Vista infected with Alureon.E - Please Help...

Hello there, my laptop somehow got the Alureon.E virus and I can't get rid of the thing. Ended up doing a complete system restore and starting fresh - it's still there. I followed the instructions in the "read this before Posting" thread and the three requested logs are below:

OTL logfile created on: 1/15/2012 6:49:48 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chuck\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.94% Memory free
8.15 Gb Paging File | 6.60 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.02 Gb Total Space | 147.47 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
Drive D: | 12.86 Gb Total Space | 2.45 Gb Free Space | 19.04% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 06:47:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chuck\Downloads\OTL.com
PRC - [2007/10/24 04:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 04:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/23 13:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/12 05:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/06/11 14:04:36 | 000,190,696 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil9d.exe


========== Modules (No Company Name) ==========

MOD - [2007/12/19 20:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 20:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 20:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 20:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/24 04:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/08/23 13:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/23 13:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/26 15:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 20:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 20:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 20:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 20:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/09/29 17:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/17 17:17:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/07/11 11:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/28 09:09:56 | 003,148,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/26 20:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 13:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 17:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/09 20:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57495BEF-56A4-4A6D-AEAE-A4DDEC69186A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPSproutv4.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPSproutv4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 06:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/15 06:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/15 06:19:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/15 06:09:27 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/15 06:09:27 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/15 05:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012/01/15 05:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/01/15 05:57:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/01/14 23:19:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2012/01/14 23:19:45 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2012/01/14 23:19:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2012/01/14 23:19:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2012/01/14 23:19:39 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2012/01/14 23:19:39 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2012/01/14 23:19:39 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2012/01/14 23:19:39 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2012/01/14 23:19:39 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2012/01/14 23:19:39 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2012/01/14 23:19:39 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2012/01/14 23:19:39 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2012/01/14 23:19:39 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2012/01/14 23:19:38 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2012/01/14 23:19:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2012/01/14 23:19:38 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2012/01/14 22:45:49 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Microsoft Help
[2012/01/14 22:36:02 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2012/01/14 22:36:02 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2012/01/14 22:36:00 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2012/01/14 22:36:00 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2012/01/14 22:36:00 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2012/01/14 22:35:59 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2012/01/14 22:16:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/14 22:16:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/14 22:16:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/14 22:16:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/14 22:16:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/14 22:16:44 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/14 22:16:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/14 22:16:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/14 22:16:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/14 22:16:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/14 22:16:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/14 22:16:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/14 22:16:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/14 22:16:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/14 22:16:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/14 22:16:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/14 22:16:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/14 22:16:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/14 22:16:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/14 22:16:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/14 22:16:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/14 22:16:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/14 22:16:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/14 22:16:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/14 22:16:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/14 22:16:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/14 22:16:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/14 22:16:42 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/01/14 22:16:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/14 22:16:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/14 22:16:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/14 22:16:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/14 22:16:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/14 22:16:40 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/14 22:16:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/14 22:16:39 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/14 22:16:39 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/14 22:16:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/14 22:16:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/14 22:16:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/14 22:16:39 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/14 22:16:39 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/01/14 22:16:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/14 22:16:39 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/14 22:16:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/14 22:16:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/14 22:16:39 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/14 22:16:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/14 22:16:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/14 22:16:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/14 22:16:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/14 22:16:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/14 22:16:38 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/14 22:16:38 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/14 22:16:38 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/14 22:16:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/14 22:16:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/14 22:16:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/14 22:16:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/14 22:16:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/14 22:16:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/14 22:16:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/14 22:16:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/14 22:16:37 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/14 22:16:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/14 22:16:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/14 22:16:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/14 22:16:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/14 22:16:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/14 22:16:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/14 22:16:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/14 22:16:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/14 22:16:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/14 22:16:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/14 22:15:20 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2012/01/14 22:15:20 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012/01/14 22:15:19 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/01/14 22:15:19 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2012/01/14 22:15:19 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2012/01/14 22:15:19 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012/01/14 22:15:19 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/01/14 22:15:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012/01/14 22:15:19 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/01/14 22:15:18 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/01/14 22:15:18 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012/01/14 22:15:18 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012/01/14 22:15:18 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/01/14 22:15:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2012/01/14 22:15:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2012/01/14 22:15:17 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012/01/14 22:15:17 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012/01/14 22:15:15 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/01/14 22:15:15 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/01/14 22:15:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/01/14 22:15:14 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/01/14 22:15:14 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/01/14 22:15:14 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2012/01/14 22:15:14 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/01/14 22:15:13 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2012/01/14 22:15:13 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2012/01/14 22:15:13 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012/01/14 22:15:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012/01/14 22:15:13 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/01/14 22:15:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2012/01/14 22:15:12 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012/01/14 22:15:12 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012/01/14 22:15:12 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012/01/14 22:15:12 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012/01/14 22:15:11 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/01/14 22:15:11 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/01/14 22:15:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/01/14 22:14:24 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012/01/14 22:14:24 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2012/01/14 22:14:24 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012/01/14 22:14:24 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2012/01/14 22:14:24 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2012/01/14 22:14:24 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2012/01/14 22:14:24 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2012/01/14 22:14:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2012/01/14 22:14:23 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2012/01/14 22:14:23 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2012/01/14 22:14:23 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2012/01/14 22:14:23 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2012/01/14 22:01:50 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/01/14 22:01:50 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/01/14 22:00:34 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/01/14 22:00:33 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/01/14 22:00:31 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/01/14 22:00:07 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2012/01/14 22:00:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2012/01/14 22:00:06 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2012/01/14 22:00:06 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/01/14 22:00:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2012/01/14 22:00:05 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/01/14 21:59:39 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/14 21:59:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/14 21:59:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/14 21:59:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/14 21:59:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/14 21:59:17 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/01/14 21:59:16 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/14 21:59:07 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/14 21:59:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/14 21:59:06 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/14 21:59:05 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/14 21:59:05 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/14 21:59:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/01/14 21:59:03 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2012/01/14 21:59:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/01/14 21:58:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/14 21:58:33 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/14 21:57:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/01/14 21:57:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/01/14 21:57:55 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/01/14 21:57:55 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/01/14 21:57:55 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/01/14 21:57:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/01/14 21:57:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/01/14 21:57:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax

[2012/01/14 21:32:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012/01/14 21:32:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012/01/14 21:32:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012/01/14 21:32:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012/01/14 21:32:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012/01/14 21:32:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012/01/14 16:33:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/14 15:17:17 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2012/01/14 15:17:16 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0007.dll
[2012/01/14 15:17:11 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCExt.dll
[2012/01/14 15:17:10 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FunctionDiscoveryFolder.dll
[2012/01/14 15:17:10 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FunctionDiscoveryFolder.dll
[2012/01/14 15:17:09 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0009.dll
[2012/01/14 15:17:05 | 002,280,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/01/14 15:17:05 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCExt.dll
[2012/01/14 15:17:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msstrc.dll
[2012/01/14 15:17:05 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/01/14 15:17:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmlfilter.dll
[2012/01/14 15:17:05 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2012/01/14 15:17:02 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/01/14 15:16:59 | 001,085,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz2.dll
[2012/01/14 15:16:59 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz2.dll
[2012/01/14 15:16:59 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WscEapPr.dll
[2012/01/14 15:16:59 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WscEapPr.dll
[2012/01/14 15:16:58 | 002,204,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/01/14 15:16:58 | 001,381,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2012/01/14 15:16:58 | 001,165,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2012/01/14 15:16:58 | 001,146,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2012/01/14 15:16:58 | 000,046,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardcpl.cpl
[2012/01/14 15:16:55 | 003,108,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/01/14 15:16:55 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/01/14 15:16:53 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2012/01/14 15:16:51 | 000,946,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavenge.dll
[2012/01/14 15:16:50 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys
[2012/01/14 15:16:48 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2012/01/14 15:16:46 | 003,263,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2012/01/14 15:16:45 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2012/01/14 15:16:45 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2012/01/14 15:16:44 | 001,418,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2012/01/14 15:16:43 | 002,715,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2012/01/14 15:16:43 | 001,185,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2012/01/14 15:16:43 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2012/01/14 15:16:43 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2012/01/14 15:16:42 | 002,506,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/01/14 15:16:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2012/01/14 15:16:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizui.dll
[2012/01/14 15:16:41 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2012/01/14 15:16:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spreview.exe
[2012/01/14 15:16:38 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2012/01/14 15:16:38 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdohlp.dll
[2012/01/14 15:16:38 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spinstall.exe
[2012/01/14 15:16:37 | 000,796,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/01/14 15:16:36 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2VDEC.DLL
[2012/01/14 15:16:35 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/01/14 15:16:35 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/01/14 15:16:35 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/01/14 15:16:35 | 000,223,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2012/01/14 15:16:35 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorPwdMgr.dll
[2012/01/14 15:16:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorPwdMgr.dll
[2012/01/14 15:16:33 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2012/01/14 15:16:32 | 002,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2012/01/14 15:16:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2VDEC.DLL
[2012/01/14 15:16:32 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2012/01/14 15:16:32 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/01/14 15:16:32 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\korwbrkr.dll
[2012/01/14 15:16:31 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2012/01/14 15:16:30 | 003,894,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2012/01/14 15:16:30 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/01/14 15:16:30 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2012/01/14 15:16:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2012/01/14 15:16:30 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2012/01/14 15:16:29 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2012/01/14 15:16:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2012/01/14 15:16:28 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sperror.dll
[2012/01/14 15:16:28 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sperror.dll
[2012/01/14 15:16:28 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2012/01/14 15:16:27 | 001,673,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeCPL.dll
[2012/01/14 15:16:27 | 001,019,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2012/01/14 15:16:27 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\P2PGraph.dll
[2012/01/14 15:16:25 | 001,259,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/01/14 15:16:25 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2012/01/14 15:16:24 | 001,925,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2012/01/14 15:16:24 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjet40.dll
[2012/01/14 15:16:24 | 000,164,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Storport.sys
[2012/01/14 15:16:23 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/01/14 15:16:23 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/01/14 15:16:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\compcln.exe
[2012/01/14 15:16:22 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2012/01/14 15:16:22 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2012/01/14 15:16:22 | 000,171,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2012/01/14 15:16:22 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorShell.dll
[2012/01/14 15:16:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBth.dll
[2012/01/14 15:16:21 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2012/01/14 15:16:21 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2012/01/14 15:16:21 | 001,065,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2012/01/14 15:16:21 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexch40.dll
[2012/01/14 15:16:21 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\P2PGraph.dll
[2012/01/14 15:16:20 | 003,079,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/01/14 15:16:20 | 000,967,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2012/01/14 15:16:20 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2012/01/14 15:16:19 | 001,658,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2012/01/14 15:16:18 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2012/01/14 15:16:18 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2012/01/14 15:16:18 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spoolss.dll
[2012/01/14 15:16:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingWizard.exe
[2012/01/14 15:16:18 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingWizard.exe
[2012/01/14 15:16:17 | 001,930,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2012/01/14 15:16:17 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2012/01/14 15:16:17 | 000,123,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2012/01/14 15:16:17 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBth.dll
[2012/01/14 15:16:16 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2012/01/14 15:16:15 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\milcore.dll
[2012/01/14 15:16:15 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2012/01/14 15:16:15 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spoolss.dll
[2012/01/14 15:16:14 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2012/01/14 15:16:14 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2012/01/14 15:16:14 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapimig.exe
[2012/01/14 15:16:14 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2012/01/14 15:16:13 | 002,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apds.dll
[2012/01/14 15:16:12 | 001,040,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2012/01/14 15:16:12 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpedit.dll
[2012/01/14 15:16:12 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpedit.dll
[2012/01/14 15:16:12 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comuid.dll
[2012/01/14 15:16:12 | 000,820,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2012/01/14 15:16:12 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2012/01/14 15:16:12 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp60.dll
[2012/01/14 15:16:12 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjtes40.dll
[2012/01/14 15:16:12 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2012/01/14 15:16:12 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwmi.dll
[2012/01/14 15:16:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Storprop.dll
[2012/01/14 15:16:11 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2012/01/14 15:16:11 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2012/01/14 15:16:11 | 000,620,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2012/01/14 15:16:11 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2012/01/14 15:16:11 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlhtml.dll
[2012/01/14 15:16:10 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2012/01/14 15:16:10 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtapi.dll
[2012/01/14 15:16:10 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstext40.dll
[2012/01/14 15:16:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationSettings.exe
[2012/01/14 15:16:10 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLC.dll
[2012/01/14 15:16:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayDriverLib.dll
[2012/01/14 15:16:10 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2012/01/14 15:16:09 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2012/01/14 15:16:09 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/01/14 15:16:09 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxbde40.dll
[2012/01/14 15:16:09 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2012/01/14 15:16:09 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexcl40.dll
[2012/01/14 15:16:09 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwmi.dll
[2012/01/14 15:16:08 | 001,681,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz.dll
[2012/01/14 15:16:08 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devmgr.dll
[2012/01/14 15:16:08 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnNetsh.dll
[2012/01/14 15:16:07 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2012/01/14 15:16:07 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetProjW.dll
[2012/01/14 15:16:07 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfp.dll
[2012/01/14 15:16:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingProxy.dll
[2012/01/14 15:16:07 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingProxy.dll
[2012/01/14 15:16:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBthProxy.dll
[2012/01/14 15:16:06 | 001,499,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2012/01/14 15:16:06 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/01/14 15:16:05 | 000,660,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/01/14 15:16:05 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrepl40.dll
[2012/01/14 15:16:05 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp60.dll
[2012/01/14 15:16:04 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2012/01/14 15:16:04 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2012/01/14 15:16:04 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2012/01/14 15:16:04 | 000,289,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2012/01/14 15:16:04 | 000,164,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2012/01/14 15:16:03 | 001,748,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2012/01/14 15:16:03 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCommDlg.dll
[2012/01/14 15:16:03 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2012/01/14 15:16:03 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2012/01/14 15:16:02 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/01/14 15:16:02 | 000,727,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtcprx.dll
[2012/01/14 15:16:01 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2012/01/14 15:16:01 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mspbde40.dll
[2012/01/14 15:16:00 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2012/01/14 15:16:00 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2012/01/14 15:16:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLUI.exe
[2012/01/14 15:15:59 | 000,380,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2012/01/14 15:15:59 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msltus40.dll
[2012/01/14 15:15:58 | 001,543,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2012/01/14 15:15:58 | 000,671,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2012/01/14 15:15:58 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd3x40.dll
[2012/01/14 15:15:57 | 001,394,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wercon.exe
[2012/01/14 15:15:57 | 000,935,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsecsnp.dll
[2012/01/14 15:15:57 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/01/14 15:15:57 | 000,581,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2012/01/14 15:15:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2012/01/14 15:15:57 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtapi.dll
[2012/01/14 15:15:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2012/01/14 15:15:56 | 002,272,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2012/01/14 15:15:56 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012/01/14 15:15:55 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCommDlg.dll
[2012/01/14 15:15:55 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/01/14 15:15:54 | 003,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2012/01/14 15:15:54 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2012/01/14 15:15:54 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnNetsh.dll
[2012/01/14 15:15:54 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propdefs.dll
[2012/01/14 15:15:53 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apds.dll
[2012/01/14 15:15:53 | 000,717,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2012/01/14 15:15:53 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswstr10.dll
[2012/01/14 15:15:53 | 000,264,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2012/01/14 15:15:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2012/01/14 15:15:52 | 001,114,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2012/01/14 15:15:52 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2012/01/14 15:15:52 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2012/01/14 15:15:51 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2012/01/14 15:15:51 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2012/01/14 15:15:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd2x40.dll
[2012/01/14 15:15:51 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2012/01/14 15:15:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2012/01/14 15:15:51 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2012/01/14 15:15:51 | 000,166,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/01/14 15:15:50 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtutil.exe
[2012/01/14 15:15:49 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\milcore.dll
[2012/01/14 15:15:49 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2012/01/14 15:15:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2012/01/14 15:15:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscb.dll
[2012/01/14 15:15:48 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2012/01/14 15:15:48 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2012/01/14 15:15:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtutil.exe
[2012/01/14 15:15:48 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2012/01/14 15:15:48 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2012/01/14 15:15:47 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2012/01/14 15:15:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2012/01/14 15:15:45 | 000,923,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2012/01/14 15:15:45 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devmgr.dll
[2012/01/14 15:15:45 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldpc.dll
[2012/01/14 15:15:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/01/14 15:15:45 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfp.dll
[2012/01/14 15:15:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtffilt.dll
[2012/01/14 15:15:45 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2012/01/14 15:15:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBthProxy.dll
[2012/01/14 15:15:44 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz.dll
[2012/01/14 15:15:44 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2012/01/14 15:15:44 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012/01/14 15:15:43 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2012/01/14 15:15:43 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2012/01/14 15:15:43 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2012/01/14 15:15:43 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi.dll
[2012/01/14 15:15:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2012/01/14 15:15:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2012/01/14 15:15:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2012/01/14 15:15:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reg.exe
[2012/01/14 15:15:43 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2012/01/14 15:15:42 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\brcpl.dll
[2012/01/14 15:15:42 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2012/01/14 15:15:42 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2012/01/14 15:15:42 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/01/14 15:15:42 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2012/01/14 15:15:42 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2012/01/14 15:15:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2012/01/14 15:15:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2012/01/14 15:15:41 | 001,234,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2012/01/14 15:15:41 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswdat10.dll
[2012/01/14 15:15:41 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2012/01/14 15:15:41 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2012/01/14 15:15:41 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2012/01/14 15:15:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjter40.dll
[2012/01/14 15:15:40 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2012/01/14 15:15:40 | 000,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnrollUI.dll
[2012/01/14 15:15:40 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2012/01/14 15:15:40 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2012/01/14 15:15:40 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2012/01/14 15:15:40 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offfilt.dll
[2012/01/14 15:15:40 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2012/01/14 15:15:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\reg.exe
[2012/01/14 15:15:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2012/01/14 15:15:39 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RelMon.dll
[2012/01/14 15:15:39 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2012/01/14 15:15:39 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2012/01/14 15:15:39 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2012/01/14 15:15:39 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2012/01/14 15:15:39 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fundisc.dll
[2012/01/14 15:15:39 | 000,123,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2012/01/14 15:15:39 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2012/01/14 15:15:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/01/14 15:15:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2012/01/14 15:15:38 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2012/01/14 15:15:38 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2012/01/14 15:15:38 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/01/14 15:15:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsldpc.dll
[2012/01/14 15:15:38 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpsetup.dll
[2012/01/14 15:15:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2012/01/14 15:15:37 | 001,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2012/01/14 15:15:37 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2012/01/14 15:15:37 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2012/01/14 15:15:37 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2012/01/14 15:15:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2012/01/14 15:15:37 | 000,034,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2012/01/14 15:15:36 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2012/01/14 15:15:36 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2012/01/14 15:15:36 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2012/01/14 15:15:36 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2012/01/14 15:15:35 | 001,035,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2012/01/14 15:15:35 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2012/01/14 15:15:35 | 000,785,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Utilman.exe
[2012/01/14 15:15:35 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2012/01/14 15:15:35 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi.dll
[2012/01/14 15:15:34 | 001,691,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\connect.dll
[2012/01/14 15:15:34 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2012/01/14 15:15:34 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2012/01/14 15:15:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2012/01/14 15:15:33 | 002,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2012/01/14 15:15:33 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2012/01/14 15:15:33 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/01/14 15:15:33 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2012/01/14 15:15:33 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2012/01/14 15:15:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/01/14 15:15:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2012/01/14 15:15:33 | 000,039,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2012/01/14 15:15:32 | 002,420,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2012/01/14 15:15:32 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnntfy.dll
[2012/01/14 15:15:32 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsound.dll
[2012/01/14 15:15:32 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2012/01/14 15:15:32 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2012/01/14 15:15:32 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2012/01/14 15:15:32 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2012/01/14 15:15:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spcmsg.dll
[2012/01/14 15:15:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spcmsg.dll
[2012/01/14 15:15:31 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pidgenx.dll
[2012/01/14 15:15:31 | 001,060,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2012/01/14 15:15:31 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2012/01/14 15:15:31 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsdyn.dll
[2012/01/14 15:15:31 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2012/01/14 15:15:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2012/01/14 15:15:30 | 001,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2012/01/14 15:15:30 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pidgenx.dll
[2012/01/14 15:15:30 | 000,911,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdlg.dll
[2012/01/14 15:15:30 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnrollUI.dll
[2012/01/14 15:15:30 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2012/01/14 15:15:30 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2012/01/14 15:15:29 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2012/01/14 15:15:29 | 001,676,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chsbrkr.dll
[2012/01/14 15:15:29 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2012/01/14 15:15:29 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2012/01/14 15:15:29 | 000,073,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2012/01/14 15:15:28 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2012/01/14 15:15:28 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comuid.dll
[2012/01/14 15:15:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2012/01/14 15:15:27 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2012/01/14 15:15:27 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2012/01/14 15:15:27 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2012/01/14 15:15:27 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2012/01/14 15:15:27 | 000,055,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSHED.DLL
[2012/01/14 15:15:27 | 000,049,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys
[2012/01/14 15:15:26 | 001,740,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2012/01/14 15:15:26 | 000,734,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2012/01/14 15:15:26 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2012/01/14 15:15:26 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2012/01/14 15:15:26 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasapi32.dll
[2012/01/14 15:15:26 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2012/01/14 15:15:26 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2012/01/14 15:15:26 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntmarta.dll
[2012/01/14 15:15:26 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2012/01/14 15:15:26 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpr.dll
[2012/01/14 15:15:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2012/01/14 15:15:25 | 001,891,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2012/01/14 15:15:25 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2012/01/14 15:15:25 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2012/01/14 15:15:25 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2012/01/14 15:15:25 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2012/01/14 15:15:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2012/01/14 15:15:24 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/01/14 15:15:24 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2012/01/14 15:15:24 | 001,444,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2012/01/14 15:15:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2012/01/14 15:15:24 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2012/01/14 15:15:24 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\audiodg.exe
[2012/01/14 15:15:24 | 000,029,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys
[2012/01/14 15:15:23 | 003,235,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2012/01/14 15:15:23 | 001,301,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2012/01/14 15:15:23 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2012/01/14 15:15:23 | 000,153,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2012/01/14 15:15:23 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2012/01/14 15:15:23 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powrprof.dll
[2012/01/14 15:15:23 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2012/01/14 15:15:23 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2012/01/14 15:15:22 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe
[2012/01/14 15:15:22 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RelMon.dll
[2012/01/14 15:15:22 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/01/14 15:15:21 | 001,882,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2012/01/14 15:15:21 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/01/14 15:15:20 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2012/01/14 15:15:20 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Utilman.exe
[2012/01/14 15:15:20 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2012/01/14 15:15:20 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2012/01/14 15:15:20 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2012/01/14 15:15:20 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2012/01/14 15:15:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2012/01/14 15:15:20 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authz.dll
[2012/01/14 15:15:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstlsapi.dll
[2012/01/14 15:15:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsepno.dll
[2012/01/14 15:15:19 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnntfy.dll
[2012/01/14 15:15:19 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2012/01/14 15:15:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2012/01/14 15:15:19 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2012/01/14 15:15:19 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2012/01/14 15:15:19 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsmsext.dll
[2012/01/14 15:15:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2012/01/14 15:15:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSTheme.exe
[2012/01/14 15:15:18 | 001,279,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2012/01/14 15:15:18 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2012/01/14 15:15:18 | 000,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2012/01/14 15:15:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2012/01/14 15:15:18 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2012/01/14 15:15:18 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/01/14 15:15:18 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\console.dll
[2012/01/14 15:15:18 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ulib.dll
[2012/01/14 15:15:17 | 001,110,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2012/01/14 15:15:17 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsecsnp.dll
[2012/01/14 15:15:17 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012/01/14 15:15:17 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2012/01/14 15:15:17 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2012/01/14 15:15:17 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/01/14 15:15:17 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscntfy.dll
[2012/01/14 15:15:17 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnpsetup.dll
[2012/01/14 15:15:17 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/01/14 15:15:17 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2012/01/14 15:15:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastapi.dll
[2012/01/14 15:15:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2012/01/14 15:15:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2012/01/14 15:15:16 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2012/01/14 15:15:16 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2012/01/14 15:15:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpcao.dll
[2012/01/14 15:15:16 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2012/01/14 15:15:16 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsdyn.dll
[2012/01/14 15:15:16 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2012/01/14 15:15:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2012/01/14 15:15:16 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2012/01/14 15:15:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceEject.exe
[2012/01/14 15:15:15 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2012/01/14 15:15:15 | 000,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcc.dll
[2012/01/14 15:15:15 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaui.dll
[2012/01/14 15:15:15 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2012/01/14 15:15:15 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll

[2012/01/14 15:15:15 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2012/01/14 15:15:15 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2012/01/14 15:15:15 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2012/01/14 15:15:15 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2012/01/14 15:15:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2012/01/14 15:15:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hdwwiz.exe
[2012/01/14 15:15:15 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msisip.dll
[2012/01/14 15:15:14 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2012/01/14 15:15:14 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\modemui.dll
[2012/01/14 15:15:14 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ulib.dll
[2012/01/14 15:15:14 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2012/01/14 15:15:14 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\feclient.dll
[2012/01/14 15:15:14 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2012/01/14 15:15:13 | 006,100,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chtbrkr.dll
[2012/01/14 15:15:13 | 002,680,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2012/01/14 15:15:13 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdlg.dll
[2012/01/14 15:15:13 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2012/01/14 15:15:13 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2012/01/14 15:15:13 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2012/01/14 15:15:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshext.dll
[2012/01/14 15:15:12 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2012/01/14 15:15:12 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2012/01/14 15:15:12 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpui.dll
[2012/01/14 15:15:12 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2012/01/14 15:15:12 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2012/01/14 15:15:12 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpmon.dll
[2012/01/14 15:15:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imm32.dll
[2012/01/14 15:15:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2012/01/14 15:15:12 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2012/01/14 15:15:11 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcc.dll
[2012/01/14 15:15:11 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/01/14 15:15:11 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2012/01/14 15:15:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2012/01/14 15:15:11 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2012/01/14 15:15:11 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2012/01/14 15:15:11 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstlsapi.dll
[2012/01/14 15:15:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dataclen.dll
[2012/01/14 15:15:11 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifmon.dll
[2012/01/14 15:15:10 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2012/01/14 15:15:10 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2012/01/14 15:15:10 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2012/01/14 15:15:10 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2012/01/14 15:15:10 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2012/01/14 15:15:10 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasplap.dll
[2012/01/14 15:15:10 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleprn.dll
[2012/01/14 15:15:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2012/01/14 15:15:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fc.exe
[2012/01/14 15:15:10 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2012/01/14 15:15:10 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2012/01/14 15:15:09 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2012/01/14 15:15:09 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2012/01/14 15:15:09 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2012/01/14 15:15:09 | 000,622,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2012/01/14 15:15:09 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thawbrkr.dll
[2012/01/14 15:15:09 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scksp.dll
[2012/01/14 15:15:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmmon32.exe
[2012/01/14 15:15:08 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2012/01/14 15:15:08 | 000,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2012/01/14 15:15:08 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pcaui.dll
[2012/01/14 15:15:08 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2012/01/14 15:15:08 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmci.dll
[2012/01/14 15:15:08 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscisvif.dll
[2012/01/14 15:15:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwinsat.dll
[2012/01/14 15:15:07 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2012/01/14 15:15:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2012/01/14 15:15:07 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2012/01/14 15:15:07 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2012/01/14 15:15:07 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2012/01/14 15:15:07 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2012/01/14 15:15:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rekeywiz.exe
[2012/01/14 15:15:07 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimtf.dll
[2012/01/14 15:15:06 | 002,575,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2012/01/14 15:15:06 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2012/01/14 15:15:06 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2012/01/14 15:15:06 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpcao.dll
[2012/01/14 15:15:06 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2012/01/14 15:15:06 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscandui.dll
[2012/01/14 15:15:06 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scksp.dll
[2012/01/14 15:15:06 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsutil.dll
[2012/01/14 15:15:06 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/01/14 15:15:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2012/01/14 15:15:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2012/01/14 15:15:06 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\feclient.dll
[2012/01/14 15:15:05 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2012/01/14 15:15:05 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2012/01/14 15:15:05 | 000,669,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaaut.dll
[2012/01/14 15:15:05 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2012/01/14 15:15:05 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsprop.dll
[2012/01/14 15:15:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleprn.dll
[2012/01/14 15:15:04 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscui.cpl
[2012/01/14 15:15:04 | 001,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2012/01/14 15:15:04 | 000,779,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2012/01/14 15:15:04 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapimig.exe
[2012/01/14 15:15:04 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2012/01/14 15:15:04 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2012/01/14 15:15:04 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2012/01/14 15:15:04 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2012/01/14 15:15:04 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2012/01/14 15:15:04 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2012/01/14 15:15:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rekeywiz.exe
[2012/01/14 15:15:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\whealogr.dll
[2012/01/14 15:15:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2012/01/14 15:15:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscisvif.dll
[2012/01/14 15:15:03 | 001,738,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscui.cpl
[2012/01/14 15:15:03 | 000,557,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2012/01/14 15:15:03 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2012/01/14 15:15:03 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2012/01/14 15:15:03 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certreq.exe
[2012/01/14 15:15:03 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hdwwiz.exe
[2012/01/14 15:15:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2012/01/14 15:15:02 | 003,341,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2012/01/14 15:15:02 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasgcw.dll
[2012/01/14 15:15:02 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2012/01/14 15:15:02 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasplap.dll
[2012/01/14 15:15:02 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2012/01/14 15:15:02 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2012/01/14 15:15:02 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2012/01/14 15:15:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2012/01/14 15:15:02 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSTheme.exe
[2012/01/14 15:15:02 | 000,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2012/01/14 15:15:01 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2012/01/14 15:15:01 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2012/01/14 15:15:01 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certreq.exe
[2012/01/14 15:15:01 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2012/01/14 15:15:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmon.dll
[2012/01/14 15:15:01 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2012/01/14 15:15:01 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conime.exe
[2012/01/14 15:15:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdWSD.dll
[2012/01/14 15:15:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmmon32.exe
[2012/01/14 15:15:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPutil.exe
[2012/01/14 15:15:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwinsat.dll
[2012/01/14 15:15:00 | 000,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2012/01/14 15:15:00 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmdial32.dll
[2012/01/14 15:15:00 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msutb.dll
[2012/01/14 15:15:00 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2012/01/14 15:15:00 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2012/01/14 15:15:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2012/01/14 15:15:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2012/01/14 15:15:00 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/01/14 15:15:00 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys
[2012/01/14 15:15:00 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\whealogr.dll
[2012/01/14 15:14:59 | 002,438,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oobefldr.dll
[2012/01/14 15:14:59 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2012/01/14 15:14:59 | 000,521,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmdial32.dll
[2012/01/14 15:14:59 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2012/01/14 15:14:59 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2012/01/14 15:14:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\conime.exe
[2012/01/14 15:14:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsCtfMonitor.dll
[2012/01/14 15:14:58 | 000,688,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2012/01/14 15:14:58 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2012/01/14 15:14:58 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaaut.dll
[2012/01/14 15:14:58 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2012/01/14 15:14:58 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2012/01/14 15:14:58 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2012/01/14 15:14:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlgpclnt.dll
[2012/01/14 15:14:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWSD.dll
[2012/01/14 15:14:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cipher.exe
[2012/01/14 15:14:57 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oobefldr.dll
[2012/01/14 15:14:57 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/01/14 15:14:57 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2012/01/14 15:14:57 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\softkbd.dll
[2012/01/14 15:14:57 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsprop.dll
[2012/01/14 15:14:57 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\l2nacp.dll
[2012/01/14 15:14:57 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2012/01/14 15:14:56 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2012/01/14 15:14:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\modemui.dll
[2012/01/14 15:14:56 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2012/01/14 15:14:56 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscandui.dll
[2012/01/14 15:14:56 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmontr.dll
[2012/01/14 15:14:56 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmontr.dll
[2012/01/14 15:14:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\btpanui.dll
[2012/01/14 15:14:56 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2012/01/14 15:14:55 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2012/01/14 15:14:55 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlgpclnt.dll
[2012/01/14 15:14:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2012/01/14 15:14:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2012/01/14 15:14:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NcdProp.dll
[2012/01/14 15:14:54 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2012/01/14 15:14:54 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2012/01/14 15:14:54 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2012/01/14 15:14:54 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2012/01/14 15:14:54 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2012/01/14 15:14:54 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDMon.dll
[2012/01/14 15:14:54 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsmsext.dll
[2012/01/14 15:14:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskmon.dll
[2012/01/14 15:14:54 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2012/01/14 15:14:53 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2012/01/14 15:14:53 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2012/01/14 15:14:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2012/01/14 15:14:53 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2012/01/14 15:14:53 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpresult.exe
[2012/01/14 15:14:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfui.dll
[2012/01/14 15:14:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2012/01/14 15:14:53 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cipher.exe
[2012/01/14 15:14:53 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifmon.dll
[2012/01/14 15:14:53 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\version.dll
[2012/01/14 15:14:52 | 000,946,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2012/01/14 15:14:52 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2012/01/14 15:14:52 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2012/01/14 15:14:52 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mdminst.dll
[2012/01/14 15:14:52 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2012/01/14 15:14:52 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2012/01/14 15:14:52 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logagent.exe
[2012/01/14 15:14:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sendmail.dll
[2012/01/14 15:14:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/01/14 15:14:51 | 000,403,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2012/01/14 15:14:51 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2012/01/14 15:14:51 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2012/01/14 15:14:51 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2012/01/14 15:14:51 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\softkbd.dll
[2012/01/14 15:14:51 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmsynth.dll
[2012/01/14 15:14:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfui.dll
[2012/01/14 15:14:51 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rshx32.dll
[2012/01/14 15:14:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdial.exe
[2012/01/14 15:14:50 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2012/01/14 15:14:50 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2012/01/14 15:14:50 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2012/01/14 15:14:50 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiapi.dll
[2012/01/14 15:14:50 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2012/01/14 15:14:50 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2012/01/14 15:14:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskadp.dll
[2012/01/14 15:14:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2012/01/14 15:14:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/01/14 15:14:49 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2012/01/14 15:14:49 | 000,116,736 | ---- | C] (Microsoft) -- C:\Windows\SysNative\SMBHelperClass.dll
[2012/01/14 15:14:49 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2012/01/14 15:14:49 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2012/01/14 15:14:49 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdSSDP.dll
[2012/01/14 15:14:49 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/01/14 15:14:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthci.dll
[2012/01/14 15:14:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fc.exe
[2012/01/14 15:14:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msisip.dll
[2012/01/14 15:14:48 | 002,247,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2012/01/14 15:14:48 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2012/01/14 15:14:48 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2012/01/14 15:14:48 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscntfy.dll
[2012/01/14 15:14:48 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2012/01/14 15:14:48 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2012/01/14 15:14:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmusic.dll
[2012/01/14 15:14:48 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys
[2012/01/14 15:14:48 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PNPXAssoc.dll
[2012/01/14 15:14:48 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdSSDP.dll
[2012/01/14 15:14:48 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2012/01/14 15:14:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\l2nacp.dll
[2012/01/14 15:14:48 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2012/01/14 15:14:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2012/01/14 15:14:48 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjint40.dll
[2012/01/14 15:14:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsCtfMonitor.dll
[2012/01/14 15:14:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CHxReadingStringIME.dll
[2012/01/14 15:14:47 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2012/01/14 15:14:47 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2012/01/14 15:14:47 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2012/01/14 15:14:47 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\SMBHelperClass.dll
[2012/01/14 15:14:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Storprop.dll
[2012/01/14 15:14:47 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2012/01/14 15:14:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2012/01/14 15:14:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2012/01/14 15:14:47 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthudtask.exe
[2012/01/14 15:14:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2012/01/14 15:14:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdial.exe
[2012/01/14 15:14:46 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2012/01/14 15:14:46 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll
[2012/01/14 15:14:46 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLLUA.exe
[2012/01/14 15:14:46 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2012/01/14 15:14:46 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll
[2012/01/14 15:14:46 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2012/01/14 15:14:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2012/01/14 15:14:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkitemfactory.dll
[2012/01/14 15:14:46 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2012/01/14 15:14:46 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcinst.dll
[2012/01/14 15:14:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcinst.dll
[2012/01/14 15:14:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipconfig.exe
[2012/01/14 15:14:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CHxReadingStringIME.dll
[2012/01/14 15:14:45 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2012/01/14 15:14:45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2012/01/14 15:14:45 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cbsra.exe
[2012/01/14 15:14:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsigd.dll
[2012/01/14 15:14:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2012/01/14 15:14:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2012/01/14 15:14:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2012/01/14 15:14:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2012/01/14 15:14:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcico.dll
[2012/01/14 15:14:44 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2012/01/14 15:14:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/01/14 15:14:44 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthudtask.exe
[2012/01/14 15:14:44 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NcdProp.dll
[2012/01/14 15:14:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpupdate.exe
[2012/01/14 15:14:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2012/01/14 15:14:43 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2012/01/14 15:14:43 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2012/01/14 15:14:43 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/01/14 15:14:43 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2012/01/14 15:14:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2012/01/14 15:14:43 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdmdbg.dll
[2012/01/14 15:14:43 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2012/01/14 15:14:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/01/14 15:14:42 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/01/14 15:14:41 | 000,068,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2012/01/14 15:14:41 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/01/14 15:14:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\f3ahvoas.dll
[2012/01/14 15:14:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\f3ahvoas.dll
[2012/01/14 15:14:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2012/01/14 15:14:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2012/01/14 15:14:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2012/01/14 15:14:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2012/01/14 15:13:58 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2012/01/14 15:13:57 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdscore.dll
[2012/01/14 15:13:57 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2012/01/14 15:13:53 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2012/01/14 14:56:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2012/01/14 14:56:54 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/01/14 14:56:54 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/01/14 14:56:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012/01/13 23:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/13 23:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/13 23:02:55 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/01/13 22:36:40 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2012/01/13 22:36:40 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2012/01/13 22:36:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2012/01/13 22:36:40 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2012/01/13 22:36:40 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2012/01/13 22:36:40 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2012/01/13 22:36:40 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2012/01/13 22:36:39 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2012/01/13 22:26:54 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2012/01/13 22:26:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2012/01/13 22:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2012/01/13 22:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2012/01/13 22:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/01/13 22:11:35 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/01/13 22:01:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2012/01/13 22:01:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2012/01/13 20:52:31 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinFXDocObj.exe
[2012/01/13 20:52:31 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2012/01/13 20:29:22 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\difxapi.dll
[2012/01/13 19:44:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2012/01/13 19:44:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2012/01/13 19:44:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2012/01/13 19:44:22 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2012/01/13 19:36:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012/01/13 19:36:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012/01/13 19:36:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012/01/13 19:36:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012/01/13 19:36:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012/01/13 19:36:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012/01/13 19:36:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012/01/13 19:36:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012/01/13 19:36:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012/01/13 19:36:20 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012/01/13 19:36:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012/01/13 19:36:15 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012/01/13 19:36:15 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012/01/13 19:36:15 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012/01/13 19:36:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012/01/13 19:36:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012/01/13 19:36:15 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012/01/13 19:36:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012/01/13 19:36:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012/01/13 19:36:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012/01/13 19:36:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012/01/13 19:36:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012/01/13 19:36:10 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012/01/13 19:36:10 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012/01/13 19:36:10 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012/01/13 19:36:10 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012/01/13 19:36:10 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012/01/13 19:36:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012/01/13 19:36:10 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012/01/13 19:36:10 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012/01/13 19:36:10 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012/01/13 19:36:10 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012/01/13 19:31:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/01/13 19:29:02 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\Chuck\Desktop\mseinstall.exe
[2012/01/13 19:20:24 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012/01/13 19:20:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012/01/13 19:20:09 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012/01/13 19:20:07 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012/01/13 19:20:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2012/01/13 19:20:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2012/01/13 19:20:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2012/01/13 19:20:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2012/01/13 19:20:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2012/01/13 19:20:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2012/01/13 19:20:04 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012/01/13 19:20:04 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012/01/13 19:18:59 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe
[2012/01/13 19:18:58 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2012/01/13 19:17:00 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2012/01/13 19:17:00 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2012/01/13 19:17:00 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NETSTAT.EXE
[2012/01/13 19:17:00 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2012/01/13 19:17:00 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ARP.EXE
[2012/01/13 19:17:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MRINFO.EXE
[2012/01/13 19:16:59 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ROUTE.EXE
[2012/01/13 19:16:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2012/01/13 19:16:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2012/01/13 19:16:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2012/01/13 19:16:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\finger.exe
[2012/01/13 19:16:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TCPSVCS.EXE
[2012/01/13 19:16:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HOSTNAME.EXE
[2012/01/13 19:16:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2012/01/13 19:16:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2012/01/13 19:16:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2012/01/13 19:16:29 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012/01/13 19:15:59 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2012/01/13 19:15:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2012/01/13 19:15:12 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2012/01/13 19:15:09 | 002,900,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2012/01/13 19:15:07 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2012/01/13 19:15:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2012/01/13 19:15:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2012/01/13 19:15:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2012/01/13 19:15:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2012/01/13 19:15:03 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avifil32.dll
[2012/01/13 19:15:03 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciavi32.dll
[2012/01/13 19:15:03 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2012/01/13 19:15:03 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2012/01/13 19:15:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avicap32.dll
