What is this malware PUP.BundleInstall

[lcyber]

[2012/06/15 19:19:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2012/06/15 19:19:46 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012/06/15 19:19:46 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2012/06/15 19:19:46 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2012/06/15 19:19:46 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012/06/15 19:19:46 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012/06/15 19:19:46 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2012/06/15 19:19:46 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2012/06/15 19:19:45 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012/06/15 19:19:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2012/06/15 19:19:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012/06/15 19:19:45 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2012/06/15 19:19:45 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012/06/15 19:19:45 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2012/06/15 19:19:45 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012/06/15 19:19:45 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012/06/15 19:19:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2012/06/15 19:19:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2012/06/15 19:19:44 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2012/06/15 19:19:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012/06/15 19:19:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012/06/15 19:19:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012/06/15 19:19:43 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012/06/15 19:19:43 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/06/15 19:19:43 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012/06/15 19:19:43 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2012/06/15 19:19:43 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2012/06/15 19:19:43 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2012/06/15 19:19:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2012/06/15 19:19:42 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2012/06/15 19:19:42 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2012/06/15 19:19:42 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2012/06/15 19:19:42 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012/06/15 19:19:42 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2012/06/15 19:19:41 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/06/15 19:19:41 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2012/06/15 19:19:41 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2012/06/15 19:19:41 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2012/06/15 19:19:40 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2012/06/15 19:19:40 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012/06/15 19:19:40 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012/06/15 19:19:40 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2012/06/15 19:19:40 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012/06/15 19:19:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2012/06/15 19:19:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2012/06/15 19:19:39 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2012/06/15 19:19:39 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012/06/15 19:19:39 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012/06/15 19:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2012/06/15 19:19:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dl l
[2012/06/15 19:19:39 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2012/06/15 19:19:38 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012/06/15 19:19:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2012/06/15 19:19:38 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2012/06/15 19:19:38 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2012/06/15 19:19:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2012/06/15 19:19:38 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012/06/15 19:19:37 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/06/15 19:19:37 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2012/06/15 19:19:37 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012/06/15 19:19:37 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2012/06/15 19:19:37 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2012/06/15 19:19:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/06/15 19:19:36 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012/06/15 19:19:36 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/06/15 19:19:36 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2012/06/15 19:19:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2012/06/15 19:19:36 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2012/06/15 19:19:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2012/06/15 19:19:35 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2012/06/15 19:19:35 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2012/06/15 19:19:35 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2012/06/15 19:19:35 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012/06/15 19:19:35 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012/06/15 19:19:35 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2012/06/15 19:19:34 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2012/06/15 19:19:34 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012/06/15 19:19:33 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012/06/15 19:19:33 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2012/06/15 19:19:33 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2012/06/15 19:19:33 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2012/06/15 19:19:33 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012/06/15 19:19:32 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2012/06/15 19:19:32 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2012/06/15 19:19:32 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2012/06/15 19:19:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2012/06/15 19:19:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/06/15 19:19:31 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012/06/15 19:19:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2012/06/15 19:19:31 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012/06/15 19:19:31 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/06/15 19:19:30 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2012/06/15 19:19:29 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012/06/15 19:19:29 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2012/06/15 19:19:29 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012/06/15 19:19:29 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/06/15 19:19:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2012/06/15 19:19:28 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012/06/15 19:19:28 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012/06/15 19:19:28 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2012/06/15 19:19:27 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2012/06/15 19:19:27 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.e xe
[2012/06/15 19:19:27 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2012/06/15 19:19:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2012/06/15 19:19:27 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2012/06/15 19:19:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2012/06/15 19:19:26 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2012/06/15 19:19:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2012/06/15 19:19:26 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2012/06/15 19:19:26 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2012/06/15 19:19:25 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/06/15 19:19:25 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/06/15 19:19:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012/06/15 19:19:25 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2012/06/15 19:19:24 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012/06/15 19:19:24 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2012/06/15 19:19:24 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/06/15 19:19:23 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2012/06/15 19:19:23 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/06/15 19:19:23 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2012/06/15 19:19:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2012/06/15 19:19:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012/06/15 19:19:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2012/06/15 19:19:22 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2012/06/15 19:19:22 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2012/06/15 19:19:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2012/06/15 19:19:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2012/06/15 19:19:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2012/06/15 19:19:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2012/06/15 19:19:21 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/06/15 19:19:21 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2012/06/15 19:19:21 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/06/15 19:19:21 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2012/06/15 19:19:21 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/06/15 19:19:21 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2012/06/15 19:19:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2012/06/15 19:19:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012/06/15 19:19:21 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2012/06/15 19:19:21 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012/06/15 19:19:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2012/06/15 19:19:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2012/06/15 19:19:20 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2012/06/15 19:19:20 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2012/06/15 19:19:20 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2012/06/15 19:19:20 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2012/06/15 19:19:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2012/06/15 19:19:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2012/06/15 19:19:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2012/06/15 19:19:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2012/06/15 19:19:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/06/15 19:19:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2012/06/15 19:19:19 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/06/15 19:19:19 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012/06/15 19:19:19 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2012/06/15 19:19:19 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012/06/15 19:19:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2012/06/15 19:19:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2012/06/15 19:19:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2012/06/15 19:19:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2012/06/15 19:19:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyCon trol.exe
[2012/06/15 19:19:18 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012/06/15 19:19:18 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2012/06/15 19:19:18 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2012/06/15 19:19:18 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012/06/15 19:19:18 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2012/06/15 19:19:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012/06/15 19:19:17 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/06/15 19:19:17 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2012/06/15 19:19:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2012/06/15 19:19:17 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2012/06/15 19:19:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2012/06/15 19:19:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2012/06/15 19:19:16 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2012/06/15 19:19:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2012/06/15 19:19:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2012/06/15 19:19:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012/06/15 19:19:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2012/06/15 19:19:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2012/06/15 19:19:15 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/06/15 19:19:15 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2012/06/15 19:19:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/06/15 19:19:15 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2012/06/15 19:19:15 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2012/06/15 19:19:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2012/06/15 19:19:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2012/06/15 19:19:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2012/06/15 19:19:15 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2012/06/15 19:19:14 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2012/06/15 19:19:14 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2012/06/15 19:19:14 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeHdCfg.exe
[2012/06/15 19:19:14 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2012/06/15 19:19:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2012/06/15 19:19:14 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2012/06/15 19:19:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2012/06/15 19:19:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2012/06/15 19:19:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2012/06/15 19:19:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2012/06/15 19:19:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/06/15 19:19:13 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2012/06/15 19:19:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2012/06/15 19:19:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2012/06/15 19:19:13 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2012/06/15 19:19:13 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2012/06/15 19:19:12 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012/06/15 19:19:12 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2012/06/15 19:19:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2012/06/15 19:19:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/06/15 19:19:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2012/06/15 19:19:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2012/06/15 19:19:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2012/06/15 19:19:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2012/06/15 19:19:12 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2012/06/15 19:19:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2012/06/15 19:19:12 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2012/06/15 19:19:11 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2012/06/15 19:19:11 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/06/15 19:19:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2012/06/15 19:19:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2012/06/15 19:19:11 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2012/06/15 19:19:11 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2012/06/15 19:19:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2012/06/15 19:19:11 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2012/06/15 19:19:10 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/06/15 19:19:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2012/06/15 19:19:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2012/06/15 19:19:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2012/06/15 19:19:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2012/06/15 19:19:10 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2012/06/15 19:19:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2012/06/15 19:19:10 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2012/06/15 19:19:10 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2012/06/15 19:19:09 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2012/06/15 19:19:09 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/06/15 19:19:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2012/06/15 19:19:09 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2012/06/15 19:19:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2012/06/15 19:19:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2012/06/15 19:19:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2012/06/15 