

Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.

In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.

In the Administrative Tools window, double-click on the Computer Management icon.

When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

screamineagle
2012-01-31, 23:07
Sorry Ken, it won't let me right click or paste print screen? I see 3 disks
Disk0 Basic 149.05GB 9MB online IDE MBR
Disk1 Removable(C:) 0MB )mb No Media USB MBR
CD_ROM0 DVD(D:) )MB )MB No Media IDE MBR

with the 9 MB on disk 0 showing as Unallocated Space. Does this help?

ken545
2012-01-31, 23:25
Thats fine, I was looking for a hidden partition but dont see one

See if this free online scanner will work

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

http://www.eset.com/onlinescan/

screamineagle
2012-02-02, 01:06
Hi Ken,
30 minutes ago the timer on eset rolled from 2400 to zero. 2 hours ago it appeared to still be looking at files. It has been at 99% all day. Now it is stuck on a file named USA_Canada_and_Mexico_P.zip with no threats found?
Kevin

screamineagle
2012-02-02, 01:08
As I hit submit, it started scanning 256048 files scanned.

ken545
2012-02-02, 01:36
Lets try to run Malwarebytes again

Run this program first

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.




1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

screamineagle
2012-02-02, 01:38
Should I stop eset?

ken545
2012-02-02, 02:19
Yes, you said it found no threats, we can run it again later or try a different one

screamineagle
2012-02-02, 02:33
I can get rkill to run. Sometimes it finds nothing. Sometimes it finds below.
This log file is located at E:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/01/2012 at 18:22:59.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

E:\Windows\system32\SearchProtocolHost.exe
E:\Windows\system32\SearchFilterHost.exe
E:\Windows\System32\InfDefaultInstall.exe
E:\Windows\system32\runonce.exe


Rkill completed on 02/01/2012 at 18:23:20.

When I dnld and run mbam install as admin it installs, when the install completes it looks like an update window pops up for 1/2 sec then goes away. Then a window pops that says mbam out of date xx days do you want to update, if I click yes the update window shows for 1/2 sec then disappears, if I click no on the update, mbam opens. If I go into mbam and click on the update tab, the update window pops again for 1/2 sec then mbam goes away. If I open mbam and try a scan it immediately closes. This is what I tried the day I discovered the emails had been sent and it is still the same?

ken545
2012-02-02, 02:55
Lets see if Combofix will run, try it in normal windows and if it wont run boot to safemode


To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)






Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

screamineagle
2012-02-02, 04:52
This is getting disheartening, I don't feel like I have been able to give you anything to even look at. Kinda reenforces my scorched earth take on it in the beginning. If this had not required two installs, XP then the 7 upgrade, it would be done.
I'm posting this from a netbook. The infected machine dnld'd combofix and fired it up in normal mode with no trouble. It states typically a 10 minute run maybe double. In 45 minutes that's still what it said so I booted into safe mode and It has been running for 25 minutes in the same condition with no HD activity.

screamineagle
2012-02-02, 05:37
One last thing tonight, I am locked out of my documents and settings folder now also?

ken545
2012-02-02, 11:18
I think at this point since you have your windows disk you should use it to do a System Repair, what this will do is reinstall windows on top of your current copy and fix things in the process, I can link you to a good windows forum that can help you with this so its done properly. Just tell them I suggested a system repair since we really cant get much to run, you can link them to this thread so they can see what we have done, once its finished, run DDS and post the log

http://forums.whatthetech.com/index.php?showforum=119


Download DDS from one of the links below to your desktop

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)


Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)