[2012/01/13 19:15:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2012/01/13 19:15:01 | 000,772,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/01/13 19:15:01 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/01/13 19:14:51 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/01/13 19:14:51 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/01/13 19:14:42 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012/01/13 19:14:42 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012/01/13 19:14:40 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012/01/13 19:13:31 | 001,305,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2012/01/13 19:13:21 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/01/13 19:13:21 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/01/13 19:13:21 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/01/13 19:13:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/01/13 19:13:20 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/01/13 19:13:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/01/13 19:13:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2012/01/13 19:13:16 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/01/13 19:13:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2012/01/13 19:13:07 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2012/01/13 19:13:05 | 001,076,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/01/13 19:13:05 | 001,063,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/01/13 19:13:05 | 000,991,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/01/13 19:13:05 | 000,979,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/01/13 19:13:04 | 000,020,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/01/13 19:13:04 | 000,018,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/01/13 19:13:04 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/01/13 19:12:52 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/01/13 19:12:52 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/01/13 19:12:51 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/01/13 19:12:51 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll
[2012/01/13 19:12:51 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/01/13 19:12:51 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2012/01/13 19:12:45 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2012/01/13 19:12:45 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/01/13 19:12:45 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/01/13 19:12:45 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/01/13 19:12:45 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/01/13 19:12:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/01/13 19:12:45 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tscupgrd.exe
[2012/01/13 19:12:45 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tscupgrd.exe
[2012/01/13 19:12:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/01/13 19:12:44 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/01/13 19:12:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl.dll
[2012/01/13 19:12:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2012/01/13 19:12:15 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/01/13 19:12:14 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2012/01/13 19:12:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012/01/13 19:12:08 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012/01/13 19:12:07 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2012/01/13 19:12:07 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2012/01/13 19:12:03 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/01/13 19:12:03 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/01/13 19:11:56 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2012/01/13 19:11:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2012/01/13 19:11:55 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2012/01/13 19:11:55 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2012/01/13 19:11:55 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2012/01/13 19:11:55 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2012/01/13 19:11:54 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2012/01/13 19:11:54 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2012/01/13 19:11:54 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2012/01/13 19:11:53 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2012/01/13 19:11:53 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2012/01/13 19:11:53 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2012/01/13 19:11:53 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2012/01/13 19:11:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2012/01/13 19:11:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2012/01/13 19:11:52 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2012/01/13 19:11:52 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2012/01/13 19:11:39 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
[2012/01/13 19:11:39 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2012/01/13 19:11:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2012/01/13 19:11:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.tlb
[2012/01/13 19:11:35 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2012/01/13 19:11:35 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amcompat.tlb
[2012/01/13 19:11:32 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012/01/13 19:11:31 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012/01/13 19:11:22 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2012/01/13 19:11:22 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2012/01/13 19:11:22 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2012/01/13 19:11:22 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2012/01/13 19:11:21 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2012/01/13 19:08:33 | 001,360,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/01/13 19:08:32 | 001,398,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/01/13 19:08:32 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/01/13 19:08:32 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/01/13 19:03:03 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/01/13 19:03:02 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/01/13 19:03:02 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/01/13 19:03:02 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/01/13 19:03:02 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/01/13 19:03:02 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/01/13 19:00:56 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2012/01/13 19:00:56 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2012/01/13 19:00:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2012/01/13 19:00:55 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2012/01/13 19:00:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2012/01/13 19:00:55 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\L2SecHC.dll
[2012/01/13 19:00:55 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2012/01/13 19:00:55 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2012/01/13 19:00:55 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2012/01/13 19:00:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2012/01/13 18:59:28 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/01/13 18:59:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/01/13 18:59:28 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/01/13 18:59:26 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012/01/13 18:59:26 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012/01/13 18:58:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/01/13 18:58:14 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2012/01/13 18:58:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2012/01/13 18:48:14 | 000,057,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/01/13 18:48:14 | 000,043,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/01/13 18:48:13 | 002,621,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/01/13 18:48:03 | 000,700,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/01/13 18:48:03 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/01/13 18:48:03 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/01/13 18:48:03 | 000,038,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/01/13 18:48:02 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/01/13 18:48:02 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/01/13 17:47:49 | 000,185,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/01/13 17:47:49 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/01/13 17:47:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/01/13 17:47:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/01/13 17:44:29 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Symantec
[2012/01/13 17:44:13 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\QuickPlay
[2012/01/13 17:43:55 | 000,000,000 | R--D | C] -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/13 17:43:55 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Searches
[2012/01/13 17:43:55 | 000,000,000 | R--D | C] -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/13 17:43:47 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Identities
[2012/01/13 17:43:44 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Contacts
[2012/01/13 17:43:42 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\VirtualStore
[2012/01/13 17:42:36 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Macromedia
[2012/01/13 17:42:01 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Hewlett-Packard
[2012/01/13 17:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/01/13 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/01/13 17:40:22 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Downloaded Installations
[2012/01/13 17:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/01/13 17:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/01/13 17:37:11 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/01/13 17:37:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/01/13 17:37:10 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/01/13 17:37:10 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/01/13 17:37:09 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/01/13 17:37:09 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/01/13 17:37:08 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/01/13 17:37:08 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/01/13 17:37:07 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/01/13 17:37:07 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/01/13 17:37:02 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/01/13 17:37:02 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/01/13 17:36:59 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/01/13 17:36:59 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/01/13 17:36:59 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/01/13 17:36:59 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/01/13 17:36:58 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/01/13 17:36:58 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/01/13 17:36:57 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/01/13 17:36:57 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/01/13 17:36:56 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/01/13 17:36:56 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/01/13 17:36:55 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/01/13 17:36:55 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/01/13 17:36:54 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/01/13 17:36:54 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/01/13 17:36:53 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/01/13 17:36:53 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/01/13 17:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/01/13 17:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012/01/13 17:34:53 | 000,000,000 | --SD | C] -- C:\Users\Chuck\AppData\Roaming\Microsoft
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Videos
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Saved Games
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Pictures
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Music
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Links
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Favorites
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Downloads
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Documents
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\Desktop
[2012/01/13 17:34:53 | 000,000,000 | R--D | C] -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\AppData\Local\Temporary Internet Files
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Templates
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Start Menu
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\SendTo
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Recent
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\PrintHood
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\NetHood
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Documents\My Videos
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Documents\My Pictures
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Documents\My Music
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\My Documents
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Local Settings
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\AppData\Local\History
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Cookies
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\Application Data
[2012/01/13 17:34:53 | 000,000,000 | -HSD | C] -- C:\Users\Chuck\AppData\Local\Application Data
[2012/01/13 17:34:53 | 000,000,000 | -H-D | C] -- C:\Users\Chuck\AppData
[2012/01/13 17:34:53 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Temp
[2012/01/13 17:34:53 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Microsoft
[2012/01/13 17:34:53 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Media Center Programs
[2012/01/13 17:34:53 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2012/01/13 17:34:53 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012/01/13 17:31:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/15 06:48:38 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/15 06:48:38 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/15 06:48:38 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/15 06:42:23 | 000,000,285 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/01/15 06:41:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/15 06:41:54 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/15 06:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/15 06:41:05 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/15 06:02:28 | 000,000,973 | ---- | M] () -- C:\Users\Chuck\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/15 06:00:20 | 000,314,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/14 22:16:59 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/01/14 22:16:59 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/01/14 22:16:59 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/01/14 22:16:59 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/01/14 22:16:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/14 22:16:44 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/14 22:16:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/14 22:16:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/14 22:16:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/14 22:16:44 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/14 22:16:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/14 22:16:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/14 22:16:43 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/14 22:16:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/14 22:16:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/14 22:16:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/14 22:16:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/14 22:16:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/14 22:16:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/14 22:16:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/14 22:16:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/14 22:16:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/14 22:16:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/14 22:16:43 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/14 22:16:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/14 22:16:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/14 22:16:42 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/14 22:16:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/14 22:16:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/14 22:16:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/14 22:16:42 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/14 22:16:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/14 22:16:42 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/01/14 22:16:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/14 22:16:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/14 22:16:41 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/14 22:16:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/14 22:16:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/14 22:16:40 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/14 22:16:40 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/14 22:16:39 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/14 22:16:39 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/14 22:16:39 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/14 22:16:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/14 22:16:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/14 22:16:39 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/14 22:16:39 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/01/14 22:16:39 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/14 22:16:39 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/14 22:16:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/14 22:16:39 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/14 22:16:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/14 22:16:39 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/14 22:16:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/14 22:16:39 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/14 22:16:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/14 22:16:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/14 22:16:38 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/14 22:16:38 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/14 22:16:38 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/14 22:16:38 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/14 22:16:38 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/14 22:16:38 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/14 22:16:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/14 22:16:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/14 22:16:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/14 22:16:38 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/14 22:16:37 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/14 22:16:37 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/14 22:16:37 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/14 22:16:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/14 22:16:37 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/14 22:16:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/14 22:16:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/14 22:16:37 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/14 22:16:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/14 22:16:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/14 22:16:36 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/14 22:16:36 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/14 22:16:36 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/14 22:15:20 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2012/01/14 22:15:20 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012/01/14 22:15:19 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/01/14 22:15:19 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2012/01/14 22:15:19 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2012/01/14 22:15:19 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012/01/14 22:15:19 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/01/14 22:15:19 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012/01/14 22:15:19 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/01/14 22:15:18 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/01/14 22:15:18 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012/01/14 22:15:18 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012/01/14 22:15:18 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/01/14 22:15:18 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2012/01/14 22:15:18 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2012/01/14 22:15:17 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012/01/14 22:15:17 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012/01/14 22:15:15 | 000,834,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/01/14 22:15:15 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/01/14 22:15:15 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/01/14 22:15:14 | 002,002,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/01/14 22:15:14 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/01/14 22:15:14 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2012/01/14 22:15:14 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/01/14 22:15:13 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2012/01/14 22:15:13 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2012/01/14 22:15:13 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012/01/14 22:15:13 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012/01/14 22:15:13 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/01/14 22:15:13 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2012/01/14 22:15:12 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012/01/14 22:15:12 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012/01/14 22:15:12 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012/01/14 22:15:12 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012/01/14 22:15:11 | 001,653,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/01/14 22:15:11 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/01/14 22:15:11 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/01/14 22:14:26 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\dxgkrnl.sys.mui
[2012/01/14 22:14:24 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012/01/14 22:14:24 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2012/01/14 22:14:24 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012/01/14 22:14:24 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2012/01/14 22:14:24 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2012/01/14 22:14:24 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2012/01/14 22:14:24 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2012/01/14 22:14:24 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2012/01/14 22:14:23 | 001,209,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2012/01/14 22:14:23 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2012/01/14 22:14:23 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2012/01/14 22:14:23 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2012/01/13 23:05:58 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 23:05:10 | 000,040,564 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2012/01/13 22:52:32 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/13 22:20:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/01/13 21:09:53 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/01/13 19:29:29 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/01/13 19:29:14 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Chuck\Desktop\mseinstall.exe
[2012/01/13 17:43:37 | 000,000,081 | ---- | M] () -- C:\Windows\SysNative\LOG
[2012/01/13 17:43:36 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2012/01/13 17:41:48 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk
[2012/01/13 17:35:25 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8293BFM_E480831-004_4A_I30CC_SQuanta_V79.2E_F.58_T080616_WV3-1_L409_M4086_J250_7Intel_86FD_92.00_#120113_N10EC8136;80864229_(FE811UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/01/13 17:35:25 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8293BFM_E480831-004_4A_I30CC_SQuanta_V79.2E_F.58_T080616_WV3-1_L409_M4086_J250_7Intel_86FD_92.00_#120113_N10EC8136;80864229_(FE811UA#ABA)_XMOBILE_CN10_Z.MRK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 22:16:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/14 22:16:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/14 15:16:35 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2012/01/14 15:16:35 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/01/14 15:16:22 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/01/14 15:16:03 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2012/01/14 15:16:01 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2012/01/14 15:15:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012/01/14 15:15:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2012/01/14 15:15:56 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2012/01/14 15:15:35 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2012/01/14 15:15:32 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2012/01/14 15:15:32 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2012/01/14 15:15:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/01/14 15:15:05 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2012/01/14 15:15:05 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2012/01/14 15:14:43 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2012/01/14 15:14:43 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2012/01/14 15:14:39 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml
[2012/01/14 15:14:39 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml
[2012/01/13 23:05:58 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 23:05:33 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/13 23:02:31 | 000,040,564 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2012/01/13 22:52:32 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/13 22:20:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/01/13 22:11:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/01/13 22:08:36 | 000,000,979 | ---- | C] () -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/13 21:42:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012/01/13 21:42:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2012/01/13 21:42:31 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2012/01/13 21:42:31 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2012/01/13 21:09:53 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/01/13 19:36:12 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012/01/13 19:36:12 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012/01/13 19:36:12 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012/01/13 19:36:12 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012/01/13 19:36:12 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2012/01/13 19:36:12 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2012/01/13 19:28:03 | 4284,932,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/13 19:00:56 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2012/01/13 18:49:07 | 000,000,973 | ---- | C] () -- C:\Users\Chuck\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/13 17:44:01 | 000,000,949 | ---- | C] () -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/01/13 17:43:55 | 000,000,974 | ---- | C] () -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/13 17:43:44 | 000,000,915 | ---- | C] () -- C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/13 17:43:37 | 000,000,081 | ---- | C] () -- C:\Windows\SysNative\LOG
[2012/01/13 17:43:36 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2012/01/13 17:41:52 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/01/13 17:41:52 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk
[2012/01/13 17:41:48 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk
[2012/01/13 17:35:25 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8293BFM_E480831-004_4A_I30CC_SQuanta_V79.2E_F.58_T080616_WV3-1_L409_M4086_J250_7Intel_86FD_92.00_#120113_N10EC8136;80864229_(FE811UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/01/13 17:35:25 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8293BFM_E480831-004_4A_I30CC_SQuanta_V79.2E_F.58_T080616_WV3-1_L409_M4086_J250_7Intel_86FD_92.00_#120113_N10EC8136;80864229_(FE811UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/01/13 17:34:53 | 000,000,258 | ---- | C] () -- C:\Users\Chuck\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/13 17:34:53 | 000,000,240 | ---- | C] () -- C:\Users\Chuck\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2008/07/01 08:04:02 | 000,101,632 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/11 19:46:56 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2008/02/11 19:46:56 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2008/02/11 19:46:56 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/13 09:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2007/09/13 09:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/13 19:29:14 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Chuck\Desktop\mseinstall.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/07/01 08:01:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[2008/07/01 08:05:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2008/07/01 07:23:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AIM6
[2012/01/13 22:54:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2008/07/19 02:16:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2008/07/01 08:22:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\earthlink totalaccess
[2012/01/13 17:40:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2008/07/19 02:13:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2008/07/19 02:10:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2008/07/19 02:19:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2012/01/13 17:35:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HPQ
[2012/01/13 17:40:29 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2008/07/19 02:05:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/01/15 05:57:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2008/07/01 08:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/01/15 06:23:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/01/13 23:05:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/15 06:22:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/14 15:55:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2012/01/13 22:38:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2006/11/02 09:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/01/13 22:12:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2008/07/01 07:47:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2012/01/13 17:41:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2008/07/19 02:04:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 09:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2008/07/01 08:02:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sling Media
[2008/07/01 07:07:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2006/11/02 09:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2008/07/01 07:23:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Viewpoint
[2012/01/14 21:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 21:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 21:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/01/15 05:57:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/01/14 21:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 09:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/01/14 21:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2012/01/15 05:57:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/01/14 21:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2008/07/19 02:07:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinTV
[2012/01/13 23:02:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!