19:19:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2012/06/15 19:19:08 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2012/06/15 19:19:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2012/06/15 19:19:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2012/06/15 19:19:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2012/06/15 19:19:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2012/06/15 19:19:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2012/06/15 19:19:08 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2012/06/15 19:19:08 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2012/06/15 19:19:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2012/06/15 19:19:07 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2012/06/15 19:19:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2012/06/15 19:19:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/06/15 19:19:07 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2012/06/15 19:19:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2012/06/15 19:19:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2012/06/15 19:19:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2012/06/15 19:19:06 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/06/15 19:19:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2012/06/15 19:19:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/06/15 19:19:06 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2012/06/15 19:19:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2012/06/15 19:19:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2012/06/15 19:19:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2012/06/15 19:19:05 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2012/06/15 19:19:04 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2012/06/15 19:19:04 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2012/06/15 19:19:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2012/06/15 19:19:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2012/06/15 19:19:04 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2012/06/15 19:19:03 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2012/06/15 19:19:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2012/06/15 19:19:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2012/06/15 19:19:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2012/06/15 19:19:01 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2012/06/15 19:19:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2012/06/15 19:19:00 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2012/06/15 19:19:00 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2012/06/15 19:19:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2012/06/15 19:18:59 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2012/06/15 19:18:59 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2012/06/15 19:18:59 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2012/06/15 19:18:59 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2012/06/15 19:18:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2012/06/15 19:18:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2012/06/15 19:18:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2012/06/15 19:18:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/06/15 19:18:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2012/06/15 19:18:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/06/15 19:18:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/06/15 19:18:57 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/06/15 19:18:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2012/06/15 19:18:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2012/06/15 19:18:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2012/06/15 19:18:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2012/06/15 19:18:55 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2012/06/15 19:18:55 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2012/06/15 19:18:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2012/06/15 19:18:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2012/06/15 19:18:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2012/06/15 19:18:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2012/06/15 19:18:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2012/06/15 19:18:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2012/06/15 19:18:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2012/06/15 19:18:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2012/06/15 19:18:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2012/06/15 19:18:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2012/06/15 19:18:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2012/06/15 19:18:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2012/06/15 19:18:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2012/06/15 19:18:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2012/06/15 19:18:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2012/06/15 19:18:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2012/06/15 19:18:47 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2012/06/15 19:18:37 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2012/06/15 19:18:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2012/06/15 19:12:52 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/15 18:57:55 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/15 18:57:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/15 18:57:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/15 18:57:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/15 18:57:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012/06/15 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{7757A2D4-409F-429E-8D4D-11F8AC68A339}
[2012/06/15 14:03:07 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{96873434-295F-4376-AE12-4870A3F38A2B}
[2012/06/14 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{99EB61E5-91A0-4808-AE60-E7679C95A3B6}
[2012/06/14 09:47:47 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/06/14 09:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/06/14 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4E5D503E-027E-48E6-A7D0-61798049E6F4}
[2012/06/14 09:02:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{A747A92A-A1D6-44E3-9EEC-9F1D1E095FA1}
[2012/06/13 09:52:01 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{CFC13B0C-09CB-4062-8EC5-D2D138539468}
[2012/06/13 09:51:58 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{CBFD6E9C-ABD1-4C6D-A29D-EDCE8C673509}
[2012/06/13 08:51:01 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4A73084A-16F6-4C60-A8C5-6A9C83D638B0}
[2012/06/12 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{C8BA8250-6D26-4734-90B8-1543623099F7}
[2012/06/12 12:55:49 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{D2FBD545-3199-4AA0-A5F2-1B1E93FC007E}
[2012/06/12 12:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/06/12 09:00:03 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{977D68EB-2801-4A4D-9FDE-A563BFE5416C}
[2012/06/11 21:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/11 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/11 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/11 20:44:45 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\SpoofStick
[2012/06/11 20:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpoofStick
[2012/06/11 20:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\CoreStreet
[2012/06/11 17:57:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/06/11 12:58:02 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{352A10C3-8045-4C0B-AB1E-F747E415001B}
[2012/06/11 12:57:59 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{0D4FFF86-0145-4272-BA6C-76B2262F28E5}
[2012/06/10 16:21:07 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6CB57E40-8C02-430F-9B0F-573E6BAB31D4}
[2012/06/10 12:24:19 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{7B9CED48-DF53-4932-82DB-BE3350C9B535}
[2012/06/09 09:58:38 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{E50128DD-9070-4D8D-AE4D-48817F285694}
[2012/06/09 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{A59837ED-34FC-4CA5-A473-BB6A805DB82B}
[2012/06/08 12:14:31 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{15546280-9B54-4512-A7EF-7EC4C7B91C7C}
[2012/06/08 12:14:28 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{215DD372-8538-4ACD-A095-77CC524E1879}
[2012/06/08 11:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/06/08 11:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/08 02:36:04 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{ECA8BAB3-5DB7-4036-8BDE-172F9BE0BCB1}
[2012/06/07 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{760EE795-E575-4ED1-AFAB-0C2553154A6E}
[2012/06/07 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6F6D4620-AC33-4307-A0EF-538A56C84AE9}
[2012/06/07 10:07:21 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/07 10:07:21 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/07 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/06/06 23:02:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{34B2FBA2-0681-48FD-A51E-76AAC8245EB5}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 10:56:22 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 10:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 10:43:06 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 10:43:06 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 10:40:28 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/06 10:40:28 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/06 10:36:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 10:35:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 10:35:39 | 2608,979,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 23:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181556996-2781344761-3558778553-1000UA.job
[2012/07/05 20:26:54 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk
[2012/07/05 20:26:54 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/07/05 19:01:00 | 000,000,482 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2012/07/05 18:55:25 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Driver Manager.lnk
[2012/07/05 04:17:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181556996-2781344761-3558778553-1000Core.job
[2012/07/01 22:18:45 | 000,002,353 | ---- | M] () -- C:\Users\Ron\Desktop\Google Chrome.lnk
[2012/06/28 23:25:41 | 000,145,873 | ---- | M] () -- C:\Users\Ron\Documents\dressing table.JPG
[2012/06/28 23:17:08 | 000,158,789 | ---- | M] () -- C:\Users\Ron\Documents\P1020003wardrobe.JPG
[2012/06/28 22:58:47 | 000,000,519 | ---- | M] () -- C:\Users\Ron\Desktop\Revo Uninstaller.lnk
[2012/06/28 20:32:36 | 000,016,731 | ---- | M] () -- C:\Users\Ron\Documents\Untitled 1.odt
[2012/06/28 06:08:52 | 004,855,968 | ---- | M] () -- C:\Users\Ron\Documents\q10.JPG
[2012/06/27 19:41:07 | 000,212,402 | ---- | M] () -- C:\Users\Ron\Documents\council conplaint swimming pool.png
[2012/06/26 20:47:58 | 000,003,584 | ---- | M] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 20:46:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_010 07.Wdf
[2012/06/26 20:46:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_ 01007.Wdf
[2012/06/26 20:45:58 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/20 18:22:36 | 000,000,744 | ---- | M] () -- C:\Users\Ron\Desktop\video Chimpanzee bottle feeds tiger cubs at Thai zoo - Telegraph.url
[2012/06/19 03:21:31 | 000,293,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/16 12:34:54 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/06/13 12:59:22 | 000,002,044 | ---- | M] () -- C:\Users\Ron\Desktop\Rising Antivirus.lnk
[2012/06/13 09:11:42 | 000,001,562 | ---- | M] () -- C:\Users\Ron\Desktop\P1010318 - Shortcut.lnk
[2012/06/13 08:41:51 | 000,012,909 | ---- | M] () -- C:\Users\Ron\Documents\find desktop pics.odt
[2012/06/12 11:58:39 | 000,001,867 | ---- | M] () -- C:\Users\Ron\Desktop\Microsoft Fix*it.lnk
[2012/06/12 10:42:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2012/06/11 22:24:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/11 22:24:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/06/11 22:22:25 | 000,000,493 | ---- | M] () -- C:\Windows\wininit.ini
[2012/06/11 21:52:44 | 000,000,675 | ---- | M] () -- C:\Users\Ron\Desktop\Spybot - Search & Destroy.lnk
[2012/06/11 20:49:21 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/11 20:40:26 | 000,000,122 | ---- | M] () -- C:\Users\Ron\Desktop\What's On Now.url
[2012/06/11 20:40:16 | 000,000,127 | ---- | M] () -- C:\Users\Ron\Desktop\Internet Radio Guide.url
[2012/06/11 20:40:07 | 000,000,127 | ---- | M] () -- C:\Users\Ron\Desktop\Fox News.url
[2012/06/11 20:39:12 | 000,000,980 | ---- | M] () -- C:\Users\Ron\Desktop\mrtstub - Shortcut.lnk
[2012/06/11 19:19:48 | 000,001,293 | ---- | M] () -- C:\Users\Ron\Desktop\PC280652 persian rug - Shortcut.lnk
[2012/06/11 19:03:18 | 000,001,594 | ---- | M] () -- C:\Users\Ron\Desktop\Google Earth.lnk
[2012/06/11 15:54:51 | 000,001,530 | ---- | M] () -- C:\Users\Ron\Desktop\Microsoft Support.png
[2012/06/10 16:22:48 | 000,001,935 | ---- | M] () -- C:\Users\Ron\Desktop\Command Prompt.lnk
[2012/06/08 11:52:08 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/06/07 10:07:21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/07 10:07:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 20:26:54 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk
[2012/07/05 20:24:17 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/07/05 19:01:00 | 000,000,482 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2012/07/05 18:54:16 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Driver Manager.lnk
[2012/06/28 23:25:15 | 000,145,873 | ---- | C] () -- C:\Users\Ron\Documents\dressing table.JPG
[2012/06/28 23:17:19 | 000,158,789 | ---- | C] () -- C:\Users\Ron\Documents\P1020003wardrobe.JPG
[2012/06/28 22:58:47 | 000,000,519 | ---- | C] () -- C:\Users\Ron\Desktop\Revo Uninstaller.lnk
[2012/06/28 20:32:32 | 000,016,731 | ---- | C] () -- C:\Users\Ron\Documents\Untitled 1.odt
[2012/06/28 20:20:54 | 004,855,968 | ---- | C] () -- C:\Users\Ron\Documents\q10.JPG
[2012/06/27 19:40:16 | 000,212,402 | ---- | C] () -- C:\Users\Ron\Documents\council conplaint swimming pool.png
[2012/06/26 20:47:58 | 000,003,584 | ---- | C] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 20:46:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_010 07.Wdf
[2012/06/26 20:46:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_ 01007.Wdf
[2012/06/26 20:45:58 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/15 19:20:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/06/15 19:20:44 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/06/15 19:19:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/06/15 19:19:05 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012/06/15 19:18:54 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012/06/13 12:59:22 | 000,002,044 | ---- | C] () -- C:\Users\Ron\Desktop\Rising Antivirus.lnk
[2012/06/13 09:11:42 | 000,001,562 | ---- | C] () -- C:\Users\Ron\Desktop\P1010318 - Shortcut.lnk
[2012/06/13 08:41:49 | 000,012,909 | ---- | C] () -- C:\Users\Ron\Documents\find desktop pics.odt
[2012/06/12 11:58:39 | 000,001,867 | ---- | C] () -- C:\Users\Ron\Desktop\Microsoft Fix*it.lnk
[2012/06/12 10:42:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2012/06/11 22:24:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/06/11 22:24:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/06/11 22:22:24 | 000,000,493 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/11 21:17:35 | 000,000,675 | ---- | C] () -- C:\Users\Ron\Desktop\Spybot - Search & Destroy.lnk
[2012/06/11 20:49:21 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/11 20:40:26 | 000,000,122 | ---- | C] () -- C:\Users\Ron\Desktop\What's On Now.url
[2012/06/11 20:40:16 | 000,000,127 | ---- | C] () -- C:\Users\Ron\Desktop\Internet Radio Guide.url
[2012/06/11 20:40:07 | 000,000,127 | ---- | C] () -- C:\Users\Ron\Desktop\Fox News.url
[2012/06/11 20:39:12 | 000,000,980 | ---- | C] () -- C:\Users\Ron\Desktop\mrtstub - Shortcut.lnk
[2012/06/11 19:19:48 | 000,001,293 | ---- | C] () -- C:\Users\Ron\Desktop\PC280652 persian rug - Shortcut.lnk
[2012/06/11 19:03:18 | 000,001,594 | ---- | C] () -- C:\Users\Ron\Desktop\Google Earth.lnk
[2012/06/11 15:54:51 | 000,001,530 | ---- | C] () -- C:\Users\Ron\Desktop\Microsoft Support.png
[2012/06/08 11:52:08 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/06/08 11:51:16 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 11:51:14 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 10:07:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 16:35:54 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/05/18 16:35:53 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7010.DAT
[2012/04/29 10:00:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/04/29 09:56:49 | 000,000,122 | ---- | C] () -- C:\Windows\System32\BsMain.ini

