TechSpot

Malware Problem

By cnuddeje
Mar 8, 2014
  1. I have Microsoft Security Essentials. It keeps show the same security threat, has me clean it, restarts the PC, and starts the process over. Here are my logs.



    alwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.07.09

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Cnudde :: MININT-7ERSP8L [administrator]

    3/8/2014 7:21:47 PM
    mbam-log-2014-03-08 (19-21-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222228
    Time elapsed: 10 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Cnudde\AppData\Local\Temp\Ms_Cleaner.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\Security Center Update - 1894872266.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\Security Center Update - 3243045706.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

    (end)
     
  2. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.45.2
    Run by Cnudde at 19:40:42 on 2014-03-08
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.3823 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = about:blank
    uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    uRun: [Google Update] "C:\Users\Cnudde\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [Dinee] C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    uRun: [Mameypivzynahie] C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Cnudde\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://webdeposit.ensenta.com/eztwainx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{237A3DF2-ED0D-4801-8447-173281B1CEB4} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{328AA78D-68C0-4EEE-BF6A-EC093F25A38B} : DHCPNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-14 55856]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-14 92160]
    R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-14 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 321064]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-26 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-2-14 151936]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-03-09 00:38:49 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D71DC50E-1637-4210-B615-7EAE20A4A7D8}\offreg.dll
    2014-03-08 17:59:44 167936 ----a-w- C:\Users\Cnudde\AppData\Local\gwdbuxtp.exe
    2014-03-08 14:10:42 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D71DC50E-1637-4210-B615-7EAE20A4A7D8}\mpengine.dll
    2014-03-08 14:04:20 114688 ----a-w- C:\Users\Cnudde\AppData\Local\vwwoksnn.exe
    2014-03-08 06:19:44 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Qipuiviz
    2014-03-08 02:11:56 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Pabifyu
    2014-03-07 22:14:31 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Xoofqyi
    2014-03-07 18:49:35 163840 ----a-w- C:\Users\Cnudde\AppData\Local\cucmivjm.exe
    2014-03-07 18:13:35 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Enohwaig
    2014-03-07 14:19:04 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Poazof
    2014-03-07 10:11:54 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Luilelyb
    2014-03-07 06:17:02 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Fyegur
    2014-03-07 04:41:20 163840 ----a-w- C:\Users\Cnudde\AppData\Local\dvogvatp.exe
    2014-03-07 04:39:31 -------- d-----w- C:\Users\Cnudde\AppData\Roaming\Picyisw
    2014-02-14 12:48:00 -------- d-----w- C:\Program Files\McAfee Security Scan
    .
    ==================== Find3M ====================
    .
    2014-02-21 16:57:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-21 16:57:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 19:41:41.02 ===============
     
  3. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/17/2011 8:28:49 PM
    System Uptime: 3/8/2014 7:37:27 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0C2KJT
    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 685 GiB total, 534.637 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 13.286 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: DW1525 (802.11n) WLAN PCIe Card
    Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&149856BC&0&00E4
    Manufacturer: Atheros Communications Inc.
    Name: DW1525 (802.11n) WLAN PCIe Card
    PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&149856BC&0&00E4
    Service: athr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Photoshop Elements 10
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 10
    Adobe Premiere Elements 10 Content
    Adobe Premiere Elements 10 Content 1
    Adobe Premiere Elements 10 Content 2
    Adobe Premiere Elements 10 Content 3
    Adobe Premiere Elements 10 HD Content 1
    Adobe Premiere Elements 10 HD Content 2
    Adobe Premiere Elements 10 HD Content 3
    Adobe Reader XI (11.0.06)
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bing Bar Platform
    Bonjour
    Brother MFL-Pro Suite MFC-7420
    CANON iMAGE GATEWAY MyCamera Download Plugin
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.10
    Canon Utilities EOS Utility
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    CopyTrans Suite Remove Only
    Coupon Printer for Windows
    CyberLink PowerDVD 9.5
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    Elements 10 Organizer
    Google Apps Migration For Microsoft Outlook® 2.3.12.34
    Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    iCloud
    Intel(R) Processor Graphics
    iTunes
    Java 7 Update 45
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    LeapFrog Connect
    LeapFrog Leapster Explorer Plugin
    LeapFrog Leapster2 Plugin
    LinkedIn Outlook Connector
    Malwarebytes Anti-Malware version 1.75.0.1300
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft PowerPoint Viewer
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal Seagate Edition
    PRE10STI64Installer
    PSE10 STI Installer
    Quicken 2009
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    Safari
    Seagate Manager Installer
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Sid Meier's Civilization IV: Beyond the Sword
    Sid Meier's Civilization IV: Colonization
    Sid Meier's Civilization V
    SmartSound Common Data
    SmartSound Premiere Elements 10 x64 Plugin
    SmartSound Sonicfire Pro 5
    Spelling Dictionaries Support For Adobe Reader 9
    Steam
    System Requirements Lab for Intel
    Unity Web Player
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/8/2014 9:11:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/8/2014 8:59:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/8/2014 7:37:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/8/2014 7:37:46 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    3/8/2014 7:37:44 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    3/8/2014 7:37:44 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    3/8/2014 7:35:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/8/2014 7:10:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/8/2014 7:08:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/8/2014 12:45:17 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    3/8/2014 12:45:17 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/7/2014 2:45:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/7/2014 2:26:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/6/2014 9:11:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    3/6/2014 8:53:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/6/2014 2:47:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/5/2014 9:22:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/4/2014 8:04:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/3/2014 8:00:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/2/2014 8:58:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    3/2/2014 8:58:34 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/2/2014 8:48:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/2/2014 3:00:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/1/2014 9:05:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    .
    ==== End Of File ===========================
     