< MD5 for: AGP440.SYS >
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: DISK.SYS >
[2008/01/20 20:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\WINDOWS\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys
[2009/04/11 01:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\SysNative\drivers\disk.sys
[2009/04/11 01:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\WINDOWS\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_57d0967429abbfdc\disk.sys

< MD5 for: IASTOR.SYS >
[2007/09/29 17:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/09/29 17:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SWSetup\Drivers\ITM\Winall\Driver64\IaStor.sys
[2007/09/29 17:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\SysNative\drivers\iaStor.sys
[2007/09/29 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007/09/29 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SWSetup\Drivers\ITM\Winall\Driver\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 01:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 01:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012/01/14 22:16:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012/01/14 22:16:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012/01/14 22:16:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/01/14 22:16:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/01/14 22:16:44 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/01/14 22:16:38 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/01/14 22:16:38 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/01/14 22:16:38 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/01/14 22:16:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/01/14 22:16:44 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 1/15/2012 6:49:48 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chuck\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.94% Memory free
8.15 Gb Paging File | 6.60 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.02 Gb Total Space | 147.47 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
Drive D: | 12.86 Gb Total Space | 2.45 Gb Free Space | 19.04% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A5 21 09 6B 37 D3 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D120723-5136-48CA-96DD-3AA0347616D8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{70672B67-FCA5-4DD9-8F01-05D66B0D07D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{72A55953-E28F-4A25-9FFC-217077694905}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{929CCD75-A001-42C6-BC61-BA93B1A0E1FD}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{B62E7308-9C72-4671-98D8-88F53AE780F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C40944FD-E9FE-455B-890C-8664DA8942E1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{E04C2352-340B-4315-8886-BE73A3D7CA15}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{A348C751-0EFF-4B9D-8065-B5339BEFBE27}" = HP Help and Support
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 12:58:57 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2012 1:19:46 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2012 7:05:39 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2012 4:43:58 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2012 6:25:52 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2012 11:37:20 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2012 11:38:45 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2012 11:42:57 PM | Computer Name = Laptop | Source = ESENT | ID = 215
Description = WinMail (3332) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 1/14/2012 11:43:11 PM | Computer Name = Laptop | Source = ESENT | ID = 215
Description = WinMail (3576) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 1/15/2012 8:01:11 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/14/2012 5:55:28 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/14/2012 6:25:11 PM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =

Error - 1/14/2012 6:25:56 PM | Computer Name = Laptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/14/2012 6:35:38 PM | Computer Name = Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\;boot:_\\.\PHYSICALDRIVE0\Partition2
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%818 User:
NT AUTHORITY\SYSTEM Process Name: C:\WINDOWS\System32\svchost.exe Action: %%808 Action
Status: To finish removing malware and other potentially unwanted software, restart
the computer. To see how to finish removing malware and other potentially unwanted
software, see the support article on the Microsoft Security website. Error Code:
0x800704ec Error description: This program is blocked by group policy. For more
information, contact your system administrator. Signature Version: AV: 1.117.2898.0,
AS: 1.117.2898.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 1/14/2012 6:56:24 PM | Computer Name = Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.2898.0, AS: 1.117.2898.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0

Error - 1/14/2012 9:16:05 PM | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =

Error - 1/14/2012 9:16:22 PM | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =

Error - 1/14/2012 11:31:19 PM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =

Error - 1/14/2012 11:47:13 PM | Computer Name = Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\;boot:_\\.\PHYSICALDRIVE0\Partition2
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%818 User:
NT AUTHORITY\SYSTEM Process Name: C:\WINDOWS\System32\svchost.exe Action: %%808 Action
Status: To finish removing malware and other potentially unwanted software, restart
the computer. To see how to finish removing malware and other potentially unwanted
software, see the support article on the Microsoft Security website. Error Code:
0x800704ec Error description: This program is blocked by group policy. For more
information, contact your system administrator. Signature Version: AV: 1.117.2898.0,
AS: 1.117.2898.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 1/15/2012 12:08:00 AM | Computer Name = Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.2898.0, AS: 1.117.2898.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0


< End of report >

Results of screen317's Security Check version 0.99.30
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 2
Java version out of date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

Thanks in advance for your time, assistance, and expertise!!!

Bump please

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Sorry for the delay.

Ended up doing a complete system restore and starting fresh

What do mean? Do you do a re-format?

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************
Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Thanks for the quick reply!!:

Here is the new log:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-15 07:04:32
-----------------------------
07:04:32.327 OS Version: Windows x64 6.0.6002 Service Pack 2
07:04:32.327 Number of processors: 2 586 0xF0D
07:04:32.328 ComputerName: LAPTOP UserName: Chuck
07:04:34.114 Initialize success
07:05:11.402 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:05:11.406 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
07:05:11.423 Disk 0 MBR read successfully
07:05:11.427 Disk 0 MBR scan
07:05:11.432 Disk 0 unknown MBR code
07:05:11.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225302 MB offset 63
07:05:11.462 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13170 MB offset 461418930
07:05:11.478 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 488392065
07:05:11.485 Service scanning
07:05:12.161 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
07:05:12.761 Modules scanning
07:05:12.766 Disk 0 trace - called modules:
07:05:12.789 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
07:05:12.793 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a38760]
07:05:12.799 3 CLASSPNP.SYS[fffffa6000fd0c33] -> nt!IofCallDriver -> [0xfffffa8004b7e520]
07:05:12.804 5 acpi.sys[fffffa60008c4fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bb1050]
07:05:12.810 Scan finished successfully
07:05:23.131 Disk 0 MBR has been saved successfully to "C:\Users\Chuck\Desktop\MBR.dat"
07:05:23.218 The log file has been saved successfully to "C:\Users\Chuck\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-20 14:05:35
-----------------------------
14:05:35.380 OS Version: Windows x64 6.0.6002 Service Pack 2
14:05:35.380 Number of processors: 2 586 0xF0D
14:05:35.380 ComputerName: LAPTOP UserName: Chuck
14:05:38.484 Initialize success
14:07:12.279 AVAST engine defs: 12012000
14:07:35.227 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:07:35.243 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
14:07:35.289 Disk 0 MBR read successfully
14:07:35.289 Disk 0 MBR scan
14:07:35.305 Disk 0 unknown MBR code
14:07:35.305 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225302 MB offset 63
14:07:35.367 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13170 MB offset 461418930
14:07:35.414 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 488392065
14:07:35.445 Service scanning
14:07:36.085 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:07:36.709 Modules scanning
14:07:36.709 Disk 0 trace - called modules:
14:07:36.740 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
14:07:36.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006545670]
14:07:36.756 3 CLASSPNP.SYS[fffffa60011d2c33] -> nt!IofCallDriver -> [0xfffffa80053bb6a0]
14:07:36.756 5 acpi.sys[fffffa60008c9fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004b8f050]
14:07:38.175 AVAST engine scan C:\Windows
14:07:42.543 AVAST engine scan C:\Windows\system32
14:13:24.246 AVAST engine scan C:\Windows\system32\drivers
14:13:51.125 AVAST engine scan C:\Users\Chuck
14:17:51.328 AVAST engine scan C:\ProgramData
14:19:02.542 Scan finished successfully
14:22:39.210 Disk 0 MBR has been saved successfully to "C:\Users\Chuck\Desktop\MBR.dat"
14:22:39.210 The log file has been saved successfully to "C:\Users\Chuck\Desktop\aswMBR.txt"


Let me know what to do - THANKS!!!!!

Did you do a complete re-format or simply a System Restore?

I used the recovery partition (i think is what it's called) to return the computer to its original as purchased state. I accessed it thru control panel. Does that answer your question?

I guess that would be called a system restore...

my laptop somehow got the Alureon.E virus

What makes you think that you have this virus?

I guess that would be called a system restore....

No. A System Restore is when you restore you computer back a few days to before you made some changes that you didn't like.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click PCHelpForum.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

To answer your question as to what makes me think I have this virus - MSE is still finding it, but it cannot clean it. Here are the two logs:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: LAPTOP [administrator]