< End of report >

[lcyber]

System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2012/06/04 10:41:53 | 000,022,848 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookTdi.sys -- (HookTdi)
DRV - [2012/06/04 10:40:37 | 000,173,376 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Hooksys.sys -- (hooksys)
DRV - [2012/06/01 09:25:03 | 000,019,712 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\protreg.sys -- (rsdsys)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/11/11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/11/11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/07/13 13:46:03 | 000,031,896 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hvm.sys -- (HyperVM)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 7D 2E 98 F5 25 CD 01 [binary data]
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID= 112060&babsrc=SP_ss&mntrId=941f3c7e0000000000001c6 f65705093
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80675 &lng=en
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 15:03:28 | 000,000,000 | ---D | M]

[2012/06/01 15:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchTe rms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: WiseConvert = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpeke ogihnm\2.3.15.10_0\
CHR - Extension: Google Search = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhh ajpdfd\2.0.0.445_0\
CHR - Extension: Gmail = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (CBHO Object) - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll (CoreStreet, Ltd.)
O3 - HKLM\..\Toolbar: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\Toolbar\WebBrowser: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [RavTRAY] C:\Program Files\Rising\RAV\RSTRAY.EXE (Beijing Rising Information Technology Co., Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RSDTRAY] C:\Program Files\Rising\RSD\popwndexe.exe (Beijing Rising Information Technology Co., Ltd.)
O4 - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000..\Run: [Driver Manager] C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{48D31894-AFB5-4EC1-9DA0-B335F734A13C}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bsmain)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{0E54B361-73E2-46A3-BD29-941E18741168}
[2012/07/06 10:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/05 20:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/07/05 20:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[2012/07/05 20:22:54 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\CRE
[2012/07/05 19:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2012/07/05 18:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/07/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\PC_Drivers_Headquarters
[2012/07/05 18:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Manager
[2012/07/05 18:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
[2012/07/05 18:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Manager
[2012/07/05 10:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6F667F2C-13EA-4D7C-978C-4C99D35A2A02}
[2012/07/05 10:12:11 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{5C365930-2267-43A9-86BF-E8372376990D}
[2012/07/05 09:18:02 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{503D9F91-2D48-44BC-972A-A0F9502206EC}
[2012/07/04 09:52:28 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{32487FF6-EEAF-457D-9E1E-41325A9057FC}
[2012/07/04 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{B16DF959-D18A-4B32-BCE6-8C60180B0B87}
[2012/07/03 19:24:41 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4D7D9C8A-0A82-4F86-BB8A-F8AB99FB6AEB}
[2012/07/02 22:46:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{0536BAF6-1996-404A-8E76-BC1083FEAD0B}
[2012/07/02 10:46:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{CEF02D2F-6F8A-4091-82E3-C751710C33CD}
[2012/07/01 22:46:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{8ECD6A7C-3774-4780-9AC6-6009BEED41EE}
[2012/07/01 10:46:25 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{AC5D8BFB-DBF0-40D5-9360-2B830F9BBAE5}
[2012/07/01 10:46:21 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{E025B489-C14E-4EE1-BBE3-D0AE1DDEED37}
[2012/06/29 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{F0245CBB-D349-4134-975F-54B867C801BB}
[2012/06/29 13:14:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{856EA2F8-093A-4F37-8C77-78CF1DFC6950}
[2012/06/28 22:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Revo Uninstaller
[2012/06/28 22:34:33 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{17CE2DAA-9AF5-4887-A193-E3B1B698ED7A}
[2012/06/28 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4A1560F1-89F2-4A6C-9050-B4FB0868A70D}
[2012/06/28 11:09:08 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6B6CD509-1709-4261-9551-D307330174D9}
[2012/06/27 23:08:05 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{47B10095-4BED-4B88-B0BD-EBF7A3EE0FBD}
[2012/06/27 11:07:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{DE14C58E-177C-42AD-8723-D6B774610135}
[2012/06/27 11:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{8A154F84-2AC3-4452-98FD-A1B91C4BBFC2}
[2012/06/26 20:47:52 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\BlackBerry
[2012/06/26 20:46:58 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\Research In Motion
[2012/06/26 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Research In Motion
[2012/06/26 20:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/06/26 20:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/06/26 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2012/06/26 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2012/06/26 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2012/06/26 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{B84BEEF1-7699-45E6-9215-5A377AC7BEC2}
[2012/06/26 15:09:29 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{F5B575AF-9F2D-43DA-A9EA-A86E547B8B27}
[2012/06/26 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{675778FC-2804-4644-BA7E-4D9801CA194A}
[2012/06/25 14:02:17 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{8F90F348-76B6-4545-B271-BD7433A90513}
[2012/06/25 14:02:14 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{E90AF02C-B710-403B-BB9E-D07E22EEC07C}
[2012/06/25 00:07:18 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{A497570B-E005-4A66-AA03-5BF528543BAC}
[2012/06/25 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{457DE672-C002-4FC9-BC9B-A9EA61777DD4}
[2012/06/24 22:47:49 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{DF06C4D8-FB1D-482B-94E8-207482A1074C}
[2012/06/24 10:46:16 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{672D6B65-62B4-4950-8C49-DB7A1870EA84}
[2012/06/24 10:46:11 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6BB2D036-B3AA-433A-B777-0233D8C9155A}
[2012/06/23 18:20:37 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{29C709BC-71E8-45CB-9487-0051CE63FB37}
[2012/06/23 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{0B7B08F3-94C4-40CB-9511-14BEF106EDDD}
[2012/06/22 12:13:01 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{E3725929-D85D-4C4B-B4A1-FDCC611238AA}
[2012/06/22 12:12:58 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{579D3DCF-A0D9-42FC-8446-EE2A595B453A}
[2012/06/22 01:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{77B18487-F8E7-4882-AA80-91F9F25153C7}
[2012/06/21 13:48:27 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{7C67A803-8854-4FD5-985F-28BDE88F7B3D}
[2012/06/21 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6F5AD614-18E5-4C8A-B1A0-AFEAE2BC55AC}
[2012/06/20 10:11:33 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{189F76B9-8286-4371-978F-A4D0C6CFE5D7}
[2012/06/19 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{9AD80CDA-878A-43D2-9A4F-B7BABC934A3B}
[2012/06/19 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4A53C527-47A9-487B-8A0F-A09017FEED01}
[2012/06/19 10:28:18 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 10:28:18 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 10:28:01 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 10:28:01 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 10:28:01 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 10:27:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 10:27:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/19 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{863C63DE-644E-4EBB-A21A-D5169BD6456E}
[2012/06/19 09:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{468C75BD-5F72-47C5-B6E3-50CE259C38CA}
[2012/06/19 08:33:52 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{CE5D4E59-986F-4CFA-8FF0-60F27A6FF2E9}
[2012/06/19 01:36:22 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{D6BD381D-DFF3-42A6-81F0-4E438D89D635}
[2012/06/18 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{DE69D33D-C8E2-4E04-A6DA-C940FB0F70EB}
[2012/06/18 13:33:55 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4E50A17E-36A4-4B85-95AE-A77812DB6C9E}
[2012/06/16 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{76560041-8642-496C-A222-5ADD3C22181C}
[2012/06/16 12:54:14 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{493CE01D-CFB5-4590-9C08-F2D9FC2C603B}
[2012/06/15 19:33:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/06/15 19:33:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/06/15 19:27:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/15 19:27:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/15 19:27:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/15 19:27:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/15 19:27:03 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/15 19:27:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/15 19:27:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/15 19:21:00 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/06/15 19:20:59 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LSCSHostPolicy.dll
[2012/06/15 19:20:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExt ension.dll
[2012/06/15 19:20:57 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/06/15 19:20:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/06/15 19:20:56 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/06/15 19:20:56 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tssrvlic.dll
[2012/06/15 19:20:54 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/06/15 19:20:53 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/06/15 19:20:53 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/06/15 19:20:52 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/06/15 19:20:51 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012/06/15 19:20:49 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/06/15 19:20:49 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/06/15 19:20:49 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012/06/15 19:20:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/06/15 19:20:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/06/15 19:20:46 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012/06/15 19:20:45 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2012/06/15 19:20:43 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/06/15 19:20:41 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012/06/15 19:20:40 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/06/15 19:20:39 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012/06/15 19:20:39 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012/06/15 19:20:39 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012/06/15 19:20:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2012/06/15 19:20:37 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2012/06/15 19:20:37 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012/06/15 19:20:36 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012/06/15 19:20:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2012/06/15 19:20:35 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2012/06/15 19:20:35 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2012/06/15 19:20:33 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012/06/15 19:20:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/06/15 19:20:33 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2012/06/15 19:20:32 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/06/15 19:20:31 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2012/06/15 19:20:31 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2012/06/15 19:20:30 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012/06/15 19:20:30 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/06/15 19:20:29 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/06/15 19:20:29 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2012/06/15 19:20:29 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012/06/15 19:20:29 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/06/15 19:20:29 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/06/15 19:20:28 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012/06/15 19:20:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2012/06/15 19:20:27 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/06/15 19:20:27 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/06/15 19:20:27 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2012/06/15 19:20:27 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012/06/15 19:20:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2012/06/15 19:20:26 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2012/06/15 19:20:25 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2012/06/15 19:20:25 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/06/15 19:20:25 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2012/06/15 19:20:24 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2012/06/15 19:20:24 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012/06/15 19:20:24 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/06/15 19:20:24 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/06/15 19:20:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2012/06/15 19:20:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/06/15 19:20:23 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2012/06/15 19:20:22 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/06/15 19:20:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/06/15 19:20:22 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012/06/15 19:20:21 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/06/15 19:20:21 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012/06/15 19:20:21 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2012/06/15 19:20:21 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/06/15 19:20:21 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2012/06/15 19:20:20 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012/06/15 19:20:19 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/06/15 19:20:19 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012/06/15 19:20:19 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2012/06/15 19:20:19 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2012/06/15 19:20:19 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2012/06/15 19:20:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2012/06/15 19:20:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2012/06/15 19:20:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2012/06/15 19:20:16 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/06/15 19:20:15 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/06/15 19:20:15 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/06/15 19:20:15 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2012/06/15 19:20:15 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2012/06/15 19:20:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2012/06/15 19:20:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012/06/15 19:20:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2012/06/15 19:20:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012/06/15 19:20:14 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012/06/15 19:20:13 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/06/15 19:20:13 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012/06/15 19:20:13 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012/06/15 19:20:13 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2012/06/15 19:20:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/06/15 19:20:13 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/06/15 19:20:12 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012/06/15 19:20:12 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2012/06/15 19:20:12 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2012/06/15 19:20:12 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2012/06/15 19:20:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/06/15 19:20:11 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012/06/15 19:20:11 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2012/06/15 19:20:11 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2012/06/15 19:20:11 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2012/06/15 19:20:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/06/15 19:20:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/06/15 19:20:10 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2012/06/15 19:20:09 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2012/06/15 19:20:09 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012/06/15 19:20:08 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012/06/15 19:20:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2012/06/15 19:20:07 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/06/15 19:20:07 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2012/06/15 19:20:07 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2012/06/15 19:20:06 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2012/06/15 19:20:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2012/06/15 19:20:05 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2012/06/15 19:20:05 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012/06/15 19:20:05 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012/06/15 19:20:05 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2012/06/15 19:20:05 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/06/15 19:20:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012/06/15 19:20:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012/06/15 19:20:04 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012/06/15 19:20:04 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012/06/15 19:20:04 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012/06/15 19:20:04 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2012/06/15 19:20:04 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2012/06/15 19:20:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2012/06/15 19:20:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012/06/15 19:20:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012/06/15 19:20:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/06/15 19:20:03 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012/06/15 19:20:03 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2012/06/15 19:20:03 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/06/15 19:20:03 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/06/15 19:20:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012/06/15 19:20:02 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012/06/15 19:20:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012/06/15 19:20:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/06/15 19:20:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2012/06/15 19:20:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2012/06/15 19:20:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2012/06/15 19:20:00 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012/06/15 19:20:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012/06/15 19:20:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012/06/15 19:19:59 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012/06/15 19:19:59 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/06/15 19:19:59 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/06/15 19:19:59 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2012/06/15 19:19:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2012/06/15 19:19:58 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2012/06/15 19:19:57 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2012/06/15 19:19:57 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2012/06/15 19:19:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012/06/15 19:19:56 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2012/06/15 19:19:56 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2012/06/15 19:19:56 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2012/06/15 19:19:56 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2012/06/15 19:19:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/06/15 19:19:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2012/06/15 19:19:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012/06/15 19:19:55 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2012/06/15 19:19:55 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2012/06/15 19:19:55 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2012/06/15 19:19:55 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2012/06/15 19:19:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2012/06/15 19:19:54 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012/06/15 19:19:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2012/06/15 19:19:54 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2012/06/15 19:19:54 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012/06/15 19:19:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2012/06/15 19:19:54 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012/06/15 19:19:53 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2012/06/15 19:19:53 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012/06/15 19:19:53 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2012/06/15 19:19:53 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/06/15 19:19:53 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2012/06/15 19:19:52 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012/06/15 19:19:52 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012/06/15 19:19:52 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2012/06/15 19:19:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2012/06/15 19:19:51 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012/06/15 19:19:51 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2012/06/15 19:19:51 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/06/15 19:19:50 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012/06/15 19:19:50 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012/06/15 19:19:50 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012/06/15 19:19:50 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/06/15 19:19:50 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2012/06/15 19:19:50 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2012/06/15 19:19:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2012/06/15 19:19:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012/06/15 19:19:49 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012/06/15 19:19:49 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012/06/15 19:19:49 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2012/06/15 19:19:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012/06/15 19:19:49 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012/06/15 19:19:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/06/15 19:19:49 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2012/06/15 19:19:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2012/06/15 19:19:48 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012/06/15 19:19:48 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2012/06/15 19:19:48 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2012/06/15 19:19:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/06/15 19:19:48 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012/06/15 19:19:47 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2012/06/15 19:19:47 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[