  4. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    The "Potential Threat Details" from MSE is:

    PWS:Win32/Zbot.gen!AP


    Also get a request to inform Microsoft on two AppData files: I'll post shortly on those.
     
  5. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    C:\Users\Cnudde\Appdata\Roaming\Luilelyb\noiln.exe
    C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe

    MSE Keeps asking me to report these to Microsoft for them to determine if they are a security risk.
     
  6. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Just more fun:

    "Windows Security Center Service" will not start. I follow to the Services Manager to try and force it to start, but its not on the Services Manager list.

    Windows is not Automatically updating; my attempt to force an updates fails.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  8. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Thank you. I will re read and then follow those steps.

    I notice that the PC has not update to the SP 1. Should I manually download and install that?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No.
     
  10. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Okay, well, I started to install SP1 before finding your site and starting this thread. It's over an hour into it and about half way. Should I cancel it?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    In that case no.
     
  12. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    SP1 is now installed and I verified under the Control Panel. I'll start your instructions above.
     
  13. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Cnudde [Admin rights]
    Mode : Remove -- Date : 03/08/2014 22:46:02
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 4 ¤¤¤
    [SUSP PATH] peinci.exe -- C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe [-] -> KILLED [TermProc]
    [SUSP PATH] noiln.exe -- C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe [-] -> KILLED [TermProc]
    [SUSP PATH] noiln.exe -- C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe [-] -> KILLED [TermProc]
    [SUSP PATH] peinci.exe -- C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Dinee (C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Mameypivzynahie (C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-2633741134-1219916110-1491873213-1003\[...]\Run : Dinee (C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe [-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2633741134-1219916110-1491873213-1003\[...]\Run : Mameypivzynahie (C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe [-]) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3750528AS ATA Device +++++
    --- User ---
    [MBR] 70a16ca3138aff964c8da79730367f12
    [BSP] 7e7efa47082f4c70571a54b0b056de46 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 701402 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1436473344 | Size: 14000 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_03082014_224602.txt >>
    RKreport[0]_S_03082014_224533.txt
     
  14. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Okay,

    To create a system restore, it states I need to configure the drive first. "Create" is not highlighted yet.

    If I highly the C: it provides three options:

    1: Restore System Setting and previous versions of files
    2. Restore only previous versions of files
    3. Turn off System protection.

    Which option do I select?

    I'll do nothing until you so order.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Skip creating restore point for now.
     
  16. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Okay, moving on to MBAR.
     
  17. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.03.09.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Cnudde :: MININT-7ERSP8L [administrator]

    3/8/2014 11:10:15 PM
    mbar-log-2014-03-08 (23-10-15).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 242600
    Time elapsed: 14 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Cnudde\AppData\Local\vwwoksnn.exe (Trojan.Agent.EDW) -> Delete on reboot.