1/21/2012 3:11:29 PM
mbam-log-2012-01-21 (15-11-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 379601
Time elapsed: 1 hour(s), 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ComboFix 12-01-21.02 - Chuck 01/21/2012 16:27:42.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.1976 [GMT -6:00]
Running from: c:\users\Chuck\Desktop\PCHelpForum.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 23:01 . 2012-01-21 23:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A8FA8FA-0F83-4AF9-BECE-620A0A7F1C19}\offreg.dll
2012-01-21 22:35 . 2012-01-21 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-21 21:11 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A8FA8FA-0F83-4AF9-BECE-620A0A7F1C19}\mpengine.dll
2012-01-21 21:04 . 2012-01-21 21:04 -------- d-----w- c:\programdata\Malwarebytes
2012-01-21 21:04 . 2012-01-21 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-21 21:04 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 12:20 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-17 12:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-15 22:38 . 2012-01-15 22:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-15 12:22 . 2012-01-15 12:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-01-15 12:09 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 12:09 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 12:09 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 12:09 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 12:09 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 12:09 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-15 12:09 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-15 12:09 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-15 12:09 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-15 11:57 . 2012-01-15 11:57 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-01-15 11:57 . 2012-01-15 11:57 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-15 11:57 . 2012-01-15 11:57 -------- d-----w- c:\windows\SysWow64\spool
2012-01-15 04:36 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-15 04:36 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-01-15 04:36 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-15 04:36 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-15 04:36 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-01-15 04:35 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-01-15 04:15 . 2012-01-15 04:15 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-01-15 04:14 . 2012-01-15 04:14 3584 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-01-15 04:01 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-01-15 04:01 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-15 04:01 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-15 04:01 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-01-15 03:59 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-15 03:58 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-01-15 03:58 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-01-15 03:58 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-15 03:58 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-15 03:57 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-15 03:57 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-15 03:57 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-15 03:57 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-01-15 03:57 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-01-15 03:57 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-01-15 03:57 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-15 03:57 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\system32\ca-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\system32\eu-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\system32\vi-VN
2012-01-14 22:33 . 2012-01-14 22:33 -------- d-----w- c:\windows\system32\EventProviders
2012-01-14 21:48 . 2012-01-14 21:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-14 21:16 . 2009-04-11 07:11 397312 ----a-w- c:\windows\system32\WscEapPr.dll
2012-01-14 21:15 . 2009-04-11 07:15 380392 ----a-w- c:\windows\system32\ci.dll
2012-01-14 21:14 . 2009-04-11 07:11 74752 ----a-w- c:\windows\system32\wscsvc.dll
2012-01-14 21:13 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2012-01-14 21:13 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-01-14 21:13 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2012-01-14 21:13 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-01-14 21:13 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll
2012-01-14 21:13 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe
2012-01-14 21:13 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll
2012-01-14 20:57 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-01-14 20:56 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll
2012-01-14 20:56 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll
2012-01-14 20:56 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll
2012-01-14 20:56 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-01-14 20:56 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2012-01-14 11:08 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-14 05:22 . 2012-01-14 05:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EACE238-0330-41E6-A3F5-D43512314BE4}\gapaengine.dll
2012-01-14 05:19 . 2012-01-14 05:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC103DC5-E9C0-4A37-8DF1-E54967BE9F5C}\offreg.dll
2012-01-14 05:05 . 2012-01-14 05:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-14 05:05 . 2012-01-14 05:06 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-14 05:02 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-14 04:55 . 2012-01-14 04:55 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2012-01-14 04:36 . 2009-11-08 16:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-01-14 04:36 . 2009-11-08 16:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-01-14 04:36 . 2009-11-08 16:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-14 04:36 . 2009-11-08 16:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-01-14 04:36 . 2009-11-08 16:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-14 04:36 . 2009-11-08 16:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-01-14 04:36 . 2009-11-08 16:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-01-14 04:36 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-01-14 04:36 . 2009-11-08 16:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-14 04:36 . 2009-11-08 16:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-01-14 04:26 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-14 04:26 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2012-01-14 04:26 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-14 04:26 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2012-01-14 04:12 . 2012-01-14 04:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-14 04:11 . 2009-07-14 18:31 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-01-14 04:11 . 2009-07-14 18:18 654928 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-14 04:11 . 2009-07-14 18:18 42064 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-01-14 03:42 . 2008-05-27 04:59 18904 ----a-w- c:\windows\SysWow64\StructuredQuerySchemaTrivial.bin
2012-01-14 03:42 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-01-14 02:52 . 2009-01-08 01:20 537088 ----a-w- c:\program files\Internet Explorer\pdm.dll
2012-01-14 02:52 . 2009-01-08 01:20 358904 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2012-01-14 02:52 . 2009-01-08 01:20 355832 ----a-w- c:\program files (x86)\Internet Explorer\pdm.dll
2012-01-14 02:52 . 2009-01-08 01:20 265720 ----a-w- c:\program files (x86)\Internet Explorer\msdbg2.dll
2012-01-14 02:29 . 2006-11-10 22:25 525792 ----a-w- c:\windows\system32\difxapi.dll
2012-01-14 01:44 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll
2012-01-14 01:44 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2012-01-14 01:44 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll
2012-01-14 01:44 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll
2012-01-14 01:44 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys
2012-01-14 01:18 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-01-14 01:18 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-14 01:18 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2012-01-14 01:18 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2012-01-14 01:17 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll
2012-01-14 01:17 . 2009-08-14 14:10 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2012-01-14 01:17 . 2009-08-14 14:10 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-01-14 01:17 . 2009-08-14 14:10 23040 ----a-w- c:\windows\system32\ARP.EXE
2012-01-14 01:17 . 2009-08-14 13:49 27136 ----a-w- c:\windows\SysWow64\NETSTAT.EXE
2012-01-14 01:17 . 2009-08-14 13:48 105984 ----a-w- c:\windows\SysWow64\netiohlp.dll
2012-01-14 01:16 . 2009-08-14 14:10 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-01-14 01:16 . 2009-08-14 14:10 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2012-01-14 01:16 . 2009-08-14 14:10 11264 ----a-w- c:\windows\system32\finger.exe
2012-01-14 01:16 . 2009-08-14 14:10 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-01-14 01:16 . 2009-08-14 13:49 9728 ----a-w- c:\windows\SysWow64\TCPSVCS.EXE
2012-01-14 01:16 . 2009-08-14 13:49 17920 ----a-w- c:\windows\SysWow64\ROUTE.EXE
2012-01-14 01:16 . 2009-08-14 13:49 11264 ----a-w- c:\windows\SysWow64\MRINFO.EXE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-09 5429760]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
**************************************************************************
.
Completion time: 2012-01-21 17:13:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 23:13
.
Pre-Run: 149,891,264,512 bytes free
Post-Run: 150,183,657,472 bytes free
.
- - End Of File - - 04060A7F1E33A7E8815211B58BB04773

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Latest aswMBR scan result of C:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-21 20:25:13
-----------------------------
20:25:13.646 OS Version: Windows x64 6.0.6002 Service Pack 2
20:25:13.646 Number of processors: 2 586 0xF0D
20:25:13.646 ComputerName: LAPTOP UserName: Chuck
20:25:16.049 Initialize success
20:26:04.262 AVAST engine defs: 12012101
20:26:25.571 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:26:25.571 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
20:26:25.587 Disk 0 MBR read successfully
20:26:25.587 Disk 0 MBR scan
20:26:25.587 Disk 0 unknown MBR code
20:26:25.603 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225302 MB offset 63
20:26:25.634 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13170 MB offset 461418930
20:26:25.649 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 488392065
20:26:25.665 Service scanning
20:26:26.258 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:26:26.882 Modules scanning
20:26:26.882 Disk 0 trace - called modules:
20:26:26.929 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
20:26:26.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066e7790]
20:26:26.929 3 CLASSPNP.SYS[fffffa6000fc6c33] -> nt!IofCallDriver -> [0xfffffa8004b7d350]
20:26:26.944 5 acpi.sys[fffffa60008cbfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004baf050]
20:26:27.849 AVAST engine scan C:\
02:03:12.701 Scan finished successfully
06:11:35.037 Disk 0 MBR has been saved successfully to "C:\Users\Chuck\Desktop\MBR.dat"
06:11:35.146 The log file has been saved successfully to "C:\Users\Chuck\Desktop\aswMBR.txt"

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

It won't run - I downloaded it and every time I hit scan a window pops up that says Malware Finder has stopped working. I can only close or send information to microsoft from there. I clicked "details" of the problem and this is what was shown:

Files that help describe the problem:
C:\Users\Chuck\AppData\Local\temp\WERFC77.tmp.version.txt
C:\Users\Chuck\AppData\Local\temp\WERB95.tmp.appcompat.txt
C:\Users\Chuck\AppData\Local\temp\WERB96.tmp.mdmp

Let me know what to try next please... Thanks!

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
  
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
  
  
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    
  
  
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  
• When you have re-booted,and tell me how your computer is running now
  

First, I can't check the box next to "Running Processes" - it's grey (don't know if it scanned or not. The other two were already checked.

Results: no warnings, 336 hidden items found. Although these were all listed, none had checks next to them. I was manually able to check them all, but I decided not to do anything until I hear back from you. Should I check them and clean them or try something else? The Alureon.E is still showing up with MSE....

Thanks!

I can't check the box next to "Running Processes"

Just ensure that there is a checkmark there. Just leave that scanner for now.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Scan results said "no threats found" - MSE is still finding that Trojan:DOS/Alureon.E thing and can't get rid of it...

If you'd like me to erase the drive completely, I'm fine with that. This computer has no data on it and is used primarily for websurfing. Let me know and thanks again!

If you'd like me to erase the drive completely, I'm fine with that. This computer has no data on it and is used primarily for websurfing. Let me know and thanks again!.

The choice is totally yours to make. I can keep running scans and we may find the culprit in two days or it could be two weeks. Re-formating is an ideal option especially if you're sure you won't lose any data as you will be starting out with a fresh slate. Please let me know how you want to handle it.

If you could help me reformat, I'd be great with that, but I need some guidance - what I did last time didn't work properly (obviously! - Lol!)

To wipe the drive clean, re-format and reinstall the OS.

Questions:

1. Should I follow the instructions on the re-format link you sent?
2. My computer never came with an OS disk, only a separate hard drive used for recovery/restore - what should I do with that?
3. Do I need to figure out what drivers I need as shown in the link, or will my recovery partition have all that.

I guess what I'm asking for is a little more individualized instruction applicable to my system. Thanks!!!

How to run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.
2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".
3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots
4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".
5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

I did that. I get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Diagnostic Tool
Command Prompt
Recovery Manager

I went to Recovery Manager, then System Recovery, Then restore to original factory condition. I didn't do it again because that's what I did when I posted my original question a couple weeks ago - trojan was still present. Do I need to buy the CD from HP or can we try something else?

Do I need to buy the CD from HP or can we try something else?.