[lcyber]

OTL logfile created on: 7/6/2012 10:58:06 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ron\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 50.98% Memory free
6.48 Gb Paging File | 4.68 Gb Available in Paging File | 72.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.59 Gb Total Space | 35.40 Gb Free Space | 46.22% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 85.22 Gb Free Space | 57.19% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 10:57:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Downloads\OTL (1).exe
PRC - [2012/07/06 10:57:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Downloads\OTL.exe
PRC - [2012/06/18 15:45:30 | 003,518,904 | ---- | M] (PC Drivers Headquarters) -- C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe
PRC - [2012/06/06 10:41:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/19 08:50:16 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\swriter.exe
PRC - [2012/04/19 08:50:10 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/04/19 08:50:10 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/11/30 09:39:02 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe
PRC - [2011/11/19 02:00:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\popwndexe.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/09/08 02:00:41 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RsTray.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/15 10:51:52 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RavMonD.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/05 20:23:10 | 000,558,133 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpeke ogihnm\2.3.15.10_0\sqlite3.dll
MOD - [2012/07/05 20:23:09 | 000,095,048 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpeke ogihnm\2.3.15.10_0\ch20UPD.dll
MOD - [2012/07/05 18:54:37 | 000,304,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Practices#\2d882dbe286b7d439c72caaf9a65d5bb \Microsoft.Practices.ObjectBuilder.ni.dll
MOD - [2012/07/05 18:54:37 | 000,150,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Practices#\250a43a7ee300bda53151b95658ba1a1 \Microsoft.Practices.EnterpriseLibrary.Security.Cr yptography.ni.dll
MOD - [2012/07/05 18:54:37 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\XPB urnComponent\feb210b3044602188e4a25bdc374b818\XPBu rnComponent.ni.dll
MOD - [2012/07/05 18:54:36 | 001,772,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Rul eEngine\73d094bb47f99c09d9f34cb59bf284e1\RuleEngin e.ni.dll
MOD - [2012/07/05 18:54:36 | 000,309,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Practices#\249118a73f95b9db91d420c943e1934d \Microsoft.Practices.EnterpriseLibrary.Common.ni.d ll
MOD - [2012/07/05 18:54:36 | 000,235,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Applicati#\008373ed4a024ccbb02ce28790217832 \Microsoft.ApplicationBlocks.Updater.ni.dll
MOD - [2012/07/05 18:54:35 | 000,357,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Win32.Tas#\efa90256d43a9895022ab9d3b9f26073 \Microsoft.Win32.TaskScheduler.ni.dll
MOD - [2012/07/05 18:54:34 | 000,837,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Age nt.Communication\ed8bcf3157af5f35ce6ee34e4012b0d8\ Agent.Communication.ni.dll
MOD - [2012/07/05 18:54:34 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Int erop.WUApiLib\72a2cd7b9f86a9b7c408ade974e78a5d\Int erop.WUApiLib.ni.dll
MOD - [2012/07/05 18:54:33 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Com mon\e29e697b2de158d3d15a88b03b2e3ed2\Common.ni.dll
MOD - [2012/07/05 18:54:33 | 000,060,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Exc eptionLogging\2e4a9fc551c72ab8d43882c7fd9867f3\Exc eptionLogging.ni.dll
MOD - [2012/07/05 18:54:31 | 007,607,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Age nt\afa8af08db89d886366d5ac682c95c21\Agent.ni.exe
MOD - [2012/07/05 18:54:31 | 000,760,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Age nt.Common\147f30b778c0c7468046681701142d49\Agent.C ommon.ni.dll
MOD - [2012/06/28 11:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 11:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\pdf.dll
MOD - [2012/06/28 11:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 11:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\libegl.dll
MOD - [2012/06/28 11:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 11:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 11:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/19 03:29:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\Sy stem.Management.ni.dll
MOD - [2012/06/19 03:25:30 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\ System.Web.Services.ni.dll
MOD - [2012/06/19 03:25:29 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\a501b7960f6c6e2e39162b83f3303aaa\System.We b.ni.dll
MOD - [2012/06/19 03:25:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c \System.Runtime.Remoting.ni.dll
MOD - [2012/06/19 03:25:20 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\f3814b488d9e083cbbc623e01b389f09\System.D ata.ni.dll
MOD - [2012/06/19 03:24:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\7b7fbe651c6e72f12099a298654c9594 \System.Windows.Forms.ni.dll
MOD - [2012/06/19 03:24:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\Syste m.Drawing.ni.dll
MOD - [2012/06/19 03:24:30 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xm l.ni.dll
MOD - [2012/06/19 03:24:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d \System.Configuration.ni.dll
MOD - [2012/06/19 03:24:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/19 03:24:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll
MOD - [2012/06/18 15:45:34 | 000,634,832 | ---- | M] () -- C:\Program Files\Driver Manager\Driver Manager\ThemePack.DriverManager.dll
MOD - [2012/06/18 15:29:08 | 000,309,224 | ---- | M] () -- C:\Program Files\Driver Manager\Driver Manager\Agent.Communication.XmlSerializers.dll
MOD - [2012/05/28 00:20:27 | 000,008,704 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreT empInfoNET.dll
MOD - [2012/05/28 00:20:27 | 000,007,680 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemIn fo.dll
MOD - [2012/05/28 00:20:27 | 000,006,144 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTemp Reader.dll
MOD - [2012/04/13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/04/13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- |

[lcyber]

OTL Extras logfile created on: 7/6/2012 10:58:06 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ron\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 50.98% Memory free
6.48 Gb Paging File | 4.68 Gb Available in Paging File | 72.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.59 Gb Total Space | 35.40 Gb Free Space | 46.22% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 85.22 Gb Free Space | 57.19% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0F15FEDD-22CE-4AD0-9BA9-5E642B0FBD42}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{12840BCB-0354-4037-8EA7-28125DB9B107}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9349AB20-3A64-4AF2-A103-A2C22BC8C14C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B90E77D5-0196-4BF0-9B78-A3503550E8AE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{DD3F7EEC-C93D-410D-842C-376F8AC04223}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{EFB80752-EB1C-45CC-808E-35CCEB697A4F}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{15FC7FE8-DA58-4A34-BF2C-0F2209DE61B2}" = protocol=6 | dir=in | app=c:\program files\rising\rav\ravmond.exe |
"{2198E22E-782C-46AD-A004-77A48C2ACDD3}" = protocol=17 | dir=in | app=c:\program files\rising\rav\ravmond.exe |
"{5AD04701-86D9-4E07-9D24-C3E1D8E667F4}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{AC552964-3C87-4231-B9B6-B6B0F9A2FE5B}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{D2348CB9-298F-4388-8052-4FA14D4EA6A7}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{D843181D-A0A0-44B2-86B0-3FEF8423E0EB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FE086388-30AF-4679-88EA-A04213949E2F}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iLivid" = iLivid
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Picasa 3" = Picasa 3
"RAV" = Rising Antivirus
"Revo Uninstaller" = Revo Uninstaller 1.94
"RSD" = Rising Software Deployment System
"Searchqu Toolbar" = Searchqu Toolbar
"SpoofStick for Internet Explorer" = SpoofStick for Internet Explorer 1.02
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2012 8:06:46 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",p ublicKeyToken="1fc8b3b9a1e18e3b",type="win32",vers ion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 7:52:36 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",p ublicKeyToken="1fc8b3b9a1e18e3b",type="win32",vers ion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 7:52:45 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",p ublicKeyToken="1fc8b3b9a1e18e3b",type="win32",vers ion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 7:53:34 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\spybot - search & destroy\DelZip179.dll".Error
in manifest or policy file "e:\spybot - search & destroy\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/3/2012 7:30:21 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",p ublicKeyToken="1fc8b3b9a1e18e3b",type="win32",vers ion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/3/2012 7:30:26 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",p ublicKeyToken="1fc8b3b9a1e18e3b",type="win32",vers ion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/3/2012 7:30:47 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\spybot - search & destroy\DelZip179.dll".Error
in manifest or policy file "e:\spybot - search & destroy\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/4/2012 8:37:04 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",p ublicKeyToken="1fc8b3b9a1e18e3b",type="win32",vers ion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/4/2012 8:37:13 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",p ublicKeyToken="1fc8b3b9a1e18e3b",type="win32",vers ion="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/4/2012 8:38:02 PM | Computer Name = Ron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\spybot - search & destroy\DelZip179.dll".Error
in manifest or policy file "e:\spybot - search & destroy\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 6/25/2012 7:44:41 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 6/25/2012 7:44:54 AM | Computer Name = Ron-PC | Source = DCOM | ID = 10005
Description =

Error - 6/25/2012 7:44:54 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 6/25/2012 7:44:54 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/25/2012 7:44:56 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 6/25/2012 7:44:56 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/25/2012 7:45:03 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 6/25/2012 7:45:03 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/26/2012 4:26:41 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Font Cache Service service to connect.