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  18. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 6231810048, free: 2827202560

    Downloaded database version: v2014.03.09.02
    Downloaded database version: v2014.02.20.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/08/2014 23:10:08
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\drivers\USBSTOR.SYS
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\usbccgp.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa800660d790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006a\
    Lower Device Object: 0xfffffa8007175b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa800660e790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000069\
    Lower Device Object: 0xfffffa80070c5b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800660f790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000068\
    Lower Device Object: 0xfffffa800693c760
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800695d790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000067\
    Lower Device Object: 0xfffffa8006f12060
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006492060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa80061ec060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006492060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006492b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006492060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80061ea580, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80061ec060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 25DD572F

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1436471296
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1436473344 Numsec = 28672000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa800695d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006606040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800695d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8006f12060, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa800660f790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800660d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800660f790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800693c760, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa800660e790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800660e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800660e790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80070c5b60, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa800660d790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800660f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800660d790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007175b60, DeviceName: \Device\0000006a\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: C:\Users\Cnudde\AppData\Local\vwwoksnn.exe --> [Trojan.Agent.EDW]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  19. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    MBAR required a restart after cleaning. Upon the PC starting, MSE once again gave me a security warning. I just closed it and ignored for now.


    Next???
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  21. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
    Ran by Cnudde (administrator) on MININT-7ERSP8L on 08-03-2014 23:39:20
    Running from C:\Users\Cnudde\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    () C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe
    () C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    (Dropbox, Inc.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    () C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    () C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    () C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [197928 2009-12-18] (Seagate LLC)
    HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Google Update] - C:\Users\Cnudde\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-17] (Google Inc.)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Mameypivzynahie] - C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe [282853 2011-11-09] ()
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dinee] - C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe [282176 2012-07-28] ()
    Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
    StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.ensenta.com/eztwainx.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
    Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR HomePage: about:blank
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
     
  22. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
    Ran by Cnudde at 2014-03-08 23:40:54
    Running from C:\Users\Cnudde\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
    AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
    Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 Content (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation)
    Bing Bar Platform (x32 Version: 6.3.2322.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
    CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
    CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
    Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
    Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
    Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.06 - Piriform)
    CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
    CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
    CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version: - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Google Apps Migration For Microsoft Outlook® 2.3.12.34 (HKLM-x32\...\{0C262D84-FFA4-4621-8ED7-41F8287369F5}) (Version: 2.3.12.34 - Google, Inc.)
    Google Apps Sync™ for Microsoft Outlook® 3.2.353.947 (HKLM-x32\...\{F92679BF-CA1F-4DD3-8269-A40A9AD873B1}) (Version: 3.2.353.947 - Google, Inc.)
    Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
    iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
    LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden
    LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
    LeapFrog Leapster2 Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
    LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft Antimalware (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Security Client (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    muvee Reveal Seagate Edition (HKLM-x32\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd)
    PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Both logs are incomplete.
    Redo.
     