Let's try a few more scans first.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 146):
0x01C59000 \SystemRoot\system32\ntoskrnl.exe
0x01C13000 \SystemRoot\system32\hal.dll
0x00606000 \SystemRoot\system32\kdcom.dll
0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064B000 \SystemRoot\system32\PSHED.dll
0x0065F000 \SystemRoot\system32\CLFS.SYS
0x006BC000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008BC000 \SystemRoot\system32\drivers\acpi.sys
0x00912000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0091B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00925000 \SystemRoot\system32\drivers\pci.sys
0x00955000 \SystemRoot\System32\drivers\partmgr.sys
0x0096A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0096E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0097A000 \SystemRoot\system32\drivers\volmgr.sys
0x0098E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F4000 \SystemRoot\system32\drivers\intelide.sys
0x0076E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0077E000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B0A000 \SystemRoot\system32\drivers\atapi.sys
0x00B12000 \SystemRoot\system32\drivers\ataport.SYS
0x00B36000 \SystemRoot\system32\drivers\msahci.sys
0x00B40000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B87000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C0F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E03000 \SystemRoot\system32\drivers\ndis.sys
0x00C96000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE6000 \SystemRoot\system32\drivers\NETIO.SYS
0x01003000 \SystemRoot\System32\drivers\tcpip.sys
0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
0x013D9000 \SystemRoot\System32\Drivers\mup.sys
0x011A3000 \SystemRoot\System32\drivers\ecache.sys
0x013EB000 \SystemRoot\system32\drivers\disk.sys
0x011CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02310000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0231C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02325000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0232A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02333000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02404000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CEE000 \SystemRoot\System32\drivers\watchdog.sys
0x02CFE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D50000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03002000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x03494000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x034B9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x034CB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x034DB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x034FB000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x0350F000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03526000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0357D000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x03580000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03592000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0359A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x035B0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x035BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02EEF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x035CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x035CC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x035D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F42000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F7B000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D61000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x035F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DD3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02DEB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B5F000 \SystemRoot\system32\DRIVERS\ks.sys
0x02FF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02B93000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02BA3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02BEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E0E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05F3A000 \SystemRoot\system32\drivers\portcls.sys
0x05F75000 \SystemRoot\system32\drivers\drmk.sys
0x05F98000 \SystemRoot\system32\drivers\ksthunk.sys
0x06008000 \SystemRoot\system32\DRIVERS\smserial.sys
0x0613C000 \SystemRoot\system32\drivers\modem.sys
0x0614B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x06158000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x06189000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x06193000 \SystemRoot\System32\Drivers\Null.SYS
0x0619C000 \SystemRoot\System32\drivers\vga.sys
0x061AA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x061CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x061D8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x061E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x061EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05F9E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05FA7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05FC4000 \SystemRoot\system32\DRIVERS\smb.sys
0x02346000 \SystemRoot\system32\drivers\afd.sys
0x023B1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05FDF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x05FEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00D3F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00D5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05E00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00DA7000 \SystemRoot\System32\Drivers\dfsc.sys
0x02200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06402000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x06506000 \SystemRoot\System32\drivers\Dxapi.sys
0x06512000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x06525000 \SystemRoot\system32\drivers\luafv.sys
0x06547000 \SystemRoot\system32\drivers\spsys.sys
0x065E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0220E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x065F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02242000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0225A000 \SystemRoot\system32\drivers\HTTP.sys
0x00DC4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x00B9B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x00BB9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x00BD3000 \SystemRoot\system32\drivers\mrxdav.sys
0x00791000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x17205000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x1724E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x1726D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x1729F000 \SystemRoot\System32\DRIVERS\srv.sys
0x17332000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x17342000 \SystemRoot\system32\drivers\peauth.sys
0x022FD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x00DED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x007BA000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x007D2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x778D0000 \WINDOWS\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
548 C:\WINDOWS\System32\smss.exe
616 csrss.exe
652 C:\WINDOWS\System32\wininit.exe
672 csrss.exe
708 C:\WINDOWS\System32\services.exe
724 C:\WINDOWS\System32\lsass.exe
732 C:\WINDOWS\System32\lsm.exe
832 C:\WINDOWS\System32\winlogon.exe
908 C:\WINDOWS\System32\svchost.exe
968 C:\WINDOWS\System32\svchost.exe
1004 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
492 C:\WINDOWS\System32\svchost.exe
592 C:\WINDOWS\System32\svchost.exe
584 C:\WINDOWS\System32\svchost.exe
372 C:\WINDOWS\System32\audiodg.exe
660 C:\WINDOWS\System32\svchost.exe
1032 C:\WINDOWS\System32\SLsvc.exe
1096 C:\WINDOWS\System32\svchost.exe
1228 C:\WINDOWS\System32\svchost.exe
1404 C:\WINDOWS\System32\spoolsv.exe
1428 C:\WINDOWS\System32\svchost.exe
1652 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1948 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1996 C:\WINDOWS\System32\svchost.exe
2016 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
1820 C:\WINDOWS\System32\taskeng.exe
1876 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2156 C:\WINDOWS\System32\svchost.exe
2180 C:\WINDOWS\System32\SearchIndexer.exe
2252 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2484 C:\WINDOWS\System32\taskeng.exe
2604 C:\WINDOWS\System32\dwm.exe
2704 C:\WINDOWS\explorer.exe
2812 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
2848 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3008 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3020 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
3036 C:\WINDOWS\RAVCpl64.exe
3044 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2096 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2356 C:\WINDOWS\System32\igfxtray.exe
2536 C:\WINDOWS\System32\hkcmd.exe
2508 C:\WINDOWS\System32\igfxpers.exe
1308 C:\Program Files\Microsoft Security Client\msseces.exe
2760 C:\Program Files\Windows Sidebar\sidebar.exe
3056 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
3108 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
3136 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3148 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3160 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3236 C:\WINDOWS\System32\svchost.exe
3260 WmiPrvSE.exe
3332 C:\WINDOWS\System32\igfxsrvc.exe
3816 C:\WINDOWS\System32\svchost.exe
3856 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3456 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1344 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
4076 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2864 C:\WINDOWS\System32\SearchFilterHost.exe
2188 C:\WINDOWS\System32\SearchProtocolHost.exe
1452 dllhost.exe
3280 dllhost.exe
2204 C:\Users\Chuck\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`01636400 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

I'm going to check with my colleagues about this. I'll be back.

Ok - thanks!

Ok. Let's try this:

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

6. Next type FIXMBR

7. If it ask if you're sure you want to write a new MBR, answer 'Y'

8. Then type EXIT to reboot the machine.

9.With that done, please post back and let me know how things are now.

Done as directed - unfortunately, no difference. Any other ideas?

Please run the MBR check again and see if there's any change.

Latest Report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x01C1C000 \SystemRoot\system32\ntoskrnl.exe
0x02134000 \SystemRoot\system32\hal.dll
0x00609000 \SystemRoot\system32\kdcom.dll
0x00613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064E000 \SystemRoot\system32\PSHED.dll
0x00662000 \SystemRoot\system32\CLFS.SYS
0x006BF000 \SystemRoot\system32\CI.dll
0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008BE000 \SystemRoot\system32\drivers\acpi.sys
0x00914000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0091D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00927000 \SystemRoot\system32\drivers\pci.sys
0x00957000 \SystemRoot\System32\drivers\partmgr.sys
0x0096C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00970000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0097C000 \SystemRoot\system32\drivers\volmgr.sys
0x00990000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F6000 \SystemRoot\system32\drivers\intelide.sys
0x00771000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00781000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B10000 \SystemRoot\system32\drivers\atapi.sys
0x00B18000 \SystemRoot\system32\drivers\ataport.SYS
0x00B3C000 \SystemRoot\system32\drivers\msahci.sys
0x00B46000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B8D000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C04000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E07000 \SystemRoot\system32\drivers\ndis.sys
0x00C8B000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDB000 \SystemRoot\system32\drivers\NETIO.SYS
0x01009000 \SystemRoot\System32\drivers\tcpip.sys
0x0117D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138B000 \SystemRoot\system32\drivers\volsnap.sys
0x013CF000 \SystemRoot\System32\Drivers\spldr.sys
0x013D7000 \SystemRoot\System32\Drivers\mup.sys
0x011A9000 \SystemRoot\System32\drivers\ecache.sys
0x013E9000 \SystemRoot\system32\drivers\disk.sys
0x00FCA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02307000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02313000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0231C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02321000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0232A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02403000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE5000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D01000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D47000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0320A000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0369C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x036C1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x036D3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x036E3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03703000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03717000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x0372E000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03785000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x03788000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0379A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x037A2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x037B8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x037C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02EF8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x037D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x037D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x037E0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F4B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F84000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FE1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D58000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02FEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D7B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DAC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DBC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02B5E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B71000 \SystemRoot\system32\DRIVERS\ks.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02BB5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02DF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0233D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06002000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0612E000 \SystemRoot\system32\drivers\portcls.sys
0x06169000 \SystemRoot\system32\drivers\drmk.sys
0x0618C000 \SystemRoot\system32\drivers\ksthunk.sys
0x06208000 \SystemRoot\system32\DRIVERS\smserial.sys
0x0633C000 \SystemRoot\system32\drivers\modem.sys
0x0634B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x06358000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x06389000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x06393000 \SystemRoot\System32\Drivers\Null.SYS
0x0639C000 \SystemRoot\System32\drivers\vga.sys
0x063AA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x063CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x063D8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x063E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x063EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x06192000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0619B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x061B8000 \SystemRoot\system32\DRIVERS\smb.sys
0x02351000 \SystemRoot\system32\drivers\afd.sys
0x023BC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x061D3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x061DE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x011E3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00D34000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03200000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x011F2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x00D4F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x00D9C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00DA8000 \SystemRoot\System32\Drivers\dfsc.sys
0x02200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06609000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0670D000 \SystemRoot\System32\drivers\Dxapi.sys
0x06719000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x0672C000 \SystemRoot\system32\drivers\luafv.sys
0x0674E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06762000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06796000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x067A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0220E000 \SystemRoot\system32\drivers\spsys.sys
0x17609000 \SystemRoot\system32\drivers\HTTP.sys
0x176AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x176D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x176F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x1770D000 \SystemRoot\system32\drivers\mrxdav.sys
0x17734000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x1775D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x177A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x177C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x17805000 \SystemRoot\System32\DRIVERS\srv.sys
0x17898000 \SystemRoot\system32\drivers\peauth.sys
0x1794E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x17959000 \SystemRoot\System32\drivers\tcpipreg.sys
0x17969000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x17981000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x772F0000 \WINDOWS\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
532 C:\WINDOWS\System32\smss.exe
616 csrss.exe
652 C:\WINDOWS\System32\wininit.exe
672 csrss.exe
708 C:\WINDOWS\System32\winlogon.exe
748 C:\WINDOWS\System32\services.exe
760 C:\WINDOWS\System32\lsass.exe
768 C:\WINDOWS\System32\lsm.exe
940 C:\WINDOWS\System32\svchost.exe
1000 C:\WINDOWS\System32\svchost.exe
232 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
576 C:\WINDOWS\System32\svchost.exe
604 C:\WINDOWS\System32\svchost.exe
660 C:\WINDOWS\System32\svchost.exe
1036 C:\WINDOWS\System32\audiodg.exe
1056 C:\WINDOWS\System32\svchost.exe
1072 C:\WINDOWS\System32\SLsvc.exe
1120 C:\WINDOWS\System32\svchost.exe
1224 C:\WINDOWS\System32\svchost.exe
1532 C:\WINDOWS\System32\spoolsv.exe
1568 C:\WINDOWS\System32\svchost.exe
1768 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1812 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1976 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2036 C:\WINDOWS\System32\svchost.exe
1136 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2180 C:\WINDOWS\System32\taskeng.exe
2228 C:\WINDOWS\System32\dwm.exe
2248 C:\WINDOWS\explorer.exe
2328 C:\WINDOWS\System32\taskeng.exe
2548 MpCmdRun.exe
2624 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2632 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2648 C:\WINDOWS\RAVCpl64.exe
2660 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2768 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2796 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2804 C:\WINDOWS\System32\igfxtray.exe
2848 C:\WINDOWS\System32\svchost.exe
2892 C:\WINDOWS\System32\SearchIndexer.exe
2948 C:\WINDOWS\System32\hkcmd.exe
2956 C:\WINDOWS\System32\igfxpers.exe
2968 C:\Program Files\Microsoft Security Client\msseces.exe
2976 C:\Program Files\Windows Sidebar\sidebar.exe
2996 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3016 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2464 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
2536 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
2532 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
1152 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
2756 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2020 WmiPrvSE.exe
1328 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2096 C:\WINDOWS\System32\igfxsrvc.exe
2748 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
2132 WmiPrvSE.exe
3180 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3216 C:\WINDOWS\System32\svchost.exe
3660 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3836 C:\WINDOWS\System32\svchost.exe
2440 dllhost.exe
3848 dllhost.exe
3352 C:\Users\Chuck\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`01636400 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Thanks so much for your time and assistance with this problem, but the wife insisted that I get recovery disks and erase the computer to start from scratch. I did what she wanted and everything's fine now. Whatever that Alureon.E was, it was a pain to remove. One last question - what's your suggestion for free internet/virus security so this doesn't happen again? Thanks so much for your time and help again....

I'm sorry it had to come to that but as the saying goes; "happy wife, happy life". Here's some advice.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**************************************************
Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Superdave wrote:

I'm sorry it had to come to that. Here's some advice.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**************************************************
Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.