Error - 6/26/2012 4:26:41 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Font Cache Service service failed to start due to the
following error: %%1053


< End of report >

[lcyber]

Hi Jintan,
I didn't think opening a new thread three months after my last one would cause this problem for you.This thread closed in April and AnneMaries was posted in July when she pointed out it "could be a malware problem". I am not proficient enough to have known that myself.This is the best explanation I can give you.

[Jintan]

Think we had cleared out quite a bit of the obvious stuff, so look like the system is reinfected with some adware/spyware or bogus programs.


Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Web Assistant 2.0.0.445 - Adware/spyware.
DriverTuner 3.1.0.0 - Scam, even if downloaded from some other vendor's website.
Searchqu Toolbar - Adware/spyware/search hijacker.
SpoofStick for Internet Explorer 1.02 - I think this app is likely fairly useless at best. Actual website address show in the lower right of your browser Window anyway (though not sure about Chrome). Tried just now to access their website but just got clocking.
Livid - Adware.
Driver Manager - Scam, even if downloaded from some other vendor's website.

Note - there are no "fixit/optimizer/driver cure/driver fixit/reg optimizer" or other programs that actually are legit.

Reboot, and run and post a new OTL log please.

[lcyber]

OTL logfile created on: 7/7/2012 10:25:35 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ron\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 64.68% Memory free
6.48 Gb Paging File | 5.24 Gb Available in Paging File | 80.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.59 Gb Total Space | 33.54 Gb Free Space | 43.79% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 85.23 Gb Free Space | 57.20% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

[lcyber]

PRC - [2012/07/07 10:25:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Downloads\OTL (2).exe
PRC - [2012/07/06 13:00:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bPro tect.exe
PRC - [2011/11/30 09:39:02 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe
PRC - [2011/11/19 02:00:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\popwndexe.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/09/08 02:00:41 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RsTray.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/15 10:51:52 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RavMonD.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/06 13:00:38 | 002,004,472 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.1.419.7\prot ector.dll
MOD - [2012/06/28 11:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 11:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\pdf.dll
MOD - [2012/06/28 11:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 11:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\libegl.dll
MOD - [2012/06/28 11:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 11:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 11:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/19 03:24:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll
MOD - [2012/05/28 00:20:27 | 000,008,704 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreT empInfoNET.dll
MOD - [2012/05/28 00:20:27 | 000,007,680 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemIn fo.dll
MOD - [2012/05/28 00:20:27 | 000,006,144 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTemp Reader.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- E:\Spybot -- (SBSDWSCService)
SRV - [2012/07/06 13:00:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bPro tect.exe -- (bProtector)
SRV - [2012/06/07 10:07:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/30 09:39:02 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
SRV - [2010/12/15 10:51:52 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\RAV\RavMonD.exe -- (RsRavMon)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/01 09:17:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2012/06/04 10:41:53 | 000,022,848 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookTdi.sys -- (HookTdi)
DRV - [2012/06/04 10:40:37 | 000,173,376 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Hooksys.sys -- (hooksys)
DRV - [2012/06/01 09:25:03 | 000,019,712 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\protreg.sys -- (rsdsys)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/11/11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/11/11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/07/13 13:46:03 | 000,031,896 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hvm.sys -- (HyperVM)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=114022...001c6f65705093
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022...001c6f65705093
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 7D 2E 98 F5 25 CD 01 [binary data]
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=941 f3c7e0000000000001c6f65705093
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80675 &lng=en
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6PQCDFTrrB&i=26
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\Fire foxExtension [2012/07/06 13:00:44 | 000,000,000 | ---D | M]

[2012/06/01 15:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchTe rms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll
CHR - Extension: FLV Runner = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjdddd mapala\2.3.15.10_1\
CHR - Extension: YouTube = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: WiseConvert = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpeke ogihnm\2.3.15.10_0\
CHR - Extension: Google Search = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpg bjonjg\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\Ba bylonToolbar.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\Toolbar\WebBrowser: (no name) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - No CLSID value found.
O3 - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [RavTRAY] C:\Program Files\Rising\RAV\RSTRAY.EXE (Beijing Rising Information Technology Co., Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RSDTRAY] C:\Program Files\Rising\RSD\popwndexe.exe (Beijing Rising Information Technology Co., Ltd.)
O4 - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{48D31894-AFB5-4EC1-9DA0-B335F734A13C}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\prot ector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bsmain)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[lcyber]

[2012/07/07 10:21:24 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 10:21:24 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 10:17:46 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/07 10:17:46 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/07 10:17:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181556996-2781344761-3558778553-1000UA.job
[2012/07/07 10:13:48 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 10:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 10:13:10 | 2608,979,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 09:56:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 09:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/07 04:17:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181556996-2781344761-3558778553-1000Core.job
[2012/07/06 16:09:29 | 000,002,116 | ---- | M] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/07/06 16:09:29 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/07/06 16:04:42 | 166,909,440 | ---- | M] () -- C:\Windows\System32\Samsung New PC Studio.msi
[2012/07/06 16:04:31 | 000,003,584 | ---- | M] () -- C:\Windows\System32\1033.MST
[2012/07/06 16:04:29 | 000,013,660 | ---- | M] () -- C:\Windows\System32\0x0409.ini
[2012/07/06 15:28:18 | 000,002,140 | ---- | M] () -- C:\Users\Ron\Desktop\Revo Uninstaller - Shortcut.lnk
[2012/07/06 13:01:30 | 000,005,372 | ---- | M] () -- C:\user.js
[2012/07/06 12:50:13 | 173,838,160 | ---- | M] () -- C:\Users\Ron\Desktop\New_PC_Studio_1.5.1.10064_2.e xe
[2012/07/01 22:18:45 | 000,002,353 | ---- | M] () -- C:\Users\Ron\Desktop\Google Chrome.lnk
[2012/06/28 23:25:41 | 000,145,873 | ---- | M] () -- C:\Users\Ron\Documents\dressing table.JPG
[2012/06/28 23:17:08 | 000,158,789 | ---- | M] () -- C:\Users\Ron\Documents\P1020003wardrobe.JPG
[2012/06/28 22:58:47 | 000,000,519 | ---- | M] () -- C:\Users\Ron\Desktop\Revo Uninstaller.lnk
[2012/06/28 20:32:36 | 000,016,731 | ---- | M] () -- C:\Users\Ron\Documents\Untitled 1.odt
[2012/06/28 06:08:52 | 004,855,968 | ---- | M] () -- C:\Users\Ron\Documents\q10.JPG
[2012/06/27 19:41:07 | 000,212,402 | ---- | M] () -- C:\Users\Ron\Documents\council conplaint swimming pool.png
[2012/06/26 20:47:58 | 000,003,584 | ---- | M] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 20:46:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_010 07.Wdf
[2012/06/26 20:46:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_ 01007.Wdf
[2012/06/26 20:45:58 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/20 18:22:36 | 000,000,744 | ---- | M] () -- C:\Users\Ron\Desktop\video Chimpanzee bottle feeds tiger cubs at Thai zoo - Telegraph.url
[2012/06/19 03:21:31 | 000,293,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/16 12:34:54 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/06/13 12:59:22 | 000,002,044 | ---- | M] () -- C:\Users\Ron\Desktop\Rising Antivirus.lnk
[2012/06/13 09:11:42 | 000,001,562 | ---- | M] () -- C:\Users\Ron\Desktop\P1010318 - Shortcut.lnk
[2012/06/13 08:41:51 | 000,012,909 | ---- | M] () -- C:\Users\Ron\Documents\find desktop pics.odt
[2012/06/12 11:58:39 | 000,001,867 | ---- | M] () -- C:\Users\Ron\Desktop\Microsoft Fix*it.lnk
[2012/06/12 10:42:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2012/06/11 22:24:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/11 22:24:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/06/11 22:22:25 | 000,000,493 | ---- | M] () -- C:\Windows\wininit.ini
[2012/06/11 21:52:44 | 000,000,675 | ---- | M] () -- C:\Users\Ron\Desktop\Spybot - Search & Destroy.lnk
[2012/06/11 20:49:21 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/11 20:40:26 | 000,000,122 | ---- | M] () -- C:\Users\Ron\Desktop\What's On Now.url
[2012/06/11 20:40:16 | 000,000,127 | ---- | M] () -- C:\Users\Ron\Desktop\Internet Radio Guide.url
[2012/06/11 20:40:07 | 000,000,127 | ---- | M] () -- C:\Users\Ron\Desktop\Fox News.url
[2012/06/11 20:39:12 | 000,000,980 | ---- | M] () -- C:\Users\Ron\Desktop\mrtstub - Shortcut.lnk
[2012/06/11 19:19:48 | 000,001,293 | ---- | M] () -- C:\Users\Ron\Desktop\PC280652 persian rug - Shortcut.lnk
[2012/06/11 19:03:18 | 000,001,594 | ---- | M] () -- C:\Users\Ron\Desktop\Google Earth.lnk
[2012/06/11 15:54:51 | 000,001,530 | ---- | M] () -- C:\Users\Ron\Desktop\Microsoft Support.png
[2012/06/10 16:22:48 | 000,001,935 | ---- | M] () -- C:\Users\Ron\Desktop\Command Prompt.lnk
[2012/06/08 11:52:08 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/06 16:09:29 | 000,002,116 | ---- | C] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/07/06 16:09:29 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/07/06 16:07:30 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012/07/06 16:05:30 | 000,013,660 | ---- | C] () -- C:\Windows\System32\0x0409.ini
[2012/07/06 16:05:30 | 000,003,584 | ---- | C] () -- C:\Windows\System32\1033.MST
[2012/07/06 16:05:29 | 166,909,440 | ---- | C] () -- C:\Windows\System32\Samsung New PC Studio.msi
[2012/07/06 15:28:18 | 000,002,140 | ---- | C] () -- C:\Users\Ron\Desktop\Revo Uninstaller - Shortcut.lnk
[2012/07/06 12:55:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012/07/06 12:46:34 | 173,838,160 | ---- | C] () -- C:\Users\Ron\Desktop\New_PC_Studio_1.5.1.10064_2.e xe
[2012/06/28 23:25:15 | 000,145,873 | ---- | C] () -- C:\Users\Ron\Documents\dressing table.JPG
[2012/06/28 23:17:19 | 000,158,789 | ---- | C] () -- C:\Users\Ron\Documents\P1020003wardrobe.JPG
[2012/06/28 22:58:47 | 000,000,519 | ---- | C] () -- C:\Users\Ron\Desktop\Revo Uninstaller.lnk
[2012/06/28 20:32:32 | 000,016,731 | ---- | C] () -- C:\Users\Ron\Documents\Untitled 1.odt
[2012/06/28 20:20:54 | 004,855,968 | ---- | C] () -- C:\Users\Ron\Documents\q10.JPG
[2012/06/27 19:40:16 | 000,212,402 | ---- | C] () -- C:\Users\Ron\Documents\council conplaint swimming pool.png
[2012/06/26 20:47:58 | 000,003,584 | ---- | C] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 20:46:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_010 07.Wdf
[2012/06/26 20:46:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_ 01007.Wdf
[2012/06/26 20:45:58 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/15 19:20:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/06/15 19:20:44 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/06/15 19:19:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/06/15 19:19:05 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012/06/15 19:18:54 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012/06/13 12:59:22 | 000,002,044 | ---- | C] () -- C:\Users\Ron\Desktop\Rising Antivirus.lnk
[2012/06/13 09:11:42 | 000,001,562 | ---- | C] () -- C:\Users\Ron\Desktop\P1010318 - Shortcut.lnk
[2012/06/13 08:41:49 | 000,012,909 | ---- | C] () -- C:\Users\Ron\Documents\find desktop pics.odt
[2012/06/12 11:58:39 | 000,001,867 | ---- | C] () -- C:\Users\Ron\Desktop\Microsoft Fix*it.lnk
[2012/06/12 10:42:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2012/06/11 22:24:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/06/11 22:24:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/06/11 22:22:24 | 000,000,493 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/11 21:17:35 | 000,000,675 | ---- | C] () -- C:\Users\Ron\Desktop\Spybot - Search & Destroy.lnk
[2012/06/11 20:49:21 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/11 20:40:26 | 000,000,122 | ---- | C] () -- C:\Users\Ron\Desktop\What's On Now.url
[2012/06/11 20:40:16 | 000,000,127 | ---- | C] () -- C:\Users\Ron\Desktop\Internet Radio Guide.url
[2012/06/11 20:40:07 | 000,000,127 | ---- | C] () -- C:\Users\Ron\Desktop\Fox News.url
[2012/06/11 20:39:12 | 000,000,980 | ---- | C] () -- C:\Users\Ron\Desktop\mrtstub - Shortcut.lnk
[2012/06/11 19:19:48 | 000,001,293 | ---- | C] () -- C:\Users\Ron\Desktop\PC280652 persian rug - Shortcut.lnk
[2012/06/11 19:03:18 | 000,001,594 | ---- | C] () -- C:\Users\Ron\Desktop\Google Earth.lnk
[2012/06/11 15:54:51 | 000,001,530 | ---- | C] () -- C:\Users\Ron\Desktop\Microsoft Support.png
[2012/06/08 11:52:08 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/06/08 11:51:16 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 11:51:14 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 16:35:54 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/05/18 16:35:53 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7010.DAT
[2012/04/29 10:00:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/04/29 09:56:49 | 000,000,122 | ---- | C] () -- C:\Windows\System32\BsMain.ini