  24. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
    Ran by Cnudde (administrator) on MININT-7ERSP8L on 08-03-2014 23:46:02
    Running from C:\Users\Cnudde\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Dropbox, Inc.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe
    () C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    () C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe
    () C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe
    () C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [197928 2009-12-18] (Seagate LLC)
    HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Google Update] - C:\Users\Cnudde\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-17] (Google Inc.)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Mameypivzynahie] - C:\Users\Cnudde\AppData\Roaming\Luilelyb\noiln.exe [282853 2011-11-09] ()
    HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dinee] - C:\Users\Cnudde\AppData\Roaming\Xoofqyi\peinci.exe [282176 2012-07-28] ()
    Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
    StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.ensenta.com/eztwainx.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
    Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR HomePage: about:blank
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Unity Player) - C:\Users\Cnudde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (Google Update) - C:\Users\Cnudde\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-29]
    CHR Extension: (Adblock Plus) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-02]
    CHR Extension: (Google Search) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-29]
    CHR Extension: (AdBlock) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2011-02-18]
    CHR Extension: (Google Wallet) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
    CHR Extension: (Live Sports) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2013-03-02]
    CHR Extension: (Gmail) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-29]
    CHR StartMenuInternet: Google Chrome - C:\Users\Cnudde\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
    S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-08 23:40 - 2014-03-08 23:41 - 00035603 _____ () C:\Users\Cnudde\Downloads\Addition.txt
    2014-03-08 23:39 - 2014-03-08 23:46 - 00015339 _____ () C:\Users\Cnudde\Downloads\FRST.txt
    2014-03-08 23:39 - 2014-03-08 23:46 - 00000000 ____D () C:\FRST
    2014-03-08 23:39 - 2014-03-08 23:39 - 02156544 _____ (Farbar) C:\Users\Cnudde\Downloads\FRST64.exe
    2014-03-08 23:19 - 2014-03-08 23:43 - 00000000 ____D () C:\Users\Cnudde\AppData\Local\CrashDumps
    2014-03-08 23:10 - 2014-03-08 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-03-08 23:10 - 2014-03-08 23:10 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-03-08 23:08 - 2014-03-08 23:26 - 00000000 ____D () C:\Users\Cnudde\Desktop\mbar
    2014-03-08 23:08 - 2014-03-08 23:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-03-08 23:05 - 2014-03-08 23:07 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Cnudde\Downloads\mbar-1.07.0.1009.exe
    2014-03-08 22:46 - 2014-03-08 22:46 - 00002715 _____ () C:\Users\Cnudde\Desktop\RKreport[0]_D_03082014_224602.txt
    2014-03-08 22:45 - 2014-03-08 22:45 - 00002572 _____ () C:\Users\Cnudde\Desktop\RKreport[0]_S_03082014_224533.txt
    2014-03-08 22:40 - 2014-03-08 22:47 - 00000000 ____D () C:\Users\Cnudde\Desktop\RK_Quarantine
    2014-03-08 22:40 - 2014-03-08 22:40 - 03819008 _____ () C:\Users\Cnudde\Downloads\RogueKiller.exe
    2014-03-08 22:15 - 2014-03-08 22:15 - 00000000 ____D () C:\Windows\system32\SPReview
    2014-03-08 21:07 - 2010-11-20 05:33 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-03-08 21:07 - 2010-11-20 05:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
    2014-03-08 21:07 - 2010-11-20 05:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
    2014-03-08 21:07 - 2010-11-20 05:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
    2014-03-08 21:07 - 2010-11-20 05:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
    2014-03-08 21:07 - 2010-11-20 05:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
    2014-03-08 21:07 - 2010-11-20 05:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
    2014-03-08 21:07 - 2010-11-20 05:26 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2014-03-08 21:07 - 2010-11-20 05:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
    2014-03-08 21:07 - 2010-11-20 05:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll
    2014-03-08 21:07 - 2010-11-20 05:24 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
    2014-03-08 21:07 - 2010-11-20 05:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
    2014-03-08 21:07 - 2010-11-20 05:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
    2014-03-08 21:07 - 2010-11-20 05:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
    2014-03-08 21:07 - 2010-11-20 05:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
    2014-03-08 21:07 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
    2014-03-08 21:07 - 2010-11-20 04:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
    2014-03-08 21:07 - 2010-11-20 04:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
    2014-03-08 21:07 - 2010-11-20 04:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
    2014-03-08 21:07 - 2010-11-20 04:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
    2014-03-08 21:07 - 2010-11-20 04:20 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-08 21:07 - 2010-11-20 04:20 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
    2014-03-08 21:07 - 2010-11-20 04:19 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
    2014-03-08 21:07 - 2010-11-20 04:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
    2014-03-08 21:07 - 2010-11-20 04:19 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iTVData.dll
    2014-03-08 21:07 - 2010-11-20 04:19 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
    2014-03-08 21:07 - 2010-11-20 04:19 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
    2014-03-08 21:07 - 2010-11-20 04:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
    2014-03-08 21:07 - 2010-11-20 04:17 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
    2014-03-08 21:07 - 2010-11-20 04:17 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
    2014-03-08 21:07 - 2010-11-20 04:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
    2014-03-08 21:07 - 2010-11-20 04:17 - 00098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
    2014-03-08 21:07 - 2010-11-20 04:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
    2014-03-08 21:07 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
    2014-03-08 21:07 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
    2014-03-08 21:07 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
    2014-03-08 21:07 - 2010-11-20 02:04 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
    2014-03-08 21:07 - 2010-11-04 17:58 - 00080720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-03-08 21:06 - 2010-11-20 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL
    2014-03-08 21:06 - 2010-11-20 05:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2014-03-08 21:06 - 2010-11-20 05:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2014-03-08 21:06 - 2010-11-20 05:33 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-03-08 21:06 - 2010-11-20 05:33 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-03-08 21:06 - 2010-11-20 05:33 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
    2014-03-08 21:06 - 2010-11-20 05:33 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
    2014-03-08 21:06 - 2010-11-20 05:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
    2014-03-08 21:06 - 2010-11-20 05:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
    2014-03-08 21:06 - 2010-11-20 05:33 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
    2014-03-08 21:06 - 2010-11-20 05:32 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-03-08 21:06 - 2010-11-20 05:32 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
    2014-03-08 21:06 - 2010-11-20 05:32 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
    2014-03-08 21:06 - 2010-11-20 05:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
    2014-03-08 21:06 - 2010-11-20 05:29 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2014-03-08 21:06 - 2010-11-20 05:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 02543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 01911808 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2014-03-08 21:06 - 2010-11-20 05:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2014-03-08 21:06 - 2010-11-20 05:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2014-03-08 21:06 - 2010-11-20 05:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2014-03-08 21:06 - 2010-11-20 05:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
    2014-03-08 21:06 - 2010-11-20 05:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\netutils.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\TRAPI.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-03-08 21:06 - 2010-11-20 05:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2014-03-08 21:06 - 2010-11-20 05:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll
    2014-03-08 21:06 - 2010-11-20 05:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\elsTrans.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
     