< End of report >

[lcyber]

Extra.txt not showing in taskbar,had this same experience long time ago.I have run OTL 5 times now and still not showing.I have done a search also but no luck.It did appear in yesterday's OTL scan but not doing it today

[lcyber]

after completing this, my Rising Anti Virus won't operate, "incompatible operation" just get a ping sound when trying to run it

[lcyber]

please ignore last post anti virus is now working after re booting

[Jintan]

Sorry - OTL will not keep recreating the second log after the first run.

Haven't seen the uninstaller for this adware there yet:


PRC - [2012/07/06 13:00:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bPro tect.exe
MOD - [2012/07/06 13:00:38 | 002,004,472 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.1.419.7\prot ector.dll
SRV - [2012/07/06 13:00:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bPro tect.exe -- (bProtector)

----------

Open Firefox - Tools - Add-ons, and Disable or Remove:

bProtectorForWindows

(Or anything similar to that).

----------

Temp disable security softwares, then open OTL again.

Under the Custom Scans/Fixes box at the bottom, paste in the following (inside the Code box):

Code:

:Services
esgiguard
bProtector
:Files
C:\ProgramData\bProtectorForWindows
:OTL 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=114022...001c6f65705093
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022...001c6f65705093
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 7D 2E 98 F5 25 CD 01  [binary data]
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=941f3c7e0000000000001c6f65705093
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80675&lng=en
IE - HKU\S-1-5-21-1181556996-2781344761-3558778553-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6PQCDFTrrB&i=26

Then click the Run Fix button at the top of the OTL display. When that completes a log will open - post that here in your next reply please. That log will also be saved in the c:\_OTL\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log).

[lcyber]

OTL logfile created on: 7/8/2012 11:03:44 AM - Run 4
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ron\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 60.63% Memory free
6.48 Gb Paging File | 5.08 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.59 Gb Total Space | 34.73 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 85.23 Gb Free Space | 57.20% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 11:11:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Downloads\OTL (3).exe
PRC - [2011/11/30 09:39:02 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe
PRC - [2011/11/19 02:00:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\popwndexe.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/10 02:00:36 | 000,617,624 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RsAgent.exe
PRC - [2011/09/08 02:00:41 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RsTray.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/15 10:51:52 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RavMonD.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/06 13:00:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\prot ector.dll
MOD - [2012/06/28 11:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 11:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\pdf.dll
MOD - [2012/06/28 11:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 11:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\libegl.dll
MOD - [2012/06/28 11:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 11:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 11:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/19 03:24:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll
MOD - [2012/05/28 00:20:27 | 000,008,704 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreT empInfoNET.dll
MOD - [2012/05/28 00:20:27 | 000,007,680 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemIn fo.dll
MOD - [2012/05/28 00:20:27 | 000,006,144 | ---- | M] () -- C:\Users\Ron\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTemp Reader.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- E:\Spybot -- (SBSDWSCService)
SRV - [2012/06/07 10:07:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/30 09:39:02 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
SRV - [2010/12/15 10:51:52 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\RAV\RavMonD.exe -- (RsRavMon)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/01 09:17:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2012/06/04 10:41:53 | 000,022,848 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookTdi.sys -- (HookTdi)
DRV - [2012/06/04 10:40:37 | 000,173,376 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Hooksys.sys -- (hooksys)
DRV - [2012/06/01 09:25:03 | 000,019,712 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\protreg.sys -- (rsdsys)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/11/11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/11/11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/07/13 13:46:03 | 000,031,896 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hvm.sys -- (HyperVM)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=114022...001c6f65705093
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022...001c6f65705093
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 7D 2E 98 F5 25 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=941 f3c7e0000000000001c6f65705093
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80675 &lng=en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6PQCDFTrrB&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

[2012/06/01 15:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchTe rms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Applicati on\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ron\AppData\Local\Google\Update\1.3.21.11 1\npGoogleUpdate3.dll
CHR - Extension: FLV Runner = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjdddd mapala\2.3.15.10_1\
CHR - Extension: YouTube = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: WiseConvert = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpeke ogihnm\2.3.15.10_0\
CHR - Extension: Google Search = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpg bjonjg\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\Ba bylonToolbar.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [RavTRAY] C:\Program Files\Rising\RAV\RSTRAY.EXE (Beijing Rising Information Technology Co., Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RSDTRAY] C:\Program Files\Rising\RSD\popwndexe.exe (Beijing Rising Information Technology Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{48D31894-AFB5-4EC1-9DA0-B335F734A13C}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\prot ector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bsmain)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 06:19:56 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{FF59B77E-77A9-4427-B9A5-15C13F759AE8}
[2012/07/08 06:19:53 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{7B9EB3FC-DC91-4E81-A9E4-C19B51A76830}
[2012/07/07 18:19:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{411BC4C2-2A35-4CA2-9B9B-14A18F8CC71A}
[2012/07/07 18:19:28 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{7427387C-9FC3-4362-99DF-0CBA2D7E9415}
[2012/07/07 15:41:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{27055023-98C3-44A8-A54F-D41B98FD5E63}
[2012/07/07 13:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/07/06 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\NPS
[2012/07/06 16:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/07/06 14:58:03 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\searchplugins
[2012/07/06 14:57:59 | 000,000,000 | ---D | C] -- C:\Users\Ron\searchplugins
[2012/07/06 13:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012/07/06 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\Babylon
[2012/07/06 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/07/06 13:00:50 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Babylon
[2012/07/06 13:00:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2012/07/06 13:00:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2012/07/06 13:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2012/07/06 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/07/06 12:55:21 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2012/07/06 12:55:04 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\My NPS Files
[2012/07/06 12:55:03 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Samsung
[2012/07/06 12:54:30 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\Samsung
[2012/07/06 12:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012/07/06 12:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/07/06 12:22:33 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{8186185B-1531-4D7B-90FF-1D9B70435EEF}
[2012/07/06 12:22:29 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{F285569D-00E4-4257-ABAD-CD6FB409E338}
[2012/07/06 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{0E54B361-73E2-46A3-BD29-941E18741168}
[2012/07/06 10:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/05 20:22:54 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\CRE
[2012/07/05 10:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6F667F2C-13EA-4D7C-978C-4C99D35A2A02}
[2012/07/05 10:12:11 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{5C365930-2267-43A9-86BF-E8372376990D}
[2012/07/05 09:18:02 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{503D9F91-2D48-44BC-972A-A0F9502206EC}
[2012/07/04 09:52:28 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{32487FF6-EEAF-457D-9E1E-41325A9057FC}
[2012/07/04 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{B16DF959-D18A-4B32-BCE6-8C60180B0B87}
[2012/07/03 19:24:41 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4D7D9C8A-0A82-4F86-BB8A-F8AB99FB6AEB}
[2012/07/02 22:46:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{0536BAF6-1996-404A-8E76-BC1083FEAD0B}
[2012/07/02 10:46:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{CEF02D2F-6F8A-4091-82E3-C751710C33CD}
[2012/07/01 22:46:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{8ECD6A7C-3774-4780-9AC6-6009BEED41EE}
[2012/07/01 10:46:25 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{AC5D8BFB-DBF0-40D5-9360-2B830F9BBAE5}
[2012/07/01 10:46:21 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{E025B489-C14E-4EE1-BBE3-D0AE1DDEED37}
[2012/06/29 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{F0245CBB-D349-4134-975F-54B867C801BB}
[2012/06/29 13:14:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{856EA2F8-093A-4F37-8C77-78CF1DFC6950}
[2012/06/28 22:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Revo Uninstaller
[2012/06/28 22:34:33 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{17CE2DAA-9AF5-4887-A193-E3B1B698ED7A}
[2012/06/28 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4A1560F1-89F2-4A6C-9050-B4FB0868A70D}
[2012/06/28 11:09:08 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6B6CD509-1709-4261-9551-D307330174D9}
[2012/06/27 23:08:05 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{47B10095-4BED-4B88-B0BD-EBF7A3EE0FBD}
[2012/06/27 11:07:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{DE14C58E-177C-42AD-8723-D6B774610135}
[2012/06/27 11:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{8A154F84-2AC3-4452-98FD-A1B91C4BBFC2}
[2012/06/26 20:47:52 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\BlackBerry
[2012/06/26 20:46:58 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\Research In Motion
[2012/06/26 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Research In Motion
[2012/06/26 20:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/06/26 20:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/06/26 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2012/06/26 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2012/06/26 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2012/06/26 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{B84BEEF1-7699-45E6-9215-5A377AC7BEC2}
[2012/06/26 15:09:29 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{F5B575AF-9F2D-43DA-A9EA-A86E547B8B27}
[2012/06/26 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{675778FC-2804-4644-BA7E-4D9801CA194A}
[2012/06/25 14:02:17 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{8F90F348-76B6-4545-B271-BD7433A90513}
[2012/06/25 14:02:14 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{E90AF02C-B710-403B-BB9E-D07E22EEC07C}
[2012/06/25 00:07:18 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{A497570B-E005-4A66-AA03-5BF528543BAC}
[2012/06/25 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{457DE672-C002-4FC9-BC9B-A9EA61777DD4}
[2012/06/24 22:47:49 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{DF06C4D8-FB1D-482B-94E8-207482A1074C}
[2012/06/24 10:46:16 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{672D6B65-62B4-4950-8C49-DB7A1870EA84}
[2012/06/24 10:46:11 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6BB2D036-B3AA-433A-B777-0233D8C9155A}
[2012/06/23 18:20:37 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{29C709BC-71E8-45CB-9487-0051CE63FB37}
[2012/06/23 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{0B7B08F3-94C4-40CB-9511-14BEF106EDDD}
[2012/06/22 12:13:01 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{E3725929-D85D-4C4B-B4A1-FDCC611238AA}
[2012/06/22 12:12:58 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{579D3DCF-A0D9-42FC-8446-EE2A595B453A}
[2012/06/22 01:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{77B18487-F8E7-4882-AA80-91F9F25153C7}
[2012/06/21 13:48:27 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{7C67A803-8854-4FD5-985F-28BDE88F7B3D}
[2012/06/21 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{6F5AD614-18E5-4C8A-B1A0-AFEAE2BC55AC}
[2012/06/20 10:11:33 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{189F76B9-8286-4371-978F-A4D0C6CFE5D7}
[2012/06/19 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{9AD80CDA-878A-43D2-9A4F-B7BABC934A3B}
[2012/06/19 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4A53C527-47A9-487B-8A0F-A09017FEED01}
[2012/06/19 10:28:18 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 10:28:18 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 10:28:01 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 10:28:01 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 10:28:01 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 10:27:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 10:27:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/19 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{863C63DE-644E-4EBB-A21A-D5169BD6456E}
[2012/06/19 09:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{468C75BD-5F72-47C5-B6E3-50CE259C38CA}
[2012/06/19 08:33:52 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{CE5D4E59-986F-4CFA-8FF0-60F27A6FF2E9}
[2012/06/19 01:36:22 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{D6BD381D-DFF3-42A6-81F0-4E438D89D635}
[2012/06/18 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{DE69D33D-C8E2-4E04-A6DA-C940FB0F70EB}
[2012/06/18 13:33:55 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{4E50A17E-36A4-4B85-95AE-A77812DB6C9E}
[2012/06/16 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{76560041-8642-496C-A222-5ADD3C22181C}
[2012/06/16 12:54:14 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\{493CE01D-CFB5-4590-9C08-F2D9FC2C603B}
[2012/06/15 19:33:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/06/15 19:33:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/06/15 19:27:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/15 19:27:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/15 19:27:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/15 19:27:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/15 19:27:03 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/15 19:27:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/15 19:27:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/15 19:21:00 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/06/15 19:20:59 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LSCSHostPolicy.dll
[2012/06/15 19:20:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExt ension.dll
[2012/06/15 19:20:57 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/06/15 19:20:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/06/15 19:20:56 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/06/15 19:20:56 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tssrvlic.dll
[2012/06/15 19:20:54 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/06/15 19:20:53 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/06/15 19:20:53 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/06/15 19:20:52 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/06/15 19:20:51 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012/06/15 19:20:49 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/06/15 19:20:49 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/06/15 19:20:49 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012/06/15 19:20:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/06/15 19:20:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/06/15 19:20:46 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012/06/15 19:20:45 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2012/06/15 19:20:43 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/06/15 19:20:41 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012/06/15 19:20:40 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/06/15 19:20:39 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012/06/15 19:20:39 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012/06/15 19:20:39 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012/06/15 19:20:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2012/06/15 19:20:37 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2012/06/15 19:20:37 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012/06/15 19:20:36 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012/06/15 19:20:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2012/06/15 19:20:35 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2012/06/15 19:20:35 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2012/06/15 19:20:33 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012/06/15 19:20:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/06/15 19:20:33 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2012/06/15 19:20:32 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/06/15 19:20:31 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2012/06/15 19:20:31 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2012/06/15 19:20:30 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012/06/15 19:20:30 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/06/15 19:20:29 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/06/15 19:20:29 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2012/06/15 19:20:29 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012/06/15 19:20:29 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/06/15 19:20:29 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/06/15 19:20:28 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012/06/15 19:20:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2012/06/15 19:20:27 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/06/15 19:20:27 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/06/15 19:20:27 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2012/06/15 19:20:27 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012/06/15 19:20:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2012/06/15 19:20:26 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2012/06/15 19:20:25 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2012/06/15 19:20:25 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/06/15 19:20:25 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2012/06/15 19:20:24 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2012/06/15 19:20:24 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012/06/15 19:20:24 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/06/15 19:20:24 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/06/15 19:20:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2012/06/15 19:20:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/06/15 19:20:23 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2012/06/15 19:20:22 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/06/15 19:20:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/06/15 19:20:22 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012/06/15 19:20:21 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/06/15 19:20:21 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012/06/15 19:20:21 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2012/06/15 19:20:21 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/06/15 19:20:21 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2012/06/15 19:20:20 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012/06/15 19:20:19 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/06/15 19:20:19 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012/06/15 19:20:19 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2012/06/15 19:20:19 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2012/06/15 19:20:19 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2012/06/15 19:20:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2012/06/15 19:20:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2012/06/15 19:20:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2012/06/15 19:20:16 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/06/15 19:20:15 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/06/15 19:20:15 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/06/15 19:20:15 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2012/06/15 19:20:15 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2012/06/15 19:20:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2012/06/15 19:20:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012/06/15 19:20:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2012/06/15 19:20:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012/06/15 19:20:14 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012/06/15 19:20:13 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/06/15 19:20:13 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012/06/15 19:20:13 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012/06/15 19:20:13 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2012/06/15 19:20:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/06/15 19:20:13 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/06/15 19:20:12 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012/06/15 19:20:12 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2012/06/15 19:20:12 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2012/06/15 19:20:12 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2012/06/15 19:20:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/06/15 19:20:11 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012/06/15 19:20:11 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2012/06/15 19:20:11 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2012/06/15 19:20:11 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2012/06/15 19:20:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/06/15 19:20:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/06/15 19:20:10 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2012/06/15 19:20:09 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2012/06/15 19:20:09 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012/06/15 19:20:08 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012/06/15 19:20:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2012/06/15 19:20:07 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/06/15 19:20:07 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2012/06/15 19:20:07 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2012/06/15 19:20:06 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2012/06/15 19:20:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2012/06/15 19:20:05 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2012/06/15 19:20:05 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012/06/15 19:20:05 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012/06/15 19:20:05 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2012/06/15 19:20:05 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/06/15 19:20:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012/06/15 19:20:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012/06/15 19:20:04 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012/06/15 19:20:04 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012/06/15 19:20:04 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012/06/15 19:20:04 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2012/06/15 19:20:04 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2012/06/15 19:20:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2012/06/15 19:20:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012/06/15 19:20:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012/06/15 19:20:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/06/15 19:20:03 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012/06/15 19:20:03 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2012/06/15 19:20:03 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/06/15 19:20:03 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/06/15 19:20:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012/06/15 19:20:02 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012/06/15 19:20:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012/06/15 19:20:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/06/15 19:20:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2012/06/15 19:20:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2012/06/15 19:20:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2012/06/15 19:20:00 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012/06/15 19:20:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012/06/15 19:20:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012/06/15 19:19:59 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012/06/15 19:19:59 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/06/15 19:19:59 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/06/15 19:19:59 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2012/06/15 19:19:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2012/06/15 19:19:58 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2012/06/15 19:19:57 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2012/06/15 19:19:57 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2012/06/15 19:19:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012/06/15 19:19:56 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2012/06/15 19:19:56 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2012/06/15 19:19:56 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2012/06/15 19:19:56 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2012/06/15 19:19:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/06/15 19:19:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2012/06/15 19:19:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012/06/15 19:19:55 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2012/06/15 19:19:55 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2012/06/15 19:19:55 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2012/06/15 19:19:55 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2012/06/15 19:19:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2012/06/15 19:19:54 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012/06/15 19:19:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2012/06/15 19:19:54 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2012/06/15 19:19:54 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012/06/15 19:19:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2012/06/15 19:19:54 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012/06/15 19:19:53 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2012/06/15 19:19:53 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012/06/15 19:19:53 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2012/06/15 19:19:53 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/06/15 19:19:53 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2012/06/15 19:19:52 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012/06/15 19:19:52 | 000,413,696 | ---- | C] (Microsoft Corporation) -

[lcyber]