  25. cnuddeje

    cnuddeje TS Rookie Topic Starter Posts: 73

    2014-03-08 21:06 - 2010-11-20 05:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\CertPolEng.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
    2014-03-08 21:06 - 2010-11-20 05:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2014-03-08 21:06 - 2010-11-20 05:25 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-03-08 21:06 - 2010-11-20 05:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
    2014-03-08 21:06 - 2010-11-20 05:24 - 00899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
    2014-03-08 21:06 - 2010-11-20 05:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
    2014-03-08 21:06 - 2010-11-20 05:24 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
    2014-03-08 21:06 - 2010-11-20 05:24 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
    2014-03-08 21:06 - 2010-11-20 05:24 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2014-03-08 21:06 - 2010-11-20 05:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2014-03-08 21:06 - 2010-11-20 05:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
    2014-03-08 21:06 - 2010-11-20 05:24 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
    2014-03-08 21:06 - 2010-11-20 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
    2014-03-08 21:06 - 2010-11-20 05:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
    2014-03-08 21:06 - 2010-11-20 05:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
    2014-03-08 21:06 - 2010-11-20 05:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\choice.exe
    2014-03-08 21:06 - 2010-11-20 05:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
    2014-03-08 21:06 - 2010-11-20 05:15 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
    2014-03-08 21:06 - 2010-11-20 05:13 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
    2014-03-08 21:06 - 2010-11-20 05:02 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
    2014-03-08 21:06 - 2010-11-20 05:02 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
    2014-03-08 21:06 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
    2014-03-08 21:06 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
    2014-03-08 21:06 - 2010-11-20 05:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
    2014-03-08 21:06 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
    2014-03-08 21:06 - 2010-11-20 04:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-03-08 21:06 - 2010-11-20 04:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-03-08 21:06 - 2010-11-20 04:36 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
    2014-03-08 21:06 - 2010-11-20 04:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2014-03-08 21:06 - 2010-11-20 04:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2014-03-08 21:06 - 2010-11-20 04:21 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
    2014-03-08 21:06 - 2010-11-20 04:21 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
    2014-03-08 21:06 - 2010-11-20 04:20 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
    2014-03-08 21:06 - 2010-11-20 04:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 01698816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
    2014-03-08 21:06 - 2010-11-20 04:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 03727872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 01792000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 01003520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-03-08 21:06 - 2010-11-20 04:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
    2014-03-08 21:06 - 2010-11-20 04:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
    2014-03-08 21:06 - 2010-11-20 04:17 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
    2014-03-08 21:06 - 2010-11-20 04:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
    2014-03-08 21:06 - 2010-11-20 04:16 - 00878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
    2014-03-08 21:06 - 2010-11-20 04:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
    2014-03-08 21:06 - 2010-11-20 04:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
    2014-03-08 21:06 - 2010-11-20 04:16 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
    2014-03-08 21:06 - 2010-11-20 04:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
    2014-03-08 21:06 - 2010-11-20 04:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
    2014-03-08 21:06 - 2010-11-20 04:16 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
    2014-03-08 21:06 - 2010-11-20 04:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2014-03-08 21:06 - 2010-11-20 04:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
    2014-03-08 21:06 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
    2014-03-08 21:06 - 2010-11-20 04:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
    2014-03-08 21:06 - 2010-11-20 04:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2014-03-08 21:06 - 2010-11-20 04:00 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2014-03-08 21:06 - 2010-11-20 02:52 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
    2014-03-08 21:06 - 2010-11-20 02:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
    2014-03-08 21:06 - 2010-11-20 02:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
    2014-03-08 21:06 - 2010-11-20 02:43 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
    2014-03-08 21:06 - 2010-11-20 02:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
    2014-03-08 21:06 - 2010-11-20 02:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2014-03-08 21:06 - 2010-11-20 01:49 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-03-08 21:06 - 2010-11-20 01:25 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2014-03-08 21:06 - 2010-11-20 01:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
    2014-03-08 21:06 - 2010-11-04 18:20 - 00347904 _____ () C:\Windows\system32\systemsf.ebd
    2014-03-08 21:06 - 2010-11-04 17:58 - 00155472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-03-08 21:06 - 2010-11-04 17:57 - 00154960 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-03-08 21:05 - 2010-11-20 05:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
    2014-03-08 21:05 - 2010-11-20 05:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
    2014-03-08 21:05 - 2010-11-20 05:33 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
    2014-03-08 21:05 - 2010-11-20 05:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2014-03-08 21:05 - 2010-11-20 05:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
    2014-03-08 21:05 - 2010-11-20 05:33 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
    2014-03-08 21:05 - 2010-11-20 05:33 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2014-03-08 21:05 - 2010-11-20 05:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
    2014-03-08 21:05 - 2010-11-20 05:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
    2014-03-08 21:05 - 2010-11-20 05:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
    2014-03-08 21:05 - 2010-11-20 05:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
    2014-03-08 21:05 - 2010-11-20 05:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
    2014-03-08 21:05 - 2010-11-20 05:32 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2014-03-08 21:05 - 2010-11-20 05:29 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2014-03-08 21:05 - 2010-11-20 05:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 14633472 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
    2014-03-08 21:05 - 2010-11-20 05:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01219584 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
    2014-03-08 21:05 - 2010-11-20 05:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00781312 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00529408 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
    2014-03-08 21:05 - 2010-11-20 05:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00326144 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
    2014-03-08 21:05 - 2010-11-20 05:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceSyncProvider.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
    2014-03-08 21:05 - 2010-11-20 05:27 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL
    2014-03-08 21:05 - 2010-11-20 05:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\wdiasqmmodule.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\rdprefdrvapi.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2014-03-08 21:05 - 2010-11-20 05:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-03-08 21:05 - 2010-11-20 05:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2014-03-08 21:05 - 2010-11-20 05:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\iTVData.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
    2014-03-08 21:05 - 2010-11-20 05:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00116224 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL
    2014-03-08 21:05 - 2010-11-20 05:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\FXSMON.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz32.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
    2014-03-08 21:05 - 2010-11-20 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2014-03-08 21:05 - 2010-11-20 05:25 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
    2014-03-08 21:05 - 2010-11-20 05:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\bitsperf.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\BWUnpairElevated.dll
    2014-03-08 21:05 - 2010-11-20 05:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
    2014-03-08 21:05 - 2010-11-20 05:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
    2014-03-08 21:05 - 2010-11-20 05:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
    2014-03-08 21:05 - 2010-11-20 05:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
    2014-03-08 21:05 - 2010-11-20 05:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
    2014-03-08 21:05 - 2010-11-20 05:24 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
    2014-03-08 21:05 - 2010-11-20 05:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
    2014-03-08 21:05 - 2010-11-20 05:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
    2014-03-08 21:05 - 2010-11-20 05:24 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
    2014-03-08 21:05 - 2010-11-20 05:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
    2014-03-08 21:05 - 2010-11-20 05:24 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
    2014-03-08 21:05 - 2010-11-20 05:24 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
    2014-03-08 21:05 - 2010-11-20 05:24 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
    2014-03-08 21:05 - 2010-11-20 05:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...