[2012/06/15 19:20:31 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2012/06/15 19:20:30 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012/06/15 19:20:30 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/06/15 19:20:29 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/06/15 19:20:29 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2012/06/15 19:20:29 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012/06/15 19:20:29 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/06/15 19:20:29 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/06/15 19:20:28 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012/06/15 19:20:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2012/06/15 19:20:27 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/06/15 19:20:27 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/06/15 19:20:27 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2012/06/15 19:20:27 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012/06/15 19:20:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2012/06/15 19:20:26 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2012/06/15 19:20:25 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2012/06/15 19:20:25 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/06/15 19:20:25 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2012/06/15 19:20:24 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2012/06/15 19:20:24 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012/06/15 19:20:24 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/06/15 19:20:24 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/06/15 19:20:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2012/06/15 19:20:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/06/15 19:20:23 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2012/06/15 19:20:22 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/06/15 19:20:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/06/15 19:20:22 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012/06/15 19:20:21 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/06/15 19:20:21 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012/06/15 19:20:21 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2012/06/15 19:20:21 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/06/15 19:20:21 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2012/06/15 19:20:20 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012/06/15 19:20:19 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/06/15 19:20:19 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012/06/15 19:20:19 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2012/06/15 19:20:19 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2012/06/15 19:20:19 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2012/06/15 19:20:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2012/06/15 19:20:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2012/06/15 19:20:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2012/06/15 19:20:16 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/06/15 19:20:15 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/06/15 19:20:15 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/06/15 19:20:15 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2012/06/15 19:20:15 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2012/06/15 19:20:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2012/06/15 19:20:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012/06/15 19:20:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2012/06/15 19:20:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012/06/15 19:20:14 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012/06/15 19:20:13 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/06/15 19:20:13 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012/06/15 19:20:13 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012/06/15 19:20:13 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2012/06/15 19:20:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/06/15 19:20:13 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/06/15 19:20:12 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012/06/15 19:20:12 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2012/06/15 19:20:12 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2012/06/15 19:20:12 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2012/06/15 19:20:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/06/15 19:20:11 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012/06/15 19:20:11 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2012/06/15 19:20:11 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2012/06/15 19:20:11 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2012/06/15 19:20:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/06/15 19:20:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/06/15 19:20:10 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2012/06/15 19:20:09 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2012/06/15 19:20:09 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012/06/15 19:20:08 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012/06/15 19:20:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2012/06/15 19:20:07 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/06/15 19:20:07 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2012/06/15 19:20:07 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2012/06/15 19:20:06 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2012/06/15 19:20:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2012/06/15 19:20:05 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2012/06/15 19:20:05 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012/06/15 19:20:05 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012/06/15 19:20:05 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2012/06/15 19:20:05 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/06/15 19:20:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012/06/15 19:20:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012/06/15 19:20:04 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012/06/15 19:20:04 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012/06/15 19:20:04 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012/06/15 19:20:04 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2012/06/15 19:20:04 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2012/06/15 19:20:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2012/06/15 19:20:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012/06/15 19:20:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012/06/15 19:20:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/06/15 19:20:03 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012/06/15 19:20:03 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2012/06/15 19:20:03 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/06/15 19:20:03 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/06/15 19:20:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012/06/15 19:20:02 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012/06/15 19:20:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012/06/15 19:20:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/06/15 19:20:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2012/06/15 19:20:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2012/06/15 19:20:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2012/06/15 19:20:00 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012/06/15 19:20:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012/06/15 19:20:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012/06/15 19:19:59 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012/06/15 19:19:59 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/06/15 19:19:59 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/06/15 19:19:59 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2012/06/15 19:19:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2012/06/15 19:19:58 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2012/06/15 19:19:57 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2012/06/15 19:19:57 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2012/06/15 19:19:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012/06/15 19:19:56 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2012/06/15 19:19:56 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2012/06/15 19:19:56 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2012/06/15 19:19:56 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2012/06/15 19:19:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/06/15 19:19:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2012/06/15 19:19:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012/06/15 19:19:55 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2012/06/15 19:19:55 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2012/06/15 19:19:55 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2012/06/15 19:19:55 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2012/06/15 19:19:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2012/06/15 19:19:54 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012/06/15 19:19:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2012/06/15 19:19:54 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2012/06/15 19:19:54 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012/06/15 19:19:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2012/06/15 19:19:54 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012/06/15 19:19:53 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2012/06/15 19:19:53 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012/06/15 19:19:53 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2012/06/15 19:19:53 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/06/15 19:19:53 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2012/06/15 19:19:52 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012/06/15 19:19:52 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012/06/15 19:19:52 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2012/06/15 19:19:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2012/06/15 19:19:51 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012/06/15 19:19:51 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2012/06/15 19:19:51 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/06/15 19:19:50 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012/06/15 19:19:50 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012/06/15 19:19:50 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012/06/15 19:19:50 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/06/15 19:19:50 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2012/06/15 19:19:50 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2012/06/15 19:19:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2012/06/15 19:19:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012/06/15 19:19:49 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012/06/15 19:19:49 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012/06/15 19:19:49 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2012/06/15 19:19:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012/06/15 19:19:49 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012/06/15 19:19:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/06/15 19:19:49 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2012/06/15 19:19:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2012/06/15 19:19:48 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012/06/15 19:19:48 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2012/06/15 19:19:48 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2012/06/15 19:19:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/06/15 19:19:48 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012/06/15 19:19:47 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2012/06/15 19:19:47 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2012/06/15 19:19:47 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2012/06/15 19:19:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2012/06/15 19:19:46 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012/06/15 19:19:46 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2012/06/15 19:19:46 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2012/06/15 19:19:46 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012/06/15 19:19:46 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012/06/15 19:19:46 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2012/06/15 19:19:46 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2012/06/15 19:19:45 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012/06/15 19:19:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2012/06/15 19:19:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012/06/15 19:19:45 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2012/06/15 19:19:45 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012/06/15 19:19:45 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2012/06/15 19:19:45 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012/06/15 19:19:45 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012/06/15 19:19:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2012/06/15 19:19:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2012/06/15 19:19:44 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2012/06/15 19:19:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012/06/15 19:19:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012/06/15 19:19:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012/06/15 19:19:43 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012/06/15 19:19:43 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/06/15 19:19:43 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012/06/15 19:19:43 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2012/06/15 19:19:43 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2012/06/15 19:19:43 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2012/06/15 19:19:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2012/06/15 19:19:42 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2012/06/15 19:19:42 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2012/06/15 19:19:42 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2012/06/15 19:19:42 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012/06/15 19:19:42 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2012/06/15 19:19:41 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/06/15 19:19:41 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2012/06/15 19:19:41 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2012/06/15 19:19:41 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2012/06/15 19:19:40 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2012/06/15 19:19:40 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012/06/15 19:19:40 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012/06/15 19:19:40 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2012/06/15 19:19:40 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012/06/15 19:19:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2012/06/15 19:19:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2012/06/15 19:19:39 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2012/06/15 19:19:39 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012/06/15 19:19:39 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012/06/15 19:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2012/06/15 19:19:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dl l
[2012/06/15 19:19:39 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2012/06/15 19:19:38 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012/06/15 19:19:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2012/06/15 19:19:38 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2012/06/15 19:19:38 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2012/06/15 19:19:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2012/06/15 19:19:38 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012/06/15 19:19:37 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/06/15 19:19:37 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2012/06/15 19:19:37 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012/06/15 19:19:37 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2012/06/15 19:19:37 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2012/06/15 19:19:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/06/15 19:19:36 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012/06/15 19:19:36 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/06/15 19:19:36 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2012/06/15 19:19:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2012/06/15 19:19:36 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2012/06/15 19:19:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2012/06/15 19:19:35 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2012/06/15 19:19:35 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2012/06/15 19:19:35 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2012/06/15 19:19:35 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012/06/15 19:19:35 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012/06/15 19:19:35 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2012/06/15 19:19:34 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2012/06/15 19:19:34 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012/06/15 19:19:33 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012/06/15 19:19:33 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2012/06/15 19:19:33 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2012/06/15 19:19:33 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2012/06/15 19:19:33 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012/06/15 19:19:32 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2012/06/15 19:19:32 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2012/06/15 19:19:32 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2012/06/15 19:19:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2012/06/15 19:19:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/06/15 19:19:31 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012/06/15 19:19:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2012/06/15 19:19:31 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012/06/15 19:19:31 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/06/15 19:19:30 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2012/06/15 19:19:29 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012/06/15 19:19:29 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2012/06/15 19:19:29 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012/06/15 19:19:29 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/06/15 19:19:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2012/06/15 19:19:28 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012/06/15 19:19:28 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012/06/15 19:19:28 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2012/06/15 19:19:27 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2012/06/15 19:19:27 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.e xe
[2012/06/15 19:19:27 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2012/06/15 19:19:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2012/06/15 19:19:27 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2012/06/15 19:19:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2012/06/15 19:19:26 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2012/06/15 19:19:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2012/06/15 19:19:26 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2012/06/15 19:19:26 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2012/06/15 19:19:25 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/06/15 19:19:25 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/06/15 19:19:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012/06/15 19:19:25 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2012/06/15 19:19:24 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012/06/15 19:19:24 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2012/06/15 19:19:24 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/06/15 19:19:23 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2012/06/15 19:19:23 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/06/15 19:19:23 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2012/06/15 19:19:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2012/06/15 19:19:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012/06/15 19:19:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2012/06/15 19:19:22 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2012/06/15 19:19:22 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2012/06/15 19:19:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2012/06/15 19:19:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2012/06/15 19:19:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2012/06/15 19:19:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2012/06/15 19:19:21 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/06/15 19:19:21 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2012/06/15 19:19:21 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/06/15 19:19:21 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2012/06/15 19:19:21 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/06/15 19:19:21 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2012/06/15 19:19:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2012/06/15 19:19:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012/06/15 19:19:21 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2012/06/15 19:19:21 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012/06/15 19:19:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2012/06/15 19:19:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2012/06/15 19:19:20 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2012/06/15 19:19:20 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2012/06/15 19:19:20 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2012/06/15 19:19:20 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2012/06/15 19:19:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2012/06/15 19:19:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2012/06/15 19:19:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2012/06/15 19:19:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2012/06/15 19:19:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/06/15 19:19:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2012/06/15 19:19:19 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/06/15 19:19:19 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012/06/15 19:19:19 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2012/06/15 19:19:19 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012/06/15 19:19:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2012/06/15 19:19:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2012/06/15 19:19:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2012/06/15 19:19:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2012/06/15 19:19:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyCon trol.exe
[2012/06/15 19:19:18 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012/06/15 19:19:18 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2012/06/15 19:19:18 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2012/06/15 19:19:18 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012/06/15 19:19:18 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2012/06/15 19:19:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012/06/15 19:19:17 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/06/15 19:19:17 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2012/06/15 19:19:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2012/06/15 19:19:17 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2012/06/15 19:19:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2012/06/15 19:19:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2012/06/15 19:19:16 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2012/06/15 19:19:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2012/06/15 19:19:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2012/06/15 19:19:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012/06/15 19:19:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2012/06/15 19:19:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2012/06/15 19:19:15 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/06/15 19:19:15 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2012/06/15 19:19:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/06/15 19:19:15 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2012/06/15 19:19:15 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2012/06/15 19:19:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2012/06/15 19:19:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2012/06/15 19:19:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2012/06/15 19:19:15 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2012/06/15 19:19:14 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2012/06/15 19:19:14 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2012/06/15 19:19:14 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeHdCfg.exe
[2012/06/15 19:19:14 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2012/06/15 19:19:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2012/06/15 19:19:14 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2012/06/15 19:19:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll