Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP DOJ Hijack


  • This topic is locked This topic is locked
18 replies to this topic

#1 JohnStaton

JohnStaton

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 10 August 2014 - 10:52 PM

I'm fixing a computer for a family member. It's a Dell desktop running Windows XP Pro. I can't get anything to run in normal mode as expected with this virus. I've even tried Hitman Pro kickstart and it hasn't worked either. None of the current online tutorials are working because I can't even get the unit to work in safe mode. In Safe Mode w/networking and w/cmd prompt it reboots on agpcpq.sys. They can't have the unit reformatted because they use an ancient version of Sage and don't have the modules to reinstall it all. the version of the DOJ Ransomware I have looks just like this.

 united-states-department-of-justice-viru

I am able to hook up the drive to my desktop however Malwarebytes, Microsoft Security Essentials, Stopzilla & Spyhunter were unable to find anything. Please help.



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 11 August 2014 - 07:36 AM

Hi JohnStaton,

 

Do you have your Windows CD?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 JohnStaton

JohnStaton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 11 August 2014 - 09:03 AM

Yes.

#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 11 August 2014 - 10:12 AM

Hi JohnStaton,
 
Long post ahead, but hopefully this will help me get you back to boot properly. You may want to print this for easier reference, so you have an idea of the process.
 
You will need the following:
1. A Clean computer with a CD Burner
2. Windows XP CD
3. Blank CD
4. USB pen drive
 
Please follow the steps below. If you are unable to create the UBCD4WIN, please provide any error messages, and/or what step you cannot follow.
 
Phase I - Creating the ISO file
 
1. Please select a mirror and download the Ultimate Boot CD for Windows to the Desktop

  • Double-Click on the UBCD4Win.exe file downloaded to the Desktop.
  • Follow all of its instructions/prompts

Note: Do not install to a folder with spaces in it's name. It is best to use the default name C:\UBCD4Win
Note: Your Antivirus may report viruses or trojans when you extract UBCD4Win. These are False-Positives.
Read here for information regarding the files that normally trigger AV software.

  • At the very end, uncheck: Run UBCD4WinBuilder.exe when installation is complete
  • Click: Finish

2. Insert your XP CD with SP1/SP2/SP3 into a CD ROM drive

  • Open My Computer, and navigate to: C:\ubcd4win
  • Double-click on UBCD4WinBuilder.exe
  • Click I Agree to the UBCD4Win PE Builder License
  • Select No when prompted to Search for Windows installation files
  • For Source: click on the ellipsis (...), then click on the drive with your Windows XP CD, press OK
  • For Custom: no information is necessary, leave blank
  • For Output: keep the default BartPE
  • For Media output select Create ISO image: (enter filename)

Note: Leave the default filename and path as well (C:\UBCD4Win\UBCD4WinBuilder.iso). If you change it make sure it is
 a folder without spaces in the name.

  • Note: If your XP install disc is SP1 then please click the Plugins button and modify the following options:

Click on each option, then click Enable/Disable so the correct value is displayed.
 
Disabled - !Critical: DComLaunch Service [Building with XP SP1-DISABLE]
Enabled - !Critical: LargeIDE Fix (KB331958) [Building with XP SP1-ENABLE]

3. Click on the Build button.

  • When you see the Windows EULA message. Click on I Agree
  • At the Build Screen, let it run its course.
  • When the Build is finished, click close, then exit.

4. Burn your ISO file to CD

 

Phase II - Download Farbar's Recovery Scan Tool (FRST)
 
From the clean computer, download Farbar Recovery Scan Tool and save it to the USB pen drive.
 
Note: You need the 32-bit version to run with UBCD4Win
 
Now, plug the USB pen drive back into the ransomed computer and move on to the next step.
 

Phase III - Booting to the UBCD4Win CD
 
Restart the ransomed Computer Using the UBCD4Win disc created.

  • Insert the UBCD4Win disc into a CD/DVD drive
  • Restart the computer. It should boot from the UBCD4Win CD automatically
  • If it doesn't, and you are asked if you want to boot from CD, then, select that option

Note: Information on booting from CD > here

  • In the window that appears select Launch The Ultimate Boot CD For Windows, and press: Enter
  • It may take a longer for the Desktop to appear than it does when you start the computer normally, but, just let the process run itself until the Desktop appears
  • Once the Desktop appears, a message appers asking: Do you want to start Network support?, click Yes
  • You should now have a Desktop that looks like this:

Main.jpg
 

Phase IV - Running the FRST scan

  • Single-click My computer from the UBCD4Win Desktop, and navigate to the Farbar Recovery Scan Tool (FRST.exe) saved to the pen drive.
  • Double-click on FRST.exe to begin running the tool
  • When the tool opens click Yes to disclaimer

Note: If prompted to download the latest version, please do so from the link in Phase II

  • Click on the Scan button
  • When done scanning, the tool makes a log, FRST.txt on the pen drive. You can now close the pen drive, and safely remove it.
  • Insert the USB pen drive into your clean computer, and post the FRST.txt in your reply

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 JohnStaton

JohnStaton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 11 August 2014 - 09:00 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by SYSTEM on BARTPE-6251 on 11-08-2014 18:44:09
Running from D:\OMEGA
Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
Internet Explorer Version 6
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\Administrator\...\Run: [ROC_JAN2013_TB] => "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\Administrator\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation)
HKU\Michael S Bergman\...\Run: [Google Update] => C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-19] (Google Inc.)
HKU\Michael S Bergman\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-28] (Google Inc.)
HKU\Michael S Bergman\...\Run: [jbdlwlmf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uacoiblj.exe"
HKU\Michael S Bergman\...\Run: [kignggnc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uimbampb.exe"
HKU\Michael S Bergman\...\Run: [pbnpkbev] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nofkdtci.exe"
HKU\Michael S Bergman\...\Run: [ruqpfdms] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lckrupjc.exe"
HKU\Michael S Bergman\...\Run: [wxooibpq] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xvjqqhvn.exe"
HKU\Michael S Bergman\...\Run: [qqdejoll] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\bogojduf.exe"
HKU\Michael S Bergman\...\Run: [mruagjhm] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\csrpqtxb.exe"
HKU\Michael S Bergman\...\Run: [swxxbtem] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fgvpimfj.exe"
HKU\Michael S Bergman\...\Run: [ihhtaqnw] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dlkopxlw.exe"
HKU\Michael S Bergman\...\Run: [bcfwinoa] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\skdkjbmd.exe"
HKU\Michael S Bergman\...\Run: [ewapqqhw] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\tajmrcrr.exe"
HKU\Michael S Bergman\...\Run: [gkuwwwps] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fhbhsinm.exe"
HKU\Michael S Bergman\...\Run: [hiddibhe] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dfrsvcbk.exe"
HKU\Michael S Bergman\...\Run: [adcxcbvf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uxxqduta.exe"
HKU\Michael S Bergman\...\Run: [suktceam] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\iieovpba.exe"
HKU\Michael S Bergman\...\Run: [fseomofh] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fwqxfqxk.exe"
HKU\Michael S Bergman\...\Run: [tcvkofle] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xijaesjr.exe"
HKU\Michael S Bergman\...\Run: [eousrjnk] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\eogplcsw.exe"
HKU\Michael S Bergman\...\Run: [opjhnfbr] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\hcrchcbj.exe"
HKU\Michael S Bergman\...\Run: [fcusrxrp] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\swnbcxuh.exe"
HKU\Michael S Bergman\...\Run: [hkwgulav] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ouxqtfqv.exe"
HKU\Michael S Bergman\...\Run: [mfrgpabj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\landmehv.exe"
HKU\Michael S Bergman\...\Run: [lbafusje] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\jximjcxr.exe"
HKU\Michael S Bergman\...\Run: [dndedfoc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\doccrmtt.exe"
HKU\Michael S Bergman\...\Run: [lbsnfhhj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\aflwmubd.exe"
HKU\Michael S Bergman\...\Run: [plrgswuu] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dqjcwsfn.exe"
HKU\Michael S Bergman\...\Run: [spldelpo] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dtpjmstl.exe"
HKU\Michael S Bergman\...\Run: [bbnplrtj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vrsfsnts.exe"
HKU\Michael S Bergman\...\Run: [jknmsiha] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nbmrsqjc.exe"
HKU\Michael S Bergman\...\Run: [ogjmwrxc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ahtccvpd.exe"
HKU\Michael S Bergman\...\Run: [tvfirces] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\cqswnmuo.exe"
HKU\Michael S Bergman\...\Run: [cepjusip] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vdbksrct.exe"
HKU\Michael S Bergman\...\Run: [ljiexxau] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xhbkmafs.exe"
HKU\Michael S Bergman\...\Run: [jjtgexpd] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ehooxrdg.exe"
HKU\Michael S Bergman\...\Run: [fgclcehp] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ibproqee.exe"
HKU\Michael S Bergman\...\Run: [wvumcueb] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kudonohe.exe"
HKU\Michael S Bergman\...\Run: [hfmbloch] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lbgidmdw.exe"
HKU\Michael S Bergman\...\Run: [vgemerel] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xtlwkorr.exe"
HKU\Michael S Bergman\...\Run: [beebccbv] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ofmifrol.exe"
HKU\Michael S Bergman\...\Run: [rufvbpgs] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\pumrgiki.exe"
HKU\Michael S Bergman\...\Run: [quubbrde] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ulabldkn.exe"
HKU\Michael S Bergman\...\Run: [kgrhoreo] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\mqsxrpuw.exe"
HKU\Michael S Bergman\...\Run: [icpnktdb] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kokxmmlh.exe"
HKU\Michael S Bergman\...\Run: [pjtskslg] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kpqewbje.exe"
HKU\Michael S Bergman\...\Run: [pjijpwbf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lasmmhkk.exe"
HKU\Michael S Bergman\...\Run: [sodujhog] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\asggiprt.exe"
HKU\Michael S Bergman\...\Run: [vecqkrcg] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\msjkfbjh.exe"
HKU\Michael S Bergman\...\Run: [cvbslfru] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nawvuhxd.exe"
HKU\Michael S Bergman\...\Run: [eqwipuvx] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ranvvnvi.exe"
HKU\Michael S Bergman\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\PROGRAMS\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\PROGRAMS\Intuit\QuickBooks 2008\QBW32.EXE (No File)
Startup: C:\Documents and Settings\Michael S Bergman\Start Menu\Programs\Startup\ComboFix.exe (Swearware)
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
S4 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
S4 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
S4 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.)
S4 McDetect.exe; c:\program files\mcafee.com\agent\mcdetect.exe [X]
S4 McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [X]
S4 McTskshd.exe; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [X]
S4 mcupdmgr.exe; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [X]
S4 MpfService; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [X]
S4 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [X]
S4 MSSQLServerADHelper; "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe" [X]
S4 SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2007-07-27] (Microsoft Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S2 ASCTRM; No ImagePath
S3 bvrp_pci; No ImagePath
S1 MPFIREWL; System32\Drivers\MpFirewall.sys [X]
S3 NaiAvFilter1; system32\drivers\naiavf5x.sys [X]
S5 NwlnkIpx; C:\Windows\System32\Drivers\NwlnkIpx.sys [88320 2008-04-13] (Microsoft Corporation)
S1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-11 18:43 - 2014-08-11 18:43 - 00000000 ____D () C:\FRST
2014-08-10 15:05 - 2014-08-10 15:05 - 00000000 ___HD () C:\Report
2014-08-10 13:09 - 2014-08-10 13:09 - 26738688 _____ () C:\Windows\System32\config\software.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 04718592 _____ () C:\Windows\System32\config\system.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 00524288 _____ () C:\Windows\System32\config\default.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 00262144 _____ () C:\Windows\System32\config\security.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 00024576 _____ () C:\Windows\System32\config\sam.bhv
2014-08-10 10:15 - 2014-08-10 10:15 - 00000546 _____ () C:\Windows\COM+.log
2014-08-10 04:40 - 2014-08-10 04:40 - 00001764 _____ () C:\Windows\System32\.crusader
2014-08-10 03:22 - 2014-08-10 03:22 - 00003974 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-08-10 02:17 - 2014-08-10 02:17 - 05568206 ____R (Swearware) C:\ComboFix.exe
2014-08-10 02:15 - 2014-08-09 18:56 - 00000000 ____D () C:\Malwarebytes Anti-Malware
2014-08-10 02:09 - 2014-08-10 02:09 - 01366203 _____ () C:\AdwCleaner.exe
2014-08-09 20:07 - 2014-08-09 20:07 - 00000000 ____D () C:\Windows\tmp
2014-07-18 16:15 - 2014-07-18 16:15 - 00229437 _____ () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4.zip
2014-07-18 16:15 - 2014-07-18 16:15 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-11 18:43 - 2014-08-11 18:43 - 00000000 ____D () C:\FRST
2014-08-11 03:07 - 2013-11-18 04:01 - 01113216 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 02:40 - 2005-02-11 22:26 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Application Data\AOL
2014-08-11 02:40 - 2004-12-18 00:07 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-08-11 02:40 - 2004-12-17 23:25 - 00000000 ____D () C:\I386
2014-08-11 02:38 - 2005-02-04 16:57 - 00000000 ____D () C:\Windows\Sun
2014-08-11 02:37 - 2013-11-18 03:40 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Local Settings\temp
2014-08-11 02:37 - 2004-08-11 23:09 - 00000159 _____ () C:\Windows\WIADEBUG.LOG
2014-08-11 02:37 - 2004-08-11 23:09 - 00000049 _____ () C:\Windows\WIASERVC.LOG
2014-08-11 02:36 - 2012-08-24 01:35 - 00032548 _____ () C:\Windows\SchedLgU.Txt
2014-08-11 02:36 - 2011-08-01 16:49 - 00056158 ____C () C:\Documents and Settings\Michael S Bergman\My Documents\15537-OMEGAMICROFILM;[eDED]download;30856721.eml
2014-08-11 02:36 - 2005-06-30 15:03 - 00000000 __SHD () C:\Windows\CSC
2014-08-11 02:36 - 2004-12-17 23:46 - 00013646 _____ () C:\Windows\System32\WPA.DBL
2014-08-11 02:28 - 2004-12-28 17:48 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Application Data\Adobe
2014-08-11 02:21 - 2004-12-18 00:01 - 00000000 ____D () C:\Program Files\Adobe
2014-08-10 16:43 - 2004-12-28 17:32 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-08-10 16:37 - 2004-12-28 17:30 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-08-10 16:36 - 2004-12-17 23:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-08-10 15:05 - 2014-08-10 15:05 - 00000000 ___HD () C:\Report
2014-08-10 13:09 - 2014-08-10 13:09 - 26738688 _____ () C:\Windows\System32\config\software.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 04718592 _____ () C:\Windows\System32\config\system.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 00524288 _____ () C:\Windows\System32\config\default.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 00262144 _____ () C:\Windows\System32\config\security.bhv
2014-08-10 13:09 - 2014-08-10 13:09 - 00024576 _____ () C:\Windows\System32\config\sam.bhv
2014-08-10 13:09 - 2009-12-14 21:58 - 00000000 ____D () C:\Program Files\AOL 9.0
2014-08-10 13:09 - 2008-12-31 17:19 - 00000000 __HDC () C:\Windows\$NtServicePackUninstall$
2014-08-10 10:15 - 2014-08-10 10:15 - 00000546 _____ () C:\Windows\COM+.log
2014-08-10 10:15 - 2013-12-12 06:02 - 00039551 _____ () C:\Windows\comsetup.log
2014-08-10 10:15 - 2004-12-17 23:28 - 00000000 ____D () C:\Windows\Registration
2014-08-10 05:18 - 2013-11-19 19:34 - 00058202 _____ () C:\Windows\setupapi.log
2014-08-10 05:01 - 2004-12-28 17:32 - 00000178 ___SH () C:\Documents and Settings\Michael S Bergman\NTUSER.INI
2014-08-10 04:40 - 2014-08-10 04:40 - 00001764 _____ () C:\Windows\System32\.crusader
2014-08-10 03:27 - 2013-12-03 23:53 - 00001219 _____ () C:\Windows\wmsetup.log
2014-08-10 03:22 - 2014-08-10 03:22 - 00003974 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-08-10 03:18 - 2013-12-12 06:02 - 00000116 _____ () C:\Windows\setupact.log
2014-08-10 03:14 - 2013-11-18 04:16 - 00261432 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-10 02:20 - 2005-01-28 19:15 - 00000000 __SHD () C:\Documents and Settings\Michael S Bergman\UserData
2014-08-10 02:17 - 2014-08-10 02:17 - 05568206 ____R (Swearware) C:\ComboFix.exe
2014-08-10 02:09 - 2014-08-10 02:09 - 01366203 _____ () C:\AdwCleaner.exe
2014-08-10 01:39 - 2007-02-07 18:43 - 00000000 ____D () C:\lj8150
2014-08-10 01:29 - 2008-07-10 17:55 - 00000000 ____D () C:\Temp
2014-08-09 20:07 - 2014-08-09 20:07 - 00000000 ____D () C:\Windows\tmp
2014-08-09 19:27 - 2004-12-17 23:33 - 00000245 ___SH () C:\boot.ini
2014-08-09 18:56 - 2014-08-10 02:15 - 00000000 ____D () C:\Malwarebytes Anti-Malware
2014-08-07 23:13 - 2013-11-19 18:54 - 00035440 _____ () C:\Windows\pvsw.log
2014-08-07 20:08 - 2005-06-29 17:40 - 00228352 _____ () C:\Windows\BWPrinter.dat
2014-07-25 17:29 - 2013-06-07 16:42 - 00000000 ____D () C:\scans
2014-07-18 20:51 - 2010-02-19 22:05 - 00002372 _____ () C:\Documents and Settings\Michael S Bergman\Desktop\Google Chrome.lnk
2014-07-18 16:15 - 2014-07-18 16:15 - 00229437 _____ () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4.zip
2014-07-18 16:15 - 2014-07-18 16:15 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4
2014-07-14 17:21 - 2014-07-08 16:00 - 00696430 _____ () C:\Documents and Settings\Michael S Bergman\My Documents\Estimate_1029_from_DOCUMENT_IMAGING_BROKERS.zip
2014-07-14 17:21 - 2014-07-08 16:00 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\My Documents\Estimate_1029_from_DOCUMENT_IMAGING_BROKERS
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2007-07-27 12:00] - [2014-03-12 10:48] - 0617984 ____A (Microsoft Corporation) b1d462bf7cb0acaa7fe1a565b2605594     
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points (XP) =====================
 
RP: -> 2014-08-10 04:40 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3 
 
RP: -> 2014-08-10 04:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2 
 
RP: -> 2014-08-10 03:17 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1 
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 1270.98 MB
Available physical RAM: 728.68 MB
Total Pagefile: 1106.45 MB
Available Pagefile: 745.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.89 MB
 
==================== Drives ================================
 
Drive b: (RAMDisk) (Fixed) (Total:0.31 GB) (Free:0.31 GB) FAT
Drive c: () (Fixed) (Total:71.48 GB) (Free:35.38 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (JOHNS DRIVE) (Removable) (Total:29.07 GB) (Free:4.59 GB) NTFS
Drive x: (UBCD4Windows) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 12 August 2014 - 12:32 PM

Hi JohnStaton,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

We need to search for a file with FRST:

  • Boot into UBCD4Win like you did before and single-click My computer from the UBCD4Win Desktop, and navigate to the Farbar Recovery Scan Tool (FRST.exe) saved to the pen drive.
  • Double-click on FRST.exe to begin running the tool
  • In the search box, type the following: user32*
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

xXToffeeXx~


Edited by xXToffeeXx, 12 August 2014 - 12:32 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 JohnStaton

JohnStaton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 12 August 2014 - 05:25 PM

Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by SYSTEM at 2014-08-12 15:06:34
Running from D:\OMEGA
Boot Mode: Recovery
 
================== Search: "user32*" ===================
 
C:\WINDOWS\SYSTEM32\user32.dll
[2007-07-27 12:00][2014-03-12 10:48] 0617984 ____A (Microsoft Corporation) b1d462bf7cb0acaa7fe1a565b2605594     
 
C:\WINDOWS\SYSTEM32\user32.ini
[2007-07-27 12:00][2014-03-12 10:48] 0578560 ____A () df74697fb06a25f2d119eca1ac4ae8c2     
 
C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
[2005-03-02 18:09][2005-03-02 18:09] 0577024 ___AC (Microsoft Corporation) de2db164bbb35db061af0997e4499054     
 
C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
[2007-03-08 15:36][2007-03-08 15:36] 0577536 ___AC (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7     
 
C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008-09-18 16:27][2014-03-12 10:48] 0617984 ____A (Microsoft Corporation) 77ece7120817698d1ba4c587b78ad8ab     
 
C:\WINDOWS\ServicePackFiles\i386\user32.ini
[2007-07-27 12:00][2014-03-12 10:48] 0578560 ____A () df74697fb06a25f2d119eca1ac4ae8c2     
 
C:\WINDOWS\erdnt\cache\user32.dll
[2013-07-11 00:06][2008-04-14 00:12] 0578560 ____A (Microsoft Corporation) b26b135ff1b9f60c9388b4a7d16f600b     
 
C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008-12-31 17:20][2007-07-27 12:00] 0577024 ____C (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4     
 
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2007-03-08 15:48][2007-03-08 15:48] 0578048 ___AC (Microsoft Corporation) 7aa4f6c00405dfc4b70ed4214e7d687b     
 
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2005-03-02 18:19][2005-03-02 18:19] 0577024 ___AC (Microsoft Corporation) 1800f293bccc8ede8a70e12b88d80036     
 
C:\I386\USER32.DLL
[2005-01-07 18:02][2004-08-04 11:00] 0577024 ___AC (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4     
 
X:\I386\SYSTEM32\USER32.DLL
[2004-08-04 12:00][2004-08-04 12:00] 0577024 ____R (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4     
 
=== End Of Search ===


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 13 August 2014 - 12:45 PM

Hi JohnStaton,
 
Good, hopefully this should get you booting into normal mode properly.
 
We need to run a fix with FRST:

  • From your clean computer, press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\Michael S Bergman\...\Run: [jbdlwlmf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uacoiblj.exe"
HKU\Michael S Bergman\...\Run: [kignggnc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uimbampb.exe"
HKU\Michael S Bergman\...\Run: [pbnpkbev] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nofkdtci.exe"
HKU\Michael S Bergman\...\Run: [ruqpfdms] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lckrupjc.exe"
HKU\Michael S Bergman\...\Run: [wxooibpq] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xvjqqhvn.exe"
HKU\Michael S Bergman\...\Run: [qqdejoll] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\bogojduf.exe"
HKU\Michael S Bergman\...\Run: [mruagjhm] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\csrpqtxb.exe"
HKU\Michael S Bergman\...\Run: [swxxbtem] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fgvpimfj.exe"
HKU\Michael S Bergman\...\Run: [ihhtaqnw] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dlkopxlw.exe"
HKU\Michael S Bergman\...\Run: [bcfwinoa] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\skdkjbmd.exe"
HKU\Michael S Bergman\...\Run: [ewapqqhw] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\tajmrcrr.exe"
HKU\Michael S Bergman\...\Run: [gkuwwwps] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fhbhsinm.exe"
HKU\Michael S Bergman\...\Run: [hiddibhe] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dfrsvcbk.exe"
HKU\Michael S Bergman\...\Run: [adcxcbvf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uxxqduta.exe"
HKU\Michael S Bergman\...\Run: [suktceam] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\iieovpba.exe"
HKU\Michael S Bergman\...\Run: [fseomofh] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fwqxfqxk.exe"
HKU\Michael S Bergman\...\Run: [tcvkofle] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xijaesjr.exe"
HKU\Michael S Bergman\...\Run: [eousrjnk] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\eogplcsw.exe"
HKU\Michael S Bergman\...\Run: [opjhnfbr] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\hcrchcbj.exe"
HKU\Michael S Bergman\...\Run: [fcusrxrp] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\swnbcxuh.exe"
HKU\Michael S Bergman\...\Run: [hkwgulav] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ouxqtfqv.exe"
HKU\Michael S Bergman\...\Run: [mfrgpabj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\landmehv.exe"
HKU\Michael S Bergman\...\Run: [lbafusje] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\jximjcxr.exe"
HKU\Michael S Bergman\...\Run: [dndedfoc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\doccrmtt.exe"
HKU\Michael S Bergman\...\Run: [lbsnfhhj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\aflwmubd.exe"
HKU\Michael S Bergman\...\Run: [plrgswuu] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dqjcwsfn.exe"
HKU\Michael S Bergman\...\Run: [spldelpo] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dtpjmstl.exe"
HKU\Michael S Bergman\...\Run: [bbnplrtj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vrsfsnts.exe"
HKU\Michael S Bergman\...\Run: [jknmsiha] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nbmrsqjc.exe"
HKU\Michael S Bergman\...\Run: [ogjmwrxc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ahtccvpd.exe"
HKU\Michael S Bergman\...\Run: [tvfirces] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\cqswnmuo.exe"
HKU\Michael S Bergman\...\Run: [cepjusip] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vdbksrct.exe"
HKU\Michael S Bergman\...\Run: [ljiexxau] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xhbkmafs.exe"
HKU\Michael S Bergman\...\Run: [jjtgexpd] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ehooxrdg.exe"
HKU\Michael S Bergman\...\Run: [fgclcehp] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ibproqee.exe"
HKU\Michael S Bergman\...\Run: [wvumcueb] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kudonohe.exe"
HKU\Michael S Bergman\...\Run: [hfmbloch] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lbgidmdw.exe"
HKU\Michael S Bergman\...\Run: [vgemerel] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xtlwkorr.exe"
HKU\Michael S Bergman\...\Run: [beebccbv] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ofmifrol.exe"
HKU\Michael S Bergman\...\Run: [rufvbpgs] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\pumrgiki.exe"
HKU\Michael S Bergman\...\Run: [quubbrde] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ulabldkn.exe"
HKU\Michael S Bergman\...\Run: [kgrhoreo] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\mqsxrpuw.exe"
HKU\Michael S Bergman\...\Run: [icpnktdb] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kokxmmlh.exe"
HKU\Michael S Bergman\...\Run: [pjtskslg] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kpqewbje.exe"
HKU\Michael S Bergman\...\Run: [pjijpwbf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lasmmhkk.exe"
HKU\Michael S Bergman\...\Run: [sodujhog] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\asggiprt.exe"
HKU\Michael S Bergman\...\Run: [vecqkrcg] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\msjkfbjh.exe"
HKU\Michael S Bergman\...\Run: [cvbslfru] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nawvuhxd.exe"
 
HKU\Michael S Bergman\...\Run: [eqwipuvx] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ranvvnvi.exe"

C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uacoiblj.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uimbampb.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nofkdtci.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lckrupjc.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xvjqqhvn.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\bogojduf.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\csrpqtxb.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fgvpimfj.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dlkopxlw.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\skdkjbmd.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\tajmrcrr.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fhbhsinm.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dfrsvcbk.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uxxqduta.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\iieovpba.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fwqxfqxk.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xijaesjr.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\eogplcsw.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\hcrchcbj.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\swnbcxuh.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ouxqtfqv.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\landmehv.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\jximjcxr.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\doccrmtt.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\aflwmubd.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dqjcwsfn.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dtpjmstl.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vrsfsnts.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nbmrsqjc.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ahtccvpd.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\cqswnmuo.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vdbksrct.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xhbkmafs.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ehooxrdg.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ibproqee.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kudonohe.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lbgidmdw.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xtlwkorr.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ofmifrol.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\pumrgiki.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ulabldkn.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\mqsxrpuw.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kokxmmlh.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kpqewbje.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lasmmhkk.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\asggiprt.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\msjkfbjh.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nawvuhxd.exe
C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ranvvnvi.exe
Replace: C:\WINDOWS\erdnt\cache\user32.dll C:\WINDOWS\SYSTEM32\user32.dll
Replace: C:\WINDOWS\erdnt\cache\user32.dll C:\WINDOWS\ServicePackFiles\i386\user32.dll
  • Boot into UBCD4Win like you did before and single-click My computer from the UBCD4Win Desktop, and navigate to the Farbar Recovery Scan Tool (FRST.exe) saved to the pen drive.
  • Double-click on FRST.exe to begin running the tool
  • Press the Fix button just once and wait
  • When finished, FRST will generate a log (Fixlog.txt) on the flashdrive
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 JohnStaton

JohnStaton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 13 August 2014 - 11:50 PM

Here is the log file

 

HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\Michael S Bergman\...\Run: [jbdlwlmf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uacoiblj.exe"
HKU\Michael S Bergman\...\Run: [kignggnc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uimbampb.exe"
HKU\Michael S Bergman\...\Run: [pbnpkbev] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nofkdtci.exe"
HKU\Michael S Bergman\...\Run: [ruqpfdms] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lckrupjc.exe"
HKU\Michael S Bergman\...\Run: [wxooibpq] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xvjqqhvn.exe"
HKU\Michael S Bergman\...\Run: [qqdejoll] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\bogojduf.exe"
HKU\Michael S Bergman\...\Run: [mruagjhm] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\csrpqtxb.exe"
HKU\Michael S Bergman\...\Run: [swxxbtem] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fgvpimfj.exe"
HKU\Michael S Bergman\...\Run: [ihhtaqnw] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dlkopxlw.exe"
HKU\Michael S Bergman\...\Run: [bcfwinoa] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\skdkjbmd.exe"
HKU\Michael S Bergman\...\Run: [ewapqqhw] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\tajmrcrr.exe"
HKU\Michael S Bergman\...\Run: [gkuwwwps] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fhbhsinm.exe"
HKU\Michael S Bergman\...\Run: [hiddibhe] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dfrsvcbk.exe"
HKU\Michael S Bergman\...\Run: [adcxcbvf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uxxqduta.exe"
HKU\Michael S Bergman\...\Run: [suktceam] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\iieovpba.exe"
HKU\Michael S Bergman\...\Run: [fseomofh] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fwqxfqxk.exe"
HKU\Michael S Bergman\...\Run: [tcvkofle] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xijaesjr.exe"
HKU\Michael S Bergman\...\Run: [eousrjnk] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\eogplcsw.exe"
HKU\Michael S Bergman\...\Run: [opjhnfbr] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\hcrchcbj.exe"
HKU\Michael S Bergman\...\Run: [fcusrxrp] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\swnbcxuh.exe"
HKU\Michael S Bergman\...\Run: [hkwgulav] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ouxqtfqv.exe"
HKU\Michael S Bergman\...\Run: [mfrgpabj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\landmehv.exe"
HKU\Michael S Bergman\...\Run: [lbafusje] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\jximjcxr.exe"
HKU\Michael S Bergman\...\Run: [dndedfoc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\doccrmtt.exe"
HKU\Michael S Bergman\...\Run: [lbsnfhhj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\aflwmubd.exe"
HKU\Michael S Bergman\...\Run: [plrgswuu] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dqjcwsfn.exe"
HKU\Michael S Bergman\...\Run: [spldelpo] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dtpjmstl.exe"
HKU\Michael S Bergman\...\Run: [bbnplrtj] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vrsfsnts.exe"
HKU\Michael S Bergman\...\Run: [jknmsiha] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nbmrsqjc.exe"
HKU\Michael S Bergman\...\Run: [ogjmwrxc] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ahtccvpd.exe"
HKU\Michael S Bergman\...\Run: [tvfirces] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\cqswnmuo.exe"
HKU\Michael S Bergman\...\Run: [cepjusip] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vdbksrct.exe"
HKU\Michael S Bergman\...\Run: [ljiexxau] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xhbkmafs.exe"
HKU\Michael S Bergman\...\Run: [jjtgexpd] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ehooxrdg.exe"
HKU\Michael S Bergman\...\Run: [fgclcehp] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ibproqee.exe"
HKU\Michael S Bergman\...\Run: [wvumcueb] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kudonohe.exe"
HKU\Michael S Bergman\...\Run: [hfmbloch] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lbgidmdw.exe"
HKU\Michael S Bergman\...\Run: [vgemerel] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xtlwkorr.exe"
HKU\Michael S Bergman\...\Run: [beebccbv] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ofmifrol.exe"
HKU\Michael S Bergman\...\Run: [rufvbpgs] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\pumrgiki.exe"
HKU\Michael S Bergman\...\Run: [quubbrde] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ulabldkn.exe"
HKU\Michael S Bergman\...\Run: [kgrhoreo] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\mqsxrpuw.exe"
HKU\Michael S Bergman\...\Run: [icpnktdb] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kokxmmlh.exe"
HKU\Michael S Bergman\...\Run: [pjtskslg] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kpqewbje.exe"
HKU\Michael S Bergman\...\Run: [pjijpwbf] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lasmmhkk.exe"
HKU\Michael S Bergman\...\Run: [sodujhog] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\asggiprt.exe"
HKU\Michael S Bergman\...\Run: [vecqkrcg] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\msjkfbjh.exe"
HKU\Michael S Bergman\...\Run: [cvbslfru] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nawvuhxd.exe"
 
HKU\Michael S
Bergman\...\Run: [eqwipuvx] => "C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ranvvnvi.exe"

C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uacoiblj.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uimbampb.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nofkdtci.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lckrupjc.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xvjqqhvn.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\bogojduf.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\csrpqtxb.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fgvpimfj.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dlkopxlw.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\skdkjbmd.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\tajmrcrr.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fhbhsinm.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dfrsvcbk.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\uxxqduta.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\iieovpba.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\fwqxfqxk.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xijaesjr.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\eogplcsw.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\hcrchcbj.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\swnbcxuh.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ouxqtfqv.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\landmehv.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\jximjcxr.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\doccrmtt.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\aflwmubd.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dqjcwsfn.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\dtpjmstl.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vrsfsnts.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nbmrsqjc.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ahtccvpd.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\cqswnmuo.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\vdbksrct.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xhbkmafs.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ehooxrdg.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ibproqee.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kudonohe.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lbgidmdw.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\xtlwkorr.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ofmifrol.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\pumrgiki.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ulabldkn.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\mqsxrpuw.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kokxmmlh.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\kpqewbje.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\lasmmhkk.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\asggiprt.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\msjkfbjh.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\nawvuhxd.exe
C
:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\ranvvnvi.exe
Replace: C:\WINDOWS\erdnt\cache\user32.dll C:\WINDOWS\SYSTEM32\user32.dll
Replace: C:\WINDOWS\erdnt\cache\user32.dll C:\WINDOWS\ServicePackFiles\i386\user32.dll

 

 

 

The unit appears to be booting properly. Thank you so much!



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 14 August 2014 - 04:35 AM

Hi JohnStaton,
 
That's good to hear. Lets see if there is any more malware around:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 JohnStaton

JohnStaton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 14 August 2014 - 08:38 AM

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by Michael S Bergman (administrator) on OMC-HQ on 14-08-2014 06:03:06
Running from E:\OMEGA
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1170035474\ee\aolsoftware.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE (Intuit Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.facebook.com/
CHR StartupUrls: "hxxp://www.facebook.com/"
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AdBlock) - C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
S4 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
S4 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
S4 McDetect.exe; c:\program files\mcafee.com\agent\mcdetect.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2007-07-27] (Microsoft Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2004-08-02] (Sonic Solutions) [File not signed]
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 NwlnkIpx; C:\Windows\System32\Drivers\NwlnkIpx.sys [88320 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 06:02 - 2014-08-14 06:03 - 00000000 ____D () C:\FRST
2014-08-13 23:26 - 2014-08-13 23:26 - 00000745 _____ () C:\WINDOWS\updspapi.log
2014-08-13 23:26 - 2014-08-13 23:26 - 00000183 _____ () C:\WINDOWS\spupdsvc.log
2014-08-13 23:25 - 2014-08-13 23:26 - 00105047 _____ () C:\WINDOWS\ie8.log
2014-08-13 23:15 - 2014-08-13 23:33 - 00031896 _____ () C:\WINDOWS\ie8_main.log
2014-08-13 23:14 - 2010-01-19 00:34 - 331805736 _____ (Microsoft Corporation) C:\Documents and Settings\Michael S Bergman\Desktop\XPSP3.exe
2014-08-13 23:14 - 2010-01-19 00:34 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\Michael S Bergman\Desktop\XPIE832.exe
2014-08-13 23:10 - 2014-08-14 05:53 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 23:08 - 2014-08-13 23:08 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 23:08 - 2014-08-13 23:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-13 23:08 - 2014-08-13 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 23:08 - 2014-05-12 08:05 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-13 23:08 - 2014-05-12 08:05 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-13 23:07 - 2014-08-13 23:07 - 00002384 _____ () C:\Documents and Settings\Michael S Bergman\Desktop\Google Chrome.lnk
2014-08-13 22:38 - 2008-04-13 16:12 - 00116224 ____C (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2014-08-13 22:38 - 2008-04-13 16:12 - 00018944 ____C () C:\WINDOWS\system32\dllcache\xrxscnui.dll
2014-08-13 22:38 - 2008-04-13 16:12 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll
2014-08-13 22:38 - 2008-04-13 10:46 - 00019200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2014-08-13 22:38 - 2008-04-13 10:36 - 00008832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys
2014-08-13 22:38 - 2004-08-03 21:29 - 00019455 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\wvchntxx.sys
2014-08-13 22:38 - 2004-08-03 21:29 - 00012063 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\wsiintxx.sys
2014-08-13 22:38 - 2001-08-17 22:37 - 00099865 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\xlog.exe
2014-08-13 22:38 - 2001-08-17 22:37 - 00027648 ____C () C:\WINDOWS\system32\dllcache\xrxftplt.exe
2014-08-13 22:38 - 2001-08-17 22:37 - 00004608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xrxflnch.exe
2014-08-13 22:38 - 2001-08-17 22:36 - 00023040 ____C (Xerox Corporation) C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2014-08-13 22:38 - 2001-08-17 12:11 - 00016970 ____C (US Robotics MCD (Megahertz)) C:\WINDOWS\system32\dllcache\xem336n5.sys
2014-08-13 22:37 - 2008-04-13 10:45 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wceusbsh.sys
2014-08-13 22:37 - 2004-08-04 05:00 - 00363520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3svc.dll
2014-08-13 22:37 - 2004-08-04 05:00 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wam51.dll
2014-08-13 22:37 - 2004-08-04 05:00 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamreg51.dll
2014-08-13 22:37 - 2004-08-03 21:31 - 00154624 ____C (Lucent Technologies) C:\WINDOWS\system32\dllcache\wlluc48.sys
2014-08-13 22:37 - 2004-08-03 21:29 - 00033599 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\watv04nt.sys
2014-08-13 22:37 - 2004-08-03 21:29 - 00029311 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\watv01nt.sys
2014-08-13 22:37 - 2004-08-03 21:29 - 00023615 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2014-08-13 22:37 - 2004-08-03 21:29 - 00019551 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\watv02nt.sys
2014-08-13 22:37 - 2004-08-03 21:29 - 00012415 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\wadv01nt.sys
2014-08-13 22:37 - 2004-08-03 21:29 - 00012127 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\wadv02nt.sys
2014-08-13 22:37 - 2004-08-03 21:29 - 00011775 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\wadv05nt.sys
2014-08-13 22:37 - 2001-08-17 22:36 - 00087040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2014-08-13 22:37 - 2001-08-17 22:36 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wiamsmud.dll
2014-08-13 22:37 - 2001-08-17 13:28 - 00771581 ____C (Rockwell) C:\WINDOWS\system32\dllcache\winacisa.sys
2014-08-13 22:37 - 2001-08-17 13:28 - 00701386 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\wdhaalba.sys
2014-08-13 22:37 - 2001-08-17 12:13 - 00019528 ____C (Winbond Electronics Corporation) C:\WINDOWS\system32\dllcache\w840nd.sys
2014-08-13 22:37 - 2001-08-17 12:13 - 00019016 ____C (Winbond Electronics Corporation) C:\WINDOWS\system32\dllcache\w926nd.sys
2014-08-13 22:37 - 2001-08-17 12:13 - 00016925 ____C (Winbond Electronics Corporation) C:\WINDOWS\system32\dllcache\w940nd.sys
2014-08-13 22:37 - 2001-08-17 12:12 - 00034890 ____C (Raytheon Corp.) C:\WINDOWS\system32\dllcache\wlandrv2.sys
2014-08-13 22:37 - 2001-08-17 12:10 - 00035871 ____C (Winbond Electronics Corp.) C:\WINDOWS\system32\dllcache\wbfirdma.sys
2014-08-13 22:36 - 2008-04-13 16:12 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2014-08-13 22:36 - 2008-04-13 10:45 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2014-08-13 22:36 - 2008-04-13 10:45 - 00017152 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys
2014-08-13 22:36 - 2004-08-03 21:31 - 00032384 ____C (KLSI USA, Inc.) C:\WINDOWS\system32\dllcache\usb101et.sys
2014-08-13 22:36 - 2001-08-17 13:49 - 00024576 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\viairda.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00794654 ____C (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usr1801.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00794399 ____C (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usr1806v.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00793598 ____C (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usr1806.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00765884 ____C (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usrti.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00687999 ____C (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00604253 ____C (PCTEL, INC.) C:\WINDOWS\system32\dllcache\vmodem.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00397502 ____C (PCtel, Inc.) C:\WINDOWS\system32\dllcache\vpctcom.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00224802 ____C (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usr1807a.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00113762 ____C (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usrpda.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00064605 ____C (PCtel, Inc.) C:\WINDOWS\system32\dllcache\vvoice.sys
2014-08-13 22:36 - 2001-08-17 13:28 - 00007556 ____C (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usroslba.sys
2014-08-13 22:36 - 2001-08-17 12:14 - 00249402 ____C (Xircom) C:\WINDOWS\system32\dllcache\vinwm.sys
2014-08-13 22:35 - 2004-08-04 05:00 - 00103424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\uihelper.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00525568 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridxp.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00216064 ____C (UMAX Data Systems Inc.) C:\WINDOWS\system32\dllcache\um34scan.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00211968 ____C (UMAX Data Systems Inc.) C:\WINDOWS\system32\dllcache\um54scan.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxud32.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxu12.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00050688 ____C (UMAX DATA SYSTEMS INC.) C:\WINDOWS\system32\dllcache\umaxscan.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00050176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxp60.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxcam.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxu40.dll
2014-08-13 22:35 - 2001-08-17 22:36 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxu22.dll
2014-08-13 22:35 - 2001-08-17 13:58 - 00022912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxpcls.sys
2014-08-13 22:35 - 2001-08-17 13:48 - 00011520 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\twotrack.sys
2014-08-13 22:35 - 2001-08-17 12:51 - 00166784 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridxpm.sys
2014-08-13 22:35 - 2001-08-17 12:51 - 00159232 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridkbm.sys
2014-08-13 22:34 - 2008-04-13 16:12 - 00082944 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe
2014-08-13 22:34 - 2008-04-13 10:40 - 00149376 ____C (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys
2014-08-13 22:34 - 2004-08-04 05:00 - 00031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tools.dll
2014-08-13 22:34 - 2001-08-17 22:36 - 00031744 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4.dll
2014-08-13 22:34 - 2001-08-17 22:35 - 00042496 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4res.dll
2014-08-13 22:34 - 2001-08-17 14:56 - 00440576 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridkb.dll
2014-08-13 22:34 - 2001-08-17 14:56 - 00315520 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\trid3d.dll
2014-08-13 22:34 - 2001-08-17 14:56 - 00081408 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tgiul50.dll
2014-08-13 22:34 - 2001-08-17 14:02 - 00230912 ____C (Toshiba Corporation) C:\WINDOWS\system32\dllcache\tosdvd03.sys
2014-08-13 22:34 - 2001-08-17 14:01 - 00241664 ____C (Toshiba Corporation) C:\WINDOWS\system32\dllcache\tosdvd02.sys
2014-08-13 22:34 - 2001-08-17 13:49 - 00030464 ____C (Toshiba Corporation) C:\WINDOWS\system32\dllcache\tbatm155.sys
2014-08-13 22:34 - 2001-08-17 12:51 - 00222336 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\trid3dm.sys
2014-08-13 22:34 - 2001-08-17 12:51 - 00138528 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2014-08-13 22:34 - 2001-08-17 12:14 - 00123995 ____C (Tiger Jet Network) C:\WINDOWS\system32\dllcache\tjisdn.sys
2014-08-13 22:34 - 2001-08-17 12:13 - 00037961 ____C (TDK Corporation) C:\WINDOWS\system32\dllcache\tdk100b.sys
2014-08-13 22:34 - 2001-08-17 12:13 - 00017129 ____C (TDK Corporation) C:\WINDOWS\system32\dllcache\tdkcd31.sys
2014-08-13 22:34 - 2001-08-17 12:12 - 00034375 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\tpro4.sys
2014-08-13 22:34 - 2001-08-17 12:10 - 00028232 ____C (TOSHIBA Corporation) C:\WINDOWS\system32\dllcache\tos4mo.sys
2014-08-13 22:33 - 2008-04-13 10:46 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2014-08-13 22:33 - 2004-08-04 05:00 - 00046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\svcext51.dll
2014-08-13 22:33 - 2004-08-04 05:00 - 00046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sspifilt.dll
2014-08-13 22:33 - 2004-08-04 05:00 - 00045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ssinc51.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00155648 ____C (Stallion Technologies) C:\WINDOWS\system32\dllcache\stlnprop.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\srusd.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00094293 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\sxports.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sw_wheel.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00053248 ____C (Stallion Technologies) C:\WINDOWS\system32\dllcache\stlncoin.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00041472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sw_effct.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swpidflt.dll
2014-08-13 22:33 - 2001-08-17 22:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swpdflt2.dll
2014-08-13 22:33 - 2001-08-17 14:56 - 00172768 ____C (Number Nine Visual Technology) C:\WINDOWS\system32\dllcache\t2r4disp.dll
2014-08-13 22:33 - 2001-08-17 14:02 - 00003968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swusbflt.sys
2014-08-13 22:33 - 2001-08-17 13:52 - 00007040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tandqic.sys
2014-08-13 22:33 - 2001-08-17 13:51 - 00016896 ____C (SCM Microsystems, Inc.) C:\WINDOWS\system32\dllcache\stcusb.sys
2014-08-13 22:33 - 2001-08-17 13:50 - 00103936 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\sx.sys
2014-08-13 22:33 - 2001-08-17 12:50 - 00036640 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\t2r4mini.sys
2014-08-13 22:33 - 2001-08-17 12:18 - 00285760 ____C (Stallion Technologies) C:\WINDOWS\system32\dllcache\stlnata.sys
2014-08-13 22:33 - 2001-08-17 12:11 - 00048736 ____C (3Com) C:\WINDOWS\system32\dllcache\srwlnd5.sys
2014-08-13 22:32 - 2008-04-13 10:40 - 00007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys
2014-08-13 22:32 - 2004-08-04 05:00 - 00456704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpsvc.dll
2014-08-13 22:32 - 2004-08-04 05:00 - 00358400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpincl.dll
2014-08-13 22:32 - 2004-08-04 05:00 - 00259072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpcl.dll
2014-08-13 22:32 - 2004-08-04 05:00 - 00236544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smi2smir.exe
2014-08-13 22:32 - 2004-08-04 05:00 - 00188416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpsmir.dll
2014-08-13 22:32 - 2004-08-04 05:00 - 00040448 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpthrd.dll
2014-08-13 22:32 - 2004-08-04 05:00 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmp.exe
2014-08-13 22:32 - 2004-08-04 05:00 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmptrap.exe
2014-08-13 22:32 - 2004-08-04 05:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpmib.dll
2014-08-13 22:32 - 2001-08-17 22:36 - 00114688 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\sonypi.dll
2014-08-13 22:32 - 2001-08-17 22:36 - 00106584 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spdports.dll
2014-08-13 22:32 - 2001-08-17 22:36 - 00024660 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spxupchk.dll
2014-08-13 22:32 - 2001-08-17 14:56 - 00147200 ____C (Silicon Motion Inc.) C:\WINDOWS\system32\dllcache\smidispb.dll
2014-08-13 22:32 - 2001-08-17 13:57 - 00006784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbhc.sys
2014-08-13 22:32 - 2001-08-17 13:56 - 00007552 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\sonypvu1.sys
2014-08-13 22:32 - 2001-08-17 13:53 - 00009600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonymc.sys
2014-08-13 22:32 - 2001-08-17 13:53 - 00007040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snyaitmc.sys
2014-08-13 22:32 - 2001-08-17 13:51 - 00061824 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\speed.sys
2014-08-13 22:32 - 2001-08-17 12:51 - 00058368 ____C (Silicon Motion Inc.) C:\WINDOWS\system32\dllcache\smiminib.sys
2014-08-13 22:32 - 2001-08-17 12:51 - 00037040 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\sonypi.sys
2014-08-13 22:32 - 2001-08-17 12:51 - 00020752 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\sonync.sys
2014-08-13 22:32 - 2001-08-17 12:12 - 00025034 ____C (SMC Networks, Inc.) C:\WINDOWS\system32\dllcache\smcpwr2n.sys
2014-08-13 22:32 - 2001-08-17 12:12 - 00024576 ____C (SMC Networks, Inc.) C:\WINDOWS\system32\dllcache\smc8000n.sys
2014-08-13 22:32 - 2001-08-17 12:10 - 00035913 ____C (SMC) C:\WINDOWS\system32\dllcache\smcirda.sys
2014-08-13 22:31 - 2008-04-13 10:46 - 00011136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2014-08-13 22:31 - 2008-04-13 10:36 - 00016000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys
2014-08-13 22:31 - 2008-04-13 10:36 - 00006912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys
2014-08-13 22:31 - 2004-08-03 21:31 - 00063547 ____C (Symbol Technologies) C:\WINDOWS\system32\dllcache\sla30nd5.sys
2014-08-13 22:31 - 2004-08-03 21:31 - 00032768 ____C (SiS Corporation) C:\WINDOWS\system32\dllcache\sisnic.sys
2014-08-13 22:31 - 2001-08-17 22:36 - 00238592 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisgrv.dll
2014-08-13 22:31 - 2001-08-17 22:36 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb3w.dll
2014-08-13 22:31 - 2001-08-17 22:36 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb0w.dll
2014-08-13 22:31 - 2001-08-17 22:36 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sma0w.dll
2014-08-13 22:31 - 2001-08-17 22:36 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm91w.dll
2014-08-13 22:31 - 2001-08-17 14:56 - 00252032 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis300iv.dll
2014-08-13 22:31 - 2001-08-17 14:56 - 00157696 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisv256.dll
2014-08-13 22:31 - 2001-08-17 14:56 - 00150144 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis6306v.dll
2014-08-13 22:31 - 2001-08-17 12:50 - 00104064 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisgrp.sys
2014-08-13 22:31 - 2001-08-17 12:50 - 00101760 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis300ip.sys
2014-08-13 22:31 - 2001-08-17 12:50 - 00068608 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis6306p.sys
2014-08-13 22:31 - 2001-08-17 12:50 - 00050432 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisv.sys
2014-08-13 22:31 - 2001-08-17 12:12 - 00094698 ____C (SysKonnect GmbH.) C:\WINDOWS\system32\dllcache\sk98xwin.sys
2014-08-13 22:31 - 2001-08-17 12:12 - 00091294 ____C (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) C:\WINDOWS\system32\dllcache\skfpwin.sys
2014-08-13 22:30 - 2008-04-13 10:45 - 00011520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys
2014-08-13 22:30 - 2008-04-13 10:40 - 00043904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys
2014-08-13 22:30 - 2001-08-17 22:36 - 00495616 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\sblfx.dll
2014-08-13 22:30 - 2001-08-17 22:36 - 00386560 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\sgiul50.dll
2014-08-13 22:30 - 2001-08-17 14:56 - 00245632 ____C (S3 Graphics, Inc.) C:\WINDOWS\system32\dllcache\s3savmx.dll
2014-08-13 22:30 - 2001-08-17 13:53 - 00006912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\seaddsmc.sys
2014-08-13 22:30 - 2001-08-17 13:52 - 00011648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiprnt.sys
2014-08-13 22:30 - 2001-08-17 13:51 - 00023936 ____C (OMNIKEY AG) C:\WINDOWS\system32\dllcache\sccmusbm.sys
2014-08-13 22:30 - 2001-08-17 13:51 - 00023936 ____C (OMNIKEY AG) C:\WINDOWS\system32\dllcache\sccmn50m.sys
2014-08-13 22:30 - 2001-08-17 13:51 - 00017280 ____C (SCM Microsystems) C:\WINDOWS\system32\dllcache\scr111.sys
2014-08-13 22:30 - 2001-08-17 13:51 - 00016640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scmstcs.sys
2014-08-13 22:30 - 2001-08-17 13:48 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sermouse.sys
2014-08-13 22:30 - 2001-08-17 12:51 - 00098080 ____C (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2014-08-13 22:30 - 2001-08-17 12:50 - 00075392 ____C (S3 Graphics, Inc.) C:\WINDOWS\system32\dllcache\s3savmxm.sys
2014-08-13 22:30 - 2001-08-17 12:19 - 00036480 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\sfmanm.sys
2014-08-13 22:30 - 2001-07-21 14:29 - 00161568 ____C (Micro Systemation) C:\WINDOWS\system32\dllcache\sgsmusb.sys
2014-08-13 22:30 - 2001-07-21 14:29 - 00018400 ____C (Micro Systemation) C:\WINDOWS\system32\dllcache\sgsmld.sys
2014-08-13 22:29 - 2008-04-13 16:12 - 00029696 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll
2014-08-13 22:29 - 2008-04-13 16:12 - 00027648 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll
2014-08-13 22:29 - 2008-04-13 10:40 - 00079104 ____C (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys
2014-08-13 22:29 - 2004-08-04 05:00 - 00004096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcref.dll
2014-08-13 22:29 - 2004-08-03 21:31 - 00020992 ____C (Realtek Semiconductor Corporation) C:\WINDOWS\system32\dllcache\rtl8139.sys
2014-08-13 22:29 - 2001-08-17 22:36 - 00082432 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia450.dll
2014-08-13 22:29 - 2001-08-17 22:36 - 00079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia430.dll
2014-08-13 22:29 - 2001-08-17 22:36 - 00062496 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mtrio.dll
2014-08-13 22:29 - 2001-08-17 22:36 - 00009216 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2014-08-13 22:29 - 2001-08-17 14:56 - 00210496 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mvirge.dll
2014-08-13 22:29 - 2001-08-17 14:56 - 00198400 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav4.dll
2014-08-13 22:29 - 2001-08-17 14:56 - 00182272 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mt3d.dll
2014-08-13 22:29 - 2001-08-17 14:56 - 00179264 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav3d.dll
2014-08-13 22:29 - 2001-08-17 13:57 - 00065664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.sys
2014-08-13 22:29 - 2001-08-17 12:50 - 00166720 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3m.sys
2014-08-13 22:29 - 2001-08-17 12:50 - 00077824 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav4m.sys
2014-08-13 22:29 - 2001-08-17 12:50 - 00061504 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav3dm.sys
2014-08-13 22:29 - 2001-08-17 12:50 - 00041216 ____C (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mt3d.sys
2014-08-13 22:29 - 2001-08-17 12:19 - 00030720 ____C (Conexant Systems Inc.) C:\WINDOWS\system32\dllcache\rthwcls.sys
2014-08-13 22:29 - 2001-08-17 12:19 - 00003840 ____C (Conexant Systems Inc.) C:\WINDOWS\system32\dllcache\rpfun.sys
2014-08-13 22:29 - 2001-08-17 12:12 - 00019017 ____C (Realtek Semiconductor Corporation) C:\WINDOWS\system32\dllcache\rtl8029.sys
2014-08-13 22:28 - 2008-04-13 16:12 - 00363520 ____C () C:\WINDOWS\system32\dllcache\psisdecd.dll
2014-08-13 22:28 - 2008-04-13 16:12 - 00159232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll
2014-08-13 22:28 - 2008-04-13 16:12 - 00033280 ____C () C:\WINDOWS\system32\dllcache\psisrndr.ax
2014-08-13 22:28 - 2008-04-13 10:41 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys
2014-08-13 22:28 - 2008-04-13 10:40 - 00006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys
2014-08-13 22:28 - 2004-08-04 05:00 - 00020736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ramdisk.sys
2014-08-13 22:28 - 2004-08-04 05:00 - 00007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pwsdata.dll
2014-08-13 22:28 - 2001-08-17 22:36 - 00086097 ____C (Xircom) C:\WINDOWS\system32\dllcache\reslog32.dll
2014-08-13 22:28 - 2001-08-17 22:36 - 00041472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qvusd.dll
2014-08-13 22:28 - 2001-08-17 22:36 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\psisload.dll
2014-08-13 22:28 - 2001-08-17 22:36 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusb.dll
2014-08-13 22:28 - 2001-08-17 13:53 - 00003328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qv2kux.sys
2014-08-13 22:28 - 2001-08-17 13:51 - 00019584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rasirda.sys
2014-08-13 22:28 - 2001-08-17 13:51 - 00016128 ____C (SCM Microsystems, Inc.) C:\WINDOWS\system32\dllcache\pscr.sys
2014-08-13 22:28 - 2001-08-17 13:28 - 00899146 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2014-08-13 22:28 - 2001-08-17 13:28 - 00714762 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2014-08-13 22:28 - 2001-08-17 13:28 - 00130942 ____C (PCTEL, INC.) C:\WINDOWS\system32\dllcache\ptserlv.sys
2014-08-13 22:28 - 2001-08-17 13:28 - 00128286 ____C (PCTEL, INC.) C:\WINDOWS\system32\dllcache\ptserli.sys
2014-08-13 22:28 - 2001-08-17 13:28 - 00112574 ____C (PCTEL, INC.) C:\WINDOWS\system32\dllcache\ptserlp.sys
2014-08-13 22:28 - 2001-08-17 12:12 - 00037563 ____C (RadioLAN) C:\WINDOWS\system32\dllcache\rlnet5.sys
2014-08-13 22:27 - 2008-04-13 16:10 - 00259328 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll
2014-08-13 22:27 - 2008-04-13 16:10 - 00211584 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll
2014-08-13 22:27 - 2008-04-13 10:44 - 00028032 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys
2014-08-13 22:27 - 2008-04-13 10:44 - 00027904 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys
2014-08-13 22:27 - 2008-04-13 10:40 - 00008832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys
2014-08-13 22:27 - 2004-08-03 21:31 - 00029502 ____C (Marconi Communications, Inc.) C:\WINDOWS\system32\dllcache\pca200e.sys
2014-08-13 22:27 - 2004-08-03 21:06 - 00169984 ____C (Cisco Systems) C:\WINDOWS\system32\dllcache\pcx500.sys
2014-08-13 22:27 - 2001-08-17 22:37 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phdsext.ax
2014-08-13 22:27 - 2001-08-17 22:36 - 00121344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phvfwext.dll
2014-08-13 22:27 - 2001-08-17 22:36 - 00086016 ____C (PCtel, Inc.) C:\WINDOWS\system32\dllcache\pctspk.exe
2014-08-13 22:27 - 2001-08-17 22:36 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philcam1.dll
2014-08-13 22:27 - 2001-08-17 14:07 - 00019840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philtune.sys
2014-08-13 22:27 - 2001-08-17 14:04 - 00173696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philcam2.sys
2014-08-13 22:27 - 2001-08-17 14:04 - 00092416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phildec.sys
2014-08-13 22:27 - 2001-08-17 14:04 - 00075776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philcam1.sys
2014-08-13 22:27 - 2001-08-17 13:53 - 00017792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa.sys
2014-08-13 22:27 - 2001-08-17 13:53 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pnrmc.sys
2014-08-13 22:27 - 2001-08-17 12:12 - 00030495 ____C (Linksys) C:\WINDOWS\system32\dllcache\pc100nds.sys
2014-08-13 22:27 - 2001-08-17 12:12 - 00026153 ____C (Linksys) C:\WINDOWS\system32\dllcache\pcmlm56.sys
2014-08-13 22:27 - 2001-08-17 12:11 - 00035328 ____C (AMD Inc.) C:\WINDOWS\system32\dllcache\pcntpci5.sys
2014-08-13 22:27 - 2001-08-17 12:11 - 00030282 ____C (AMD Inc.) C:\WINDOWS\system32\dllcache\pcntn5hl.sys
2014-08-13 22:27 - 2001-08-17 12:11 - 00029769 ____C (AMD Inc.) C:\WINDOWS\system32\dllcache\pcntn5m.sys
2014-08-13 22:26 - 2008-04-13 10:46 - 00061696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ohci1394.sys
2014-08-13 22:26 - 2001-08-17 22:36 - 00116736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcodec2.dll
2014-08-13 22:26 - 2001-08-17 22:36 - 00044544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovui2.dll
2014-08-13 22:26 - 2001-08-17 22:36 - 00041984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovui2rc.dll
2014-08-13 22:26 - 2001-08-17 22:36 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcoms.exe
2014-08-13 22:26 - 2001-08-17 22:36 - 00020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcomc.dll
2014-08-13 22:26 - 2001-08-17 14:05 - 00351616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcodek2.sys
2014-08-13 22:26 - 2001-08-17 14:05 - 00048000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcam2.sys
2014-08-13 22:26 - 2001-08-17 14:05 - 00031872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovce.sys
2014-08-13 22:26 - 2001-08-17 14:05 - 00028032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcd.sys
2014-08-13 22:26 - 2001-08-17 14:05 - 00025216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovsound2.sys
2014-08-13 22:26 - 2001-08-17 14:05 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovca.sys
2014-08-13 22:26 - 2001-08-17 13:28 - 00054186 ____C (Ositech Communications, Inc.) C:\WINDOWS\system32\dllcache\otcsercb.sys
2014-08-13 22:26 - 2001-08-17 12:50 - 00198144 ____C (NVIDIA Corporation) C:\WINDOWS\system32\dllcache\nv3.sys
2014-08-13 22:26 - 2001-08-17 12:20 - 00054528 ____C (Yamaha Corp.) C:\WINDOWS\system32\dllcache\opl3sax.sys
2014-08-13 22:26 - 2001-08-17 12:12 - 00043689 ____C (Ositech Communications, Inc.) C:\WINDOWS\system32\dllcache\otceth5.sys
2014-08-13 22:26 - 2001-08-17 12:12 - 00027209 ____C (Ositech Communications, Inc.) C:\WINDOWS\system32\dllcache\otc06x5.sys
2014-08-13 22:25 - 2008-04-13 10:54 - 00028672 ____C (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys
2014-08-13 22:25 - 2008-04-13 10:46 - 00085248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2014-08-13 22:25 - 2008-04-13 10:46 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2014-08-13 22:25 - 2004-08-04 05:00 - 00044544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nsepm.dll
2014-08-13 22:25 - 2004-08-03 21:31 - 00132695 ____C (802.11b) C:\WINDOWS\system32\dllcache\netwlan5.sys
2014-08-13 22:25 - 2001-08-17 22:36 - 00123776 ____C (NVIDIA Corporation) C:\WINDOWS\system32\dllcache\nv3.dll
2014-08-13 22:25 - 2001-08-17 22:36 - 00060480 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\neo20xx.dll
2014-08-13 22:25 - 2001-08-17 22:36 - 00059104 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128v2.dll
2014-08-13 22:25 - 2001-08-17 14:56 - 00091488 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i3disp.dll
2014-08-13 22:25 - 2001-08-17 13:53 - 00007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nsmmc.sys
2014-08-13 22:25 - 2001-08-17 13:49 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ne2000.sys
2014-08-13 22:25 - 2001-08-17 13:47 - 00009344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntapm.sys
2014-08-13 22:25 - 2001-08-17 12:50 - 00039264 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\neo20xx.sys
2014-08-13 22:25 - 2001-08-17 12:50 - 00033088 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128v2.sys
2014-08-13 22:25 - 2001-08-17 12:50 - 00027936 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i3d.sys
2014-08-13 22:25 - 2001-08-17 12:50 - 00013664 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128.sys
2014-08-13 22:25 - 2001-08-17 12:49 - 00051552 ____C (Kensington Technology Group) C:\WINDOWS\system32\dllcache\ntgrip.sys
2014-08-13 22:25 - 2001-08-17 12:20 - 00126080 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2014-08-13 22:25 - 2001-08-17 12:20 - 00087040 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\nm6wdm.sys
2014-08-13 22:25 - 2001-08-17 12:12 - 00032840 ____C (NETGEAR Corporation.) C:\WINDOWS\system32\dllcache\ngrpci.sys
2014-08-13 22:25 - 2001-08-17 12:11 - 00065278 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\netflx3.sys
2014-08-13 22:24 - 2008-04-13 16:12 - 00056832 ____C () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2014-08-13 22:24 - 2008-04-13 10:54 - 00022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys
2014-08-13 22:24 - 2008-04-13 10:46 - 00051200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2014-08-13 22:24 - 2008-04-13 10:46 - 00049024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys
2014-08-13 22:24 - 2008-04-13 10:39 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2014-08-13 22:24 - 2001-08-17 22:36 - 00019968 ____C (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\mxicfg.dll
2014-08-13 22:24 - 2001-08-17 22:36 - 00007168 ____C (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\mxport.dll
2014-08-13 22:24 - 2001-08-17 14:56 - 00035392 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128.dll
2014-08-13 22:24 - 2001-08-17 14:02 - 00035200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msgame.sys
2014-08-13 22:24 - 2001-08-17 14:00 - 00002944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msmpu401.sys
2014-08-13 22:24 - 2001-08-17 13:50 - 00075520 ____C (Moxa Technologies Co., Ltd.) C:\WINDOWS\system32\dllcache\mxport.sys
2014-08-13 22:24 - 2001-08-17 13:50 - 00021888 ____C (Moxa Technologies Co., Ltd.) C:\WINDOWS\system32\dllcache\mxcard.sys
2014-08-13 22:24 - 2001-08-17 13:49 - 00019968 ____C (Macronix International Co., Ltd. ) C:\WINDOWS\system32\dllcache\mxnic.sys
2014-08-13 22:24 - 2001-08-17 13:48 - 00012416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msriffwv.sys
2014-08-13 22:24 - 2001-08-17 13:48 - 00006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfsio.sys
2014-08-13 22:24 - 2001-08-17 12:50 - 00103296 ____C (Matrox Graphics Inc) C:\WINDOWS\system32\dllcache\mtxvideo.sys
2014-08-13 22:24 - 2001-08-17 12:11 - 00128000 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\n100325.sys
2014-08-13 22:24 - 2001-08-17 12:11 - 00052255 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\n1000nt5.sys
2014-08-13 22:23 - 2008-04-13 10:46 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2014-08-13 22:23 - 2008-04-13 10:41 - 00026112 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys
2014-08-13 22:23 - 2008-04-13 10:40 - 00007040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys
2014-08-13 22:23 - 2004-08-04 05:00 - 00085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\metada51.dll
2014-08-13 22:23 - 2004-08-04 05:00 - 00037888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\md5filt.dll
2014-08-13 22:23 - 2004-08-04 05:00 - 00007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\migregdb.exe
2014-08-13 22:23 - 2004-08-03 21:41 - 00606684 ____C (LT) C:\WINDOWS\system32\dllcache\ltmdmnt.sys
2014-08-13 22:23 - 2004-08-03 21:41 - 00420992 ____C (LT) C:\WINDOWS\system32\dllcache\ltmdmntt.sys
2014-08-13 22:23 - 2004-08-03 21:39 - 00020864 ____C (Logitech Inc.) C:\WINDOWS\system32\dllcache\lwadihid.sys
2014-08-13 22:23 - 2001-08-17 22:36 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\m3092dc.dll
2014-08-13 22:23 - 2001-08-17 22:36 - 00058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\m3091dc.dll
2014-08-13 22:23 - 2001-08-17 22:36 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\memgrp.dll
2014-08-13 22:23 - 2001-08-17 14:56 - 00235648 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\mgaud.dll
2014-08-13 22:23 - 2001-08-17 13:58 - 00008320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\memcard.sys
2014-08-13 22:23 - 2001-08-17 13:52 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mammoth.sys
2014-08-13 22:23 - 2001-08-17 13:52 - 00006528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\miniqic.sys
2014-08-13 22:23 - 2001-08-17 13:28 - 00802683 ____C (Lucent Technologies) C:\WINDOWS\system32\dllcache\ltsm.sys
2014-08-13 22:23 - 2001-08-17 13:28 - 00797500 ____C (LT) C:\WINDOWS\system32\dllcache\ltsmt.sys
2014-08-13 22:23 - 2001-08-17 13:28 - 00576746 ____C (LT) C:\WINDOWS\system32\dllcache\ltmdmntl.sys
2014-08-13 22:23 - 2001-08-17 12:50 - 00320384 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\mgaum.sys
2014-08-13 22:23 - 2001-08-17 12:49 - 00022848 ____C (Logitech Inc.) C:\WINDOWS\system32\dllcache\lwusbhid.sys
2014-08-13 22:23 - 2001-08-17 12:19 - 00048768 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\maestro.sys
2014-08-13 22:23 - 2001-08-17 12:12 - 00164586 ____C (Madge Networks Ltd) C:\WINDOWS\system32\dllcache\mdgndis5.sys
2014-08-13 22:22 - 2008-04-13 16:12 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2014-08-13 22:22 - 2008-04-13 16:12 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2014-08-13 22:22 - 2008-04-13 16:12 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2014-08-13 22:22 - 2008-04-13 16:11 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll
2014-08-13 22:22 - 2008-04-13 16:11 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll
2014-08-13 22:22 - 2008-04-13 16:09 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106.dll
2014-08-13 22:22 - 2008-04-13 10:40 - 00034688 ____C (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2014-08-13 22:22 - 2004-08-04 05:00 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lmmib2.dll
2014-08-13 22:22 - 2004-08-04 05:00 - 00022528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lpdsvc.dll
2014-08-13 22:22 - 2004-08-04 05:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lprmon.dll
2014-08-13 22:22 - 2004-08-04 05:00 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lonsint.dll
2014-08-13 22:22 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kousd.dll
2014-08-13 22:22 - 2001-08-17 22:36 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdjpn.dll
2014-08-13 22:22 - 2001-08-17 22:36 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkor.dll
2014-08-13 22:22 - 2001-08-17 14:55 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101c.dll
2014-08-13 22:22 - 2001-08-17 14:55 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd103.dll
2014-08-13 22:22 - 2001-08-17 13:53 - 00004992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\loop.sys
2014-08-13 22:22 - 2001-08-17 13:51 - 00015744 ____C (Litronic Industries) C:\WINDOWS\system32\dllcache\lit220p.sys
2014-08-13 22:22 - 2001-08-17 13:28 - 00727786 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ltck000c.sys
2014-08-13 22:22 - 2001-08-17 12:12 - 00070730 ____C (Linksys Group, Inc.) C:\WINDOWS\system32\dllcache\lne100tx.sys
2014-08-13 22:22 - 2001-08-17 12:12 - 00026442 ____C (SMSC) C:\WINDOWS\system32\dllcache\lanepic5.sys
2014-08-13 22:22 - 2001-08-17 12:12 - 00020573 ____C (The Linksts Group ) C:\WINDOWS\system32\dllcache\lne100.sys
2014-08-13 22:22 - 2001-08-17 12:12 - 00019016 ____C (Kingston Technology Company ) C:\WINDOWS\system32\dllcache\ktc111.sys
2014-08-13 22:22 - 2001-08-17 12:11 - 00025065 ____C (D-Link) C:\WINDOWS\system32\dllcache\lmndis3.sys
2014-08-13 22:21 - 2008-04-13 16:12 - 00151552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe
2014-08-13 22:21 - 2008-04-13 16:12 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2014-08-13 22:21 - 2008-04-13 16:11 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll
2014-08-13 22:21 - 2008-04-13 10:54 - 00088192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys
2014-08-13 22:21 - 2004-08-04 05:00 - 00257024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infocomm.dll
2014-08-13 22:21 - 2004-08-04 05:00 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iische51.dll
2014-08-13 22:21 - 2004-08-04 05:00 - 00079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iislog51.dll
2014-08-13 22:21 - 2004-08-04 05:00 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iprip.dll
2014-08-13 22:21 - 2004-08-04 05:00 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iscomlog.dll
2014-08-13 22:21 - 2004-08-04 05:00 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisadmin.dll
2014-08-13 22:21 - 2004-08-04 05:00 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetin51.exe
2014-08-13 22:21 - 2004-08-04 05:00 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisfecnv.dll
2014-08-13 22:21 - 2001-08-17 22:36 - 00372824 ____C (Xircom) C:\WINDOWS\system32\dllcache\iconf32.dll
2014-08-13 22:21 - 2001-08-17 22:36 - 00090200 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\io8ports.dll
2014-08-13 22:21 - 2001-08-17 22:36 - 00045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5com.dll
2014-08-13 22:21 - 2001-08-17 22:36 - 00020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5ext.dll
2014-08-13 22:21 - 2001-08-17 14:55 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101b.dll
2014-08-13 22:21 - 2001-08-17 14:06 - 00154496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4usb.sys
2014-08-13 22:21 - 2001-08-17 14:06 - 00100992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5usb.sys
2014-08-13 22:21 - 2001-08-17 13:51 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irsir.sys
2014-08-13 22:21 - 2001-08-17 13:50 - 00038784 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\io8.sys
2014-08-13 22:21 - 2001-08-17 13:49 - 00026624 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\dllcache\irstusb.sys
2014-08-13 22:21 - 2001-08-17 13:49 - 00023552 ____C (MKNet Corporation) C:\WINDOWS\system32\dllcache\irmk7.sys
2014-08-13 22:21 - 2001-08-17 13:47 - 00013056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inport.sys
2014-08-13 22:21 - 2001-08-17 12:12 - 00045632 ____C (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) C:\WINDOWS\system32\dllcache\ip5515.sys
2014-08-13 22:20 - 2008-04-13 16:11 - 00702845 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2014-08-13 22:20 - 2004-08-04 05:00 - 00268288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\httpext.dll
2014-08-13 22:20 - 2004-08-04 05:00 - 00061440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\httpod51.dll
2014-08-13 22:20 - 2004-08-04 05:00 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\httpmb51.dll
2014-08-13 22:20 - 2004-08-03 21:29 - 00161020 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xnt5.sys
2014-08-13 22:20 - 2001-08-17 22:36 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4com.dll
2014-08-13 22:20 - 2001-08-17 22:36 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4ext.dll
2014-08-13 22:20 - 2001-08-17 22:36 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam3ext.dll
2014-08-13 22:20 - 2001-08-17 22:34 - 00009216 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmsgnet.dll
2014-08-13 22:20 - 2001-08-17 14:56 - 00353184 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\i740dnt5.dll
2014-08-13 22:20 - 2001-08-17 14:06 - 00038528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ibmvcap.sys
2014-08-13 22:20 - 2001-08-17 14:05 - 00141056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam3.sys
2014-08-13 22:20 - 2001-08-17 13:28 - 00542879 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_msft.sys
2014-08-13 22:20 - 2001-08-17 13:28 - 00488383 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_v124.sys
2014-08-13 22:20 - 2001-08-17 13:28 - 00391199 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_k56k.sys
2014-08-13 22:20 - 2001-08-17 13:28 - 00073279 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_spkp.sys
2014-08-13 22:20 - 2001-08-17 13:28 - 00057471 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_samp.sys
2014-08-13 22:20 - 2001-08-17 13:28 - 00050751 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_tone.sys
2014-08-13 22:20 - 2001-08-17 13:28 - 00044863 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_soar.sys
2014-08-13 22:20 - 2001-08-17 12:49 - 00058592 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\i740nt5.sys
2014-08-13 22:20 - 2001-08-17 12:12 - 00109085 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmtrp.sys
2014-08-13 22:20 - 2001-08-17 12:12 - 00100936 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmtok.sys
2014-08-13 22:20 - 2001-08-17 12:11 - 00028700 ____C (IBM Corp.) C:\WINDOWS\system32\dllcache\ibmexmp.sys
2014-08-13 22:19 - 2008-04-13 10:36 - 00020352 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys
2014-08-13 22:19 - 2004-08-04 05:00 - 00039936 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hostmib.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpojwia.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00165888 ____C () C:\WINDOWS\system32\dllcache\hpgt53.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00126976 ____C (Hewlett Packard) C:\WINDOWS\system32\dllcache\hpgt34tk.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt21tk.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00119296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpdigwia.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00101376 ____C () C:\WINDOWS\system32\dllcache\hpgt34.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00093696 ____C () C:\WINDOWS\system32\dllcache\hpgt42.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00089088 ____C () C:\WINDOWS\system32\dllcache\hpgt33.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00083968 ____C () C:\WINDOWS\system32\dllcache\hpgt21.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00068608 ____C (Avisioin) C:\WINDOWS\system32\dllcache\hpgt53tk.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt33tk.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgtmcro.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt42tk.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hr1w.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpsjmcro.dll
2014-08-13 22:19 - 2001-08-17 22:36 - 00009759 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_inst.dll
2014-08-13 22:19 - 2001-08-17 14:02 - 00008576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidgame.sys
2014-08-13 22:19 - 2001-08-17 14:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2014-08-13 22:19 - 2001-08-17 13:52 - 00005760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpt4qic.sys
2014-08-13 22:19 - 2001-08-17 13:28 - 00907456 ____C (Conexant) C:\WINDOWS\system32\dllcache\hcf_msft.sys
2014-08-13 22:19 - 2001-08-17 13:28 - 00289887 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_fall.sys
2014-08-13 22:19 - 2001-08-17 13:28 - 00199711 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_faxx.sys
2014-08-13 22:19 - 2001-08-17 13:28 - 00150239 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_amos.sys
2014-08-13 22:19 - 2001-08-17 13:28 - 00115807 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_fsks.sys
2014-08-13 22:19 - 2001-08-17 13:28 - 00067167 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
2014-08-13 22:18 - 2008-04-13 10:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2014-08-13 22:18 - 2008-04-13 10:45 - 00010624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys
2014-08-13 22:18 - 2008-04-13 10:40 - 00028288 ____C (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys
2014-08-13 22:18 - 2004-08-04 05:00 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpsv251.dll
2014-08-13 22:18 - 2004-08-04 05:00 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gzip.dll
2014-08-13 22:18 - 2004-08-04 05:00 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\exstrace.dll
2014-08-13 22:18 - 2004-08-04 05:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpmib.dll
2014-08-13 22:18 - 2004-08-03 21:31 - 00034173 ____C (Marconi Communications, Inc.) C:\WINDOWS\system32\dllcache\forehe.sys
2014-08-13 22:18 - 2003-03-24 16:52 - 00024632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpadmcgi.exe
2014-08-13 22:18 - 2003-03-24 16:52 - 00020541 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpadmdll.dll
2014-08-13 22:18 - 2001-08-17 22:36 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fuusd.dll
2014-08-13 22:18 - 2001-08-17 22:36 - 00071680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fnfilter.dll
2014-08-13 22:18 - 2001-08-17 14:56 - 01733120 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g400d.dll
2014-08-13 22:18 - 2001-08-17 14:56 - 00470144 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g200d.dll
2014-08-13 22:18 - 2001-08-17 13:52 - 00007040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\exabyte2.sys
2014-08-13 22:18 - 2001-08-17 13:51 - 00082304 ____C (Gemplus) C:\WINDOWS\system32\dllcache\grclass.sys
2014-08-13 22:18 - 2001-08-17 13:51 - 00017408 ____C (Gemplus) C:\WINDOWS\system32\dllcache\gpr400.sys
2014-08-13 22:18 - 2001-08-17 12:49 - 00322432 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g400m.sys
2014-08-13 22:18 - 2001-08-17 12:49 - 00320384 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g200m.sys
2014-08-13 22:18 - 2001-08-17 12:15 - 00455680 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fus2base.sys
2014-08-13 22:18 - 2001-08-17 12:15 - 00455296 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fusbbase.sys
2014-08-13 22:18 - 2001-08-17 12:15 - 00454912 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fxusbase.sys
2014-08-13 22:18 - 2001-08-17 12:15 - 00442240 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fpnpbase.sys
2014-08-13 22:18 - 2001-08-17 12:14 - 00444416 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fpcibase.sys
2014-08-13 22:18 - 2001-08-17 12:14 - 00441728 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fpcmbase.sys
2014-08-13 22:18 - 2001-08-17 12:13 - 00027165 ____C (VIA Technologies, Inc. ) C:\WINDOWS\system32\dllcache\fetnd5.sys
2014-08-13 22:18 - 2001-08-17 12:12 - 00024618 ____C (NETGEAR) C:\WINDOWS\system32\dllcache\fa410nd5.sys
2014-08-13 22:18 - 2001-08-17 12:12 - 00016074 ____C (NETGEAR Corp.) C:\WINDOWS\system32\dllcache\fa312nd5.sys
2014-08-13 22:18 - 2001-08-17 12:11 - 00012362 ____C (FUJITSU LIMITED) C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2014-08-13 22:18 - 2001-08-17 12:11 - 00011850 ____C (FUJITSU LIMITED) C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2014-08-13 22:18 - 2001-08-17 12:10 - 00022090 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\fem556n5.sys
2014-08-13 22:17 - 2004-08-04 05:00 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntagnt.dll
2014-08-13 22:17 - 2004-08-04 05:00 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntwin.exe
2014-08-13 22:17 - 2004-08-04 05:00 - 00024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntcmd.exe
2014-08-13 22:17 - 2004-08-03 21:32 - 00137088 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\essm2e.sys
2014-08-13 22:17 - 2001-08-17 22:36 - 00061952 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnloop.exe
2014-08-13 22:17 - 2001-08-17 22:36 - 00053248 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqndiag.exe
2014-08-13 22:17 - 2001-08-17 22:36 - 00051200 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnlogr.exe
2014-08-13 22:17 - 2001-08-17 22:36 - 00045568 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esunib.dll
2014-08-13 22:17 - 2001-08-17 22:36 - 00045568 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuni.dll
2014-08-13 22:17 - 2001-08-17 22:36 - 00043008 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esucm.dll
2014-08-13 22:17 - 2001-08-17 22:36 - 00034816 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuimg.dll
2014-08-13 22:17 - 2001-08-17 13:53 - 00007296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\elmsmc.sys
2014-08-13 22:17 - 2001-08-17 13:50 - 00144896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\epcfw2k.sys
2014-08-13 22:17 - 2001-08-17 13:50 - 00114944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\epstw2k.sys
2014-08-13 22:17 - 2001-08-17 13:46 - 00006400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\enum1394.sys
2014-08-13 22:17 - 2001-08-17 13:28 - 00595647 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56cvmp.sys
2014-08-13 22:17 - 2001-08-17 13:28 - 00594238 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56hpi.sys
2014-08-13 22:17 - 2001-08-17 13:28 - 00347550 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56tpi.sys
2014-08-13 22:17 - 2001-08-17 12:19 - 00283904 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\emu10k1m.sys
2014-08-13 22:17 - 2001-08-17 12:19 - 00174464 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es198x.sys
2014-08-13 22:17 - 2001-08-17 12:19 - 00072192 ____C (ESS Technology Inc.) C:\WINDOWS\system32\dllcache\es1969.sys
2014-08-13 22:17 - 2001-08-17 12:19 - 00063360 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\ess.sys
2014-08-13 22:17 - 2001-08-17 12:19 - 00040704 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1371mp.sys
2014-08-13 22:17 - 2001-08-17 12:19 - 00037120 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1370mp.sys
2014-08-13 22:17 - 2001-08-17 12:17 - 00629952 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqn.sys
2014-08-13 22:17 - 2001-08-17 12:12 - 00018503 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\epro4.sys
2014-08-13 22:17 - 2001-08-17 12:12 - 00016998 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ex10.sys
2014-08-13 22:17 - 2001-08-17 12:11 - 00455199 ____C (3Com Corporation.) C:\WINDOWS\system32\dllcache\el985n51.sys
2014-08-13 22:17 - 2001-08-17 12:11 - 00171520 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el99xn51.sys
2014-08-13 22:17 - 2001-08-17 12:11 - 00153631 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el90xnd5.sys
2014-08-13 22:17 - 2001-08-17 12:11 - 00070174 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el98xn5.sys
2014-08-13 22:17 - 2001-08-17 12:11 - 00066591 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el90xbc5.sys
2014-08-13 22:17 - 2001-08-17 12:10 - 00025159 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\elnk3.sys
2014-08-13 22:17 - 2001-08-17 12:10 - 00019996 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\em556n4.sys
2014-08-13 22:16 - 2008-04-13 16:12 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2014-08-13 22:16 - 2008-04-13 10:40 - 00008320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys
2014-08-13 22:16 - 2001-08-17 22:36 - 00614429 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiview.exe
2014-08-13 22:16 - 2001-08-17 22:36 - 00419357 ____C (Digi International) C:\WINDOWS\system32\dllcache\dgconfig.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00236060 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\ditrace.exe
2014-08-13 22:16 - 2001-08-17 22:36 - 00229462 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digifwrk.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00159828 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digihlc.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00131156 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digidbp.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00110621 ____C (Digi International, Inc.) C:\WINDOWS\system32\dllcache\digirlpt.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00102484 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiinf.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00065622 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiasyn.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00041046 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiisdn.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00038985 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvsu.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00037962 ____C () C:\WINDOWS\system32\dllcache\divaprop.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00031305 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvpp.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00029768 ____C () C:\WINDOWS\system32\dllcache\divasu.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00006729 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvci.dll
2014-08-13 22:16 - 2001-08-17 22:36 - 00006216 ____C () C:\WINDOWS\system32\dllcache\divaci.dll
2014-08-13 22:16 - 2001-08-17 13:47 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4scan.sys
2014-08-13 22:16 - 2001-08-17 13:28 - 00634134 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656ct5.sys
2014-08-13 22:16 - 2001-08-17 13:28 - 00241206 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656se5.sys
2014-08-13 22:16 - 2001-08-17 12:20 - 00334208 ____C (Yamaha Corp.) C:\WINDOWS\system32\dllcache\ds1wdm.sys
2014-08-13 22:16 - 2001-08-17 12:17 - 00090525 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digifep5.sys
2014-08-13 22:16 - 2001-08-17 12:17 - 00042432 ____C (Digi International, Inc.) C:\WINDOWS\system32\dllcache\digirlpt.sys
2014-08-13 22:16 - 2001-08-17 12:17 - 00029531 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\dgapci.sys
2014-08-13 22:16 - 2001-08-17 12:14 - 00952007 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\diwan.sys
2014-08-13 22:16 - 2001-08-17 12:14 - 00021606 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiisdn.sys
2014-08-13 22:16 - 2001-08-17 12:13 - 00103044 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digidxb.sys
2014-08-13 22:16 - 2001-08-17 12:13 - 00091305 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\dimaint.sys
2014-08-13 22:16 - 2001-08-17 12:13 - 00037735 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiasyn.sys
2014-08-13 22:16 - 2001-08-17 12:12 - 00050719 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\e1000nt5.sys
2014-08-13 22:16 - 2001-08-17 12:12 - 00028062 ____C (National Semiconductor Coproration) C:\WINDOWS\system32\dllcache\dp83820.sys
2014-08-13 22:16 - 2001-08-17 12:12 - 00019594 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\e100isa4.sys
2014-08-13 22:16 - 2001-08-17 12:11 - 00077386 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656nd5.sys
2014-08-13 22:16 - 2001-08-17 12:11 - 00069194 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656cd5.sys
2014-08-13 22:16 - 2001-08-17 12:11 - 00029696 ____C (CNet Technology, Inc. ) C:\WINDOWS\system32\dllcache\dm9pci5.sys
2014-08-13 22:16 - 2001-08-17 12:11 - 00026698 ____C (D-Link Corporation) C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
2014-08-13 22:16 - 2001-08-17 12:11 - 00024649 ____C (D-Link) C:\WINDOWS\system32\dllcache\dfe650d.sys
2014-08-13 22:16 - 2001-08-17 12:10 - 00069692 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el575nd5.sys
2014-08-13 22:16 - 2001-08-17 12:10 - 00055999 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el556nd5.sys
2014-08-13 22:16 - 2001-08-17 12:10 - 00044103 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el515.sys
2014-08-13 22:16 - 2001-08-17 12:10 - 00026141 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el589nd5.sys
2014-08-13 22:16 - 2001-08-17 12:10 - 00024653 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el574nd4.sys
2014-08-13 22:15 - 2008-04-13 16:11 - 00249856 ____C (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll
2014-08-13 22:15 - 2008-04-13 10:36 - 00013952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys
2014-08-13 22:15 - 2008-04-13 10:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys
2014-08-13 22:15 - 2004-08-04 05:00 - 00042496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\davcdata.exe
2014-08-13 22:15 - 2004-08-04 05:00 - 00024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compfilt.dll
2014-08-13 22:15 - 2004-08-03 21:32 - 00048640 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwrwdm.sys
2014-08-13 22:15 - 2001-08-17 22:36 - 00256512 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\devcon32.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00216064 ____C (COMPAQ Inc.) C:\WINDOWS\system32\dllcache\cpscan.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00175104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\csamsp.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc260usd.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc240usd.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00080896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc210usd.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cnusd.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyycoins.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzports.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyyports.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzcoins.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc210_32.dll
2014-08-13 22:15 - 2001-08-17 22:36 - 00024064 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\devldr32.exe
2014-08-13 22:15 - 2001-08-17 22:36 - 00004096 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctwdm32.dll
2014-08-13 22:15 - 2001-08-17 14:56 - 00170880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl546x.dll
2014-08-13 22:15 - 2001-08-17 14:56 - 00111232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl5465.dll
2014-08-13 22:15 - 2001-08-17 14:56 - 00091264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cirrus.dll
2014-08-13 22:15 - 2001-08-17 14:02 - 00272640 ____C (RAVISENT Technologies Inc.) C:\WINDOWS\system32\dllcache\cinemclc.sys
2014-08-13 22:15 - 2001-08-17 13:57 - 00248064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl546xm.sys
2014-08-13 22:15 - 2001-08-17 13:57 - 00045696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cirrus.sys
2014-08-13 22:15 - 2001-08-17 13:52 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddsmc.sys
2014-08-13 22:15 - 2001-08-17 13:51 - 00020736 ____C (OMNIKEY AG) C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
2014-08-13 22:15 - 2001-08-17 13:50 - 00050176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyyport.sys
2014-08-13 22:15 - 2001-08-17 13:50 - 00049792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzport.sys
2014-08-13 22:15 - 2001-08-17 13:50 - 00017152 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyclad-z.sys
2014-08-13 22:15 - 2001-08-17 13:50 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyclom-y.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00111872 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcspud.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00096256 ____C (Copyright © Creative Technology Ltd. 1994-2001) C:\WINDOWS\system32\dllcache\ctlsb16.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00093952 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcwdm.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00072832 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbwdm.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00042112 ____C (Conexant Systems Inc.) C:\WINDOWS\system32\dllcache\crtaud.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00006912 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctlfacem.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00003712 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctljystk.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00003584 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcosnt5.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00003072 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbmidi.sys
2014-08-13 22:15 - 2001-08-17 12:19 - 00003072 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbase.sys
2014-08-13 22:15 - 2001-08-17 12:13 - 00980034 ____C (Xircom) C:\WINDOWS\system32\dllcache\cicap.sys
2014-08-13 22:15 - 2001-08-17 12:13 - 00021533 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\cpqndis5.sys
2014-08-13 22:15 - 2001-08-17 12:12 - 00117760 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\d100ib5.sys
2014-08-13 22:15 - 2001-08-17 12:12 - 00063208 ____C (Intel Corporation.) C:\WINDOWS\system32\dllcache\dc21x4.sys
2014-08-13 22:15 - 2001-08-17 12:11 - 00060970 ____C (Compaq Computer Corp.) C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
2014-08-13 22:15 - 2001-08-17 12:11 - 00039936 ____C (Conexant Systems, Inc.) C:\WINDOWS\system32\dllcache\cnxt1803.sys
2014-08-13 22:15 - 2001-08-17 12:11 - 00024648 ____C (D-Link) C:\WINDOWS\system32\dllcache\dfe650.sys
2014-08-13 22:15 - 2001-08-17 12:11 - 00020928 ____C (Digital Networks, LLC) C:\WINDOWS\system32\dllcache\defpa.sys
2014-08-13 22:14 - 2008-04-13 16:11 - 00121856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll
2014-08-13 22:14 - 2008-04-13 10:46 - 00017024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2014-08-13 22:14 - 2008-04-13 10:40 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys
2014-08-13 22:14 - 2001-08-17 22:37 - 00244224 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext20.ax
2014-08-13 22:14 - 2001-08-17 22:37 - 00116736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.ax
2014-08-13 22:14 - 2001-08-17 22:37 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camexo20.ax
2014-08-13 22:14 - 2001-08-17 22:36 - 00236032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext20.dll
2014-08-13 22:14 - 2001-08-17 22:36 - 00074240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camexo20.dll
2014-08-13 22:14 - 2001-08-17 22:36 - 00041472 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfusb.dll
2014-08-13 22:14 - 2001-08-17 22:36 - 00032256 ____C (Eicon Technology Corporation) C:\WINDOWS\system32\dllcache\diapi2NT.dll
2014-08-13 22:14 - 2001-08-17 22:36 - 00032256 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfrsmg.exe
2014-08-13 22:14 - 2001-08-17 22:36 - 00029696 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmflpt.dll
2014-08-13 22:14 - 2001-08-17 22:36 - 00009728 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brserif.dll
2014-08-13 22:14 - 2001-08-17 22:36 - 00005120 ____C (Brother Industries,Ltd.) C:\WINDOWS\system32\dllcache\brscnrsm.dll
2014-08-13 22:14 - 2001-08-17 14:05 - 00314752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdro21.sys
2014-08-13 22:14 - 2001-08-17 14:04 - 00223232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdrv21.sys
2014-08-13 22:14 - 2001-08-17 14:04 - 00171264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdrv30.sys
2014-08-13 22:14 - 2001-08-17 13:51 - 00013824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bulltlp3.sys
2014-08-13 22:14 - 2001-08-17 13:28 - 00714698 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2014-08-13 22:14 - 2001-08-17 13:12 - 00060416 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brserwdm.sys
2014-08-13 22:14 - 2001-08-17 13:12 - 00039552 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparwdm.sys
2014-08-13 22:14 - 2001-08-17 13:12 - 00011008 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbmdm.sys
2014-08-13 22:14 - 2001-08-17 13:12 - 00010368 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbscn.sys
2014-08-13 22:14 - 2001-08-17 13:12 - 00003168 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparimg.sys
2014-08-13 22:14 - 2001-08-17 12:13 - 00164923 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\diapi2.sys
2014-08-13 22:14 - 2001-08-17 12:13 - 00049182 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem56n5.sys
2014-08-13 22:14 - 2001-08-17 12:13 - 00046108 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cben5.sys
2014-08-13 22:14 - 2001-08-17 12:13 - 00027164 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ce3n5.sys
2014-08-13 22:14 - 2001-08-17 12:13 - 00022044 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem33n5.sys
2014-08-13 22:14 - 2001-08-17 12:13 - 00022044 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem28n5.sys
2014-08-13 22:14 - 2001-08-17 12:13 - 00021530 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ce2n5.sys
2014-08-13 22:14 - 2001-08-17 12:12 - 00039680 ____C (Silicom Ltd.) C:\WINDOWS\system32\dllcache\cb325.sys
2014-08-13 22:14 - 2001-08-17 12:12 - 00037916 ____C (Fast Ethernet Controller Provider) C:\WINDOWS\system32\dllcache\cb102.sys
2014-08-13 22:14 - 2001-08-17 12:11 - 00031529 ____C (BreezeCOM) C:\WINDOWS\system32\dllcache\brzwlan.sys
2014-08-13 22:13 - 2014-08-13 22:37 - 00007615 _____ () C:\WINDOWS\setupapi.log
2014-08-13 22:13 - 2008-04-13 16:12 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2014-08-13 22:13 - 2008-04-13 10:46 - 00053376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys
2014-08-13 22:13 - 2008-04-13 10:46 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys
2014-08-13 22:13 - 2008-04-13 10:46 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys
2014-08-13 22:13 - 2008-04-13 10:46 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys
2014-08-13 22:13 - 2008-04-13 10:46 - 00011776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2014-08-13 22:13 - 2008-04-13 10:40 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys
2014-08-13 22:13 - 2008-04-13 10:36 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys
2014-08-13 22:13 - 2004-08-04 05:00 - 00369664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asp51.dll
2014-08-13 22:13 - 2004-08-04 05:00 - 00331264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aqueue.dll
2014-08-13 22:13 - 2004-08-04 05:00 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\appconf.dll
2014-08-13 22:13 - 2004-08-04 05:00 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admexs.dll
2014-08-13 22:13 - 2004-08-03 21:32 - 00231552 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys
2014-08-13 22:13 - 2004-08-03 21:32 - 00084480 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys
2014-08-13 22:13 - 2004-08-03 21:32 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys
2014-08-13 22:13 - 2004-08-03 21:31 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys
2014-08-13 22:13 - 2001-08-17 22:37 - 00024576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax
2014-08-13 22:13 - 2001-08-17 22:36 - 00462848 ____C (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\binlsvc.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00098304 ____C (Aureal Semiconductor) C:\WINDOWS\system32\dllcache\a3d.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00087552 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\brmfcwia.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00061440 ____C (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe
2014-08-13 22:13 - 2001-08-17 22:36 - 00019456 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brbidiif.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00015360 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfbidi.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00012800 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brevif.dll
2014-08-13 22:13 - 2001-08-17 22:36 - 00009728 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brcoinst.dll
2014-08-13 22:13 - 2001-08-17 14:56 - 00342336 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.dll
2014-08-13 22:13 - 2001-08-17 14:56 - 00268160 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll
2014-08-13 22:13 - 2001-08-17 14:56 - 00137216 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll
2014-08-13 22:13 - 2001-08-17 14:56 - 00104832 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll
2014-08-13 22:13 - 2001-08-17 14:55 - 00689216 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll
2014-08-13 22:13 - 2001-08-17 14:55 - 00382592 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll
2014-08-13 22:13 - 2001-08-17 14:55 - 00096128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll
2014-08-13 22:13 - 2001-08-17 14:55 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll
2014-08-13 22:13 - 2001-08-17 14:06 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys
2014-08-13 22:13 - 2001-08-17 14:01 - 00036096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys
2014-08-13 22:13 - 2001-08-17 13:57 - 00077568 ____C (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys
2014-08-13 22:13 - 2001-08-17 13:53 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys
2014-08-13 22:13 - 2001-08-17 13:49 - 00026624 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys
2014-08-13 22:13 - 2001-08-17 13:47 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys
2014-08-13 22:13 - 2001-08-17 13:28 - 00871388 ____C (BCM) C:\WINDOWS\system32\dllcache\bcmdm.sys
2014-08-13 22:13 - 2001-08-17 13:28 - 00762780 ____C (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys
2014-08-13 22:13 - 2001-08-17 13:12 - 00012160 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltlo.sys
2014-08-13 22:13 - 2001-08-17 13:12 - 00003968 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltup.sys
2014-08-13 22:13 - 2001-08-17 13:12 - 00002944 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brfilt.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00075136 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00049920 ____C () C:\WINDOWS\system32\dllcache\atirtcap.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00046464 ____C () C:\WINDOWS\system32\dllcache\atibt829.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00026880 ____C () C:\WINDOWS\system32\dllcache\atirtsnd.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00026624 ____C () C:\WINDOWS\system32\dllcache\ativxbar.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00023552 ____C () C:\WINDOWS\system32\dllcache\atixbar.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00019456 ____C () C:\WINDOWS\system32\dllcache\ativttxx.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00017152 ____C () C:\WINDOWS\system32\dllcache\atitvsnd.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00017152 ____C () C:\WINDOWS\system32\dllcache\atitunep.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00010240 ____C () C:\WINDOWS\system32\dllcache\atipcxxx.sys
2014-08-13 22:13 - 2001-08-17 12:49 - 00009472 ____C () C:\WINDOWS\system32\dllcache\ativmdcd.sys
2014-08-13 22:13 - 2001-08-17 12:48 - 00289664 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys
2014-08-13 22:13 - 2001-08-17 12:48 - 00281600 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys
2014-08-13 22:13 - 2001-08-17 12:48 - 00148352 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2014-08-13 22:13 - 2001-08-17 12:48 - 00070528 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys
2014-08-13 22:13 - 2001-08-17 12:48 - 00036128 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.sys
2014-08-13 22:13 - 2001-08-17 12:20 - 00297728 ____C (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys
2014-08-13 22:13 - 2001-08-17 12:20 - 00096256 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys
2014-08-13 22:13 - 2001-08-17 12:19 - 00747392 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys
2014-08-13 22:13 - 2001-08-17 12:19 - 00584448 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys
2014-08-13 22:13 - 2001-08-17 12:19 - 00553984 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys
2014-08-13 22:13 - 2001-08-17 12:19 - 00036992 ____C (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys
2014-08-13 22:13 - 2001-08-17 12:13 - 00089952 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\b1cbase.sys
2014-08-13 22:13 - 2001-08-17 12:13 - 00037568 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys
2014-08-13 22:13 - 2001-08-17 12:12 - 00097354 ____C (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00096640 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\b57xp32.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00066557 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42u.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00054271 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42xx5.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00046112 ____C (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00027678 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00026568 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm4e5.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00020160 ____C (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys
2014-08-13 22:13 - 2001-08-17 12:11 - 00016969 ____C (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys
2014-08-13 22:12 - 2004-08-04 05:00 - 00829440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetmgr.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00290816 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adsiis51.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00275968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\certwiz.ocx
2014-08-13 22:12 - 2004-08-04 05:00 - 00133632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrtl.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\logui.ocx
2014-08-13 22:12 - 2004-08-04 05:00 - 00076288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2014-08-13 22:12 - 2004-08-04 05:00 - 00068608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\isatq.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00068608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisext51.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00064512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iismap.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\coadmin.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admwprox.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00030720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrstas.exe
2014-08-13 22:12 - 2004-08-04 05:00 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infoadmn.dll
2014-08-13 22:12 - 2004-08-04 05:00 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\staxmem.dll
2014-08-13 22:12 - 2004-05-13 00:39 - 00876653 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4awel.dll
2014-08-13 22:12 - 2004-05-13 00:39 - 00598071 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpmmc.dll
2014-08-13 22:12 - 2004-05-13 00:39 - 00184435 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4amsft.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpmmcsat.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00188494 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpcount.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00188480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cfgwiz.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00147513 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4apws.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00109328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp98swin.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00102509 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4atxt.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00082035 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4anscp.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00049212 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4awebs.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00049210 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4areg.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00041020 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4avnb.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00032827 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tcptest.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00032826 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4avss.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00020541 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpexedll.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\author.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admin.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00020538 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpremadm.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00020536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shtml.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00016439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\author.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00016439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admin.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00016437 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shtml.exe
2014-08-13 22:12 - 2003-03-24 16:52 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tcptsat.dll
2014-08-13 22:12 - 2003-03-24 16:52 - 00014608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp98sadm.exe
2014-08-13 22:12 - 2001-08-17 14:56 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll
2014-08-13 22:08 - 2014-08-13 22:08 - 00069976 _____ () C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-13 21:37 - 2014-08-14 05:55 - 00032282 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-13 21:37 - 2014-08-13 21:37 - 00255864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-13 21:24 - 2014-08-13 23:16 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Desktop\tools
2014-08-10 08:05 - 2014-08-10 08:05 - 00000000 ____D () C:\Report
2014-08-10 06:09 - 2014-08-10 06:09 - 26738688 _____ () C:\WINDOWS\system32\config\software.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 04718592 _____ () C:\WINDOWS\system32\config\system.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 00524288 _____ () C:\WINDOWS\system32\config\default.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 00262144 _____ () C:\WINDOWS\system32\config\security.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 00024576 _____ () C:\WINDOWS\system32\config\sam.bhv
2014-08-09 21:40 - 2014-08-09 21:40 - 00001764 _____ () C:\WINDOWS\system32\.crusader
2014-08-09 20:22 - 2014-08-09 20:22 - 00003974 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-07-18 09:15 - 2014-07-18 09:15 - 00229437 _____ () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4.zip
2014-07-18 09:15 - 2014-07-18 09:15 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 06:05 - 2011-01-12 09:21 - 00000446 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{12399F40-102A-400E-98E0-ACACC7DAD757}.job
2014-08-14 06:03 - 2014-08-14 06:02 - 00000000 ____D () C:\FRST
2014-08-14 06:03 - 2013-11-17 20:40 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Local Settings\temp
2014-08-14 05:55 - 2014-08-13 21:37 - 00032282 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-14 05:53 - 2014-08-13 23:10 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 05:44 - 2013-07-10 17:59 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1897952563-623108426-4068385309-1005UA.job
2014-08-14 05:39 - 2013-11-17 21:01 - 01168200 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-14 00:08 - 2014-03-22 14:34 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-14 00:08 - 2013-07-04 01:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce788d96cd7b36.job
2014-08-14 00:08 - 2004-12-17 16:48 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-14 00:08 - 2004-12-17 16:46 - 00013646 _____ () C:\WINDOWS\system32\WPA.DBL
2014-08-14 00:07 - 2004-12-17 16:28 - 00000000 ____D () C:\WINDOWS\Connection Wizard
2014-08-14 00:07 - 2004-08-11 16:09 - 00000214 _____ () C:\WINDOWS\WIADEBUG.LOG
2014-08-14 00:05 - 2004-12-28 10:32 - 00000178 ___SH () C:\Documents and Settings\Michael S Bergman\NTUSER.INI
2014-08-13 23:33 - 2014-08-13 23:15 - 00031896 _____ () C:\WINDOWS\ie8_main.log
2014-08-13 23:26 - 2014-08-13 23:26 - 00000745 _____ () C:\WINDOWS\updspapi.log
2014-08-13 23:26 - 2014-08-13 23:26 - 00000183 _____ () C:\WINDOWS\spupdsvc.log
2014-08-13 23:26 - 2014-08-13 23:25 - 00105047 _____ () C:\WINDOWS\ie8.log
2014-08-13 23:16 - 2014-08-13 21:24 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Desktop\tools
2014-08-13 23:13 - 2004-08-11 16:09 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2014-08-13 23:08 - 2014-08-13 23:08 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 23:08 - 2014-08-13 23:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-13 23:08 - 2014-08-13 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 23:08 - 2012-08-23 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-13 23:07 - 2014-08-13 23:07 - 00002384 _____ () C:\Documents and Settings\Michael S Bergman\Desktop\Google Chrome.lnk
2014-08-13 22:37 - 2014-08-13 22:13 - 00007615 _____ () C:\WINDOWS\setupapi.log
2014-08-13 22:09 - 2012-08-23 17:40 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-13 22:09 - 2004-12-17 16:27 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-13 22:08 - 2014-08-13 22:08 - 00069976 _____ () C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-13 22:08 - 2014-08-13 22:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-13 22:08 - 2004-12-17 16:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-13 21:59 - 2004-08-11 16:07 - 00000284 _____ () C:\WINDOWS\system.ini
2014-08-13 21:58 - 2014-02-17 16:29 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-13 21:58 - 2013-07-12 13:26 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 21:37 - 2014-08-13 21:37 - 00255864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-13 21:33 - 2004-12-28 10:32 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman
2014-08-13 21:24 - 2004-12-17 16:33 - 00000239 ___SH () C:\boot.ini
2014-08-13 21:24 - 2004-08-11 16:15 - 00000979 _____ () C:\WINDOWS\WIN.INI
2014-08-13 21:19 - 2005-06-30 08:03 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-10 19:40 - 2005-02-11 15:26 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Application Data\AOL
2014-08-10 19:40 - 2004-12-17 17:07 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-08-10 19:40 - 2004-12-17 16:25 - 00000000 ____D () C:\I386
2014-08-10 19:38 - 2005-02-04 09:57 - 00000000 ____D () C:\WINDOWS\Sun
2014-08-10 19:36 - 2011-08-01 09:49 - 00056158 ____C () C:\Documents and Settings\Michael S Bergman\My Documents\15537-OMEGAMICROFILM;[eDED]download;30856721.eml
2014-08-10 19:33 - 2004-12-17 16:28 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-10 19:28 - 2004-12-28 10:48 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Application Data\Adobe
2014-08-10 19:21 - 2004-12-17 17:01 - 00000000 ____D () C:\Program Files\Adobe
2014-08-10 09:43 - 2004-12-28 10:32 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-08-10 09:37 - 2004-12-28 10:30 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-08-10 09:36 - 2004-12-17 16:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-08-10 08:05 - 2014-08-10 08:05 - 00000000 ____D () C:\Report
2014-08-10 06:09 - 2014-08-10 06:09 - 26738688 _____ () C:\WINDOWS\system32\config\software.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 04718592 _____ () C:\WINDOWS\system32\config\system.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 00524288 _____ () C:\WINDOWS\system32\config\default.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 00262144 _____ () C:\WINDOWS\system32\config\security.bhv
2014-08-10 06:09 - 2014-08-10 06:09 - 00024576 _____ () C:\WINDOWS\system32\config\sam.bhv
2014-08-10 06:09 - 2009-12-14 14:58 - 00000000 ____D () C:\Program Files\AOL 9.0
2014-08-10 06:09 - 2008-12-31 10:19 - 00000000 __HDC () C:\WINDOWS\$NtServicePackUninstall$
2014-08-10 03:15 - 2004-12-17 16:28 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-09 21:40 - 2014-08-09 21:40 - 00001764 _____ () C:\WINDOWS\system32\.crusader
2014-08-09 21:21 - 2004-12-17 16:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-09 20:27 - 2004-12-28 10:32 - 00000788 _____ () C:\Documents and Settings\Michael S Bergman\Start Menu\Programs\Windows Media Player.lnk
2014-08-09 20:22 - 2014-08-09 20:22 - 00003974 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-08-09 19:20 - 2005-01-28 12:15 - 00000000 __SHD () C:\Documents and Settings\Michael S Bergman\UserData
2014-08-09 18:39 - 2007-02-07 11:43 - 00000000 ____D () C:\lj8150
2014-08-09 18:29 - 2008-07-10 10:55 - 00000000 ____D () C:\Temp
2014-08-08 15:26 - 2014-03-22 14:34 - 00000240 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 14:44 - 2012-07-12 07:31 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1897952563-623108426-4068385309-1005Core1cd603b15a2c25c.job
2014-08-07 13:08 - 2005-06-29 10:40 - 00228352 _____ () C:\WINDOWS\BWPrinter.dat
2014-07-25 10:29 - 2013-06-07 09:42 - 00000000 ____D () C:\scans
2014-07-18 09:15 - 2014-07-18 09:15 - 00229437 _____ () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4.zip
2014-07-18 09:15 - 2014-07-18 09:15 - 00000000 ____D () C:\Documents and Settings\Michael S Bergman\My Documents\PO45186-4
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Here is addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by Michael S Bergman at 2014-08-14 06:06:01
Running from E:\OMEGA
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader 7.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A71000000002}) (Version: 7.1.0 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - )
Brother Driver Deployment Wizard (HKLM\...\{9857B360-21D6-11D5-A9D7-00E0295120B2}) (Version: 1.09.000 - Brother)
CCC (Version: 10.00.0000 - United Parcel Service, Inc.) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DesignPro 5.4 Limited Edition (HKLM\...\InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison)
DesignPro 5.4 Limited Edition (Version: 5.2.1201 - Avery Dennison) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
FedEx Ship Manager (HKLM\...\{289A9123-DC3B-4C69-ADB5-510CF5772CAD}) (Version: 2331.964.0 - FedEx)
FormsComponent (Version: 9.00.0000 - UPS) Hidden
FOSS (Version: 12.50.0000 - UPS) Hidden
getPlus®_ocx (HKLM\...\getPlus®_ocx) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}) (Version: 4.1.7087.5048 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
GoToMyPC (HKLM\...\{58F4D4FD-1814-4068-B316-C28FC776C6DD}) (Version:  - )
HP Install Network Printer Wizard (HKLM\...\{3DF12C94-8D3D-43D4-AF3C-754F51CB89CD}) (Version:  - )
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (UPSWSDBSERVER) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727 - Microsoft Corporation) Hidden
Minolta Micrographics/EPS/Hybrid (HKLM\...\Minolta Micrographics/EPS/Hybrid) (Version:  - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.28 - BVRP Software)
MSIChecker (Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
My Way Search Assistant (Version: 1.0.256 - MyWay.com) Hidden
NA1Messenger (Version: 10.00.6000 - Your Company Name) Hidden
NA1Messenger (Version: 9.00.0000 - Your Company Name) Hidden
Nero (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.8.2 - ahead software gmbh)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
NRF (Version: 10.00.0000 - UPS) Hidden
Pervasive.SQL Workgroup v8.10 (HKLM\...\Pervasive.SQL Workgroup) (Version:  - )
PolicyManager (Version: 10.00.0000 - UPS) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Reconciler (Version: 10.00.0000 - UPS) Hidden
ReportServer (Version: 10.00.0000 - Your Company Name) Hidden
RRU (Version: 10.00.0000 - UPS) Hidden
Sage BusinessWorks - Standard (HKCU\...\{B81D673E-2094-4C8A-A10E-39C7EE639D20}) (Version: 6.00.000 - )
Sage Components (Version: 1.04.0000 - Sage) Hidden
ScanFile Retrieval (HKLM\...\ScanFile Retrieval) (Version: 8.0 - Dieter Spielberg DMS GmbH)
ScanFile2003 Retrieval (HKLM\...\ScanFile2003 Retrieval) (Version: 5.0 - Dieter Spielberg DMS GmbH)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.3 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
SupportUtility (Version: 10.00.0000 - Your Company Name) Hidden
System (Version: 10.00.0000 - UPS) Hidden
Update for Windows XP (KB911164) (Version: 1 - Microsoft Corporation) Hidden
UPS WorldShip (HKLM\...\UPS WorldShip) (Version: 9.0 - UPS)
UPSDB (Version: 9.00.0000 - UPS) Hidden
UPSICC (Version: 1.0.0.6 - UPS) Hidden
UPSlinkHTTP (Version: 1.0.0.6 - UPS) Hidden
URGE (HKLM\...\{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}) (Version: 1.1.9060.0 - MTV Networks)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebHelp (HKLM\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 10 (Version: 9.00.3636 - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Hotfix - KB888310 (HKLM\...\KB888310) (Version: 20041027.095746 - Microsoft Corporation)
WorldShip (Version: 10.00.0000 - UPS) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{1704815D-0A03-44ff-8646-1AE1FE84E313}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Program Files\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Program Files\Google\Google Earth\earthps.dll ()
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1897952563-623108426-4068385309-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 04:00 - 2014-08-13 21:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce788d96cd7b36.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1897952563-623108426-4068385309-1005Core1cd603b15a2c25c.job => C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1897952563-623108426-4068385309-1005UA.job => C:\Documents and Settings\Michael S Bergman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{12399F40-102A-400E-98E0-ACACC7DAD757}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2005-02-03 10:38 - 2001-07-31 11:17 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\Michael S Bergman\My Documents\15537-OMEGAMICROFILM;[eDED]download;30856721.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/09/2014 06:27:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625
 
Error: (08/09/2014 06:27:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625
 
Error: (08/09/2014 06:27:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/09/2014 05:36:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:36:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:36:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:35:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application doccrmtt.exe, version 0.0.0.0, faulting module doccrmtt.exe, version 0.0.0.0, fault address 0x000021cf.
Processing media-specific event for [doccrmtt.exe!ws!]
 
Error: (08/09/2014 05:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jximjcxr.exe, version 0.0.0.0, faulting module jximjcxr.exe, version 0.0.0.0, fault address 0x000021cf.
Processing media-specific event for [jximjcxr.exe!ws!]
 
Error: (08/09/2014 05:18:05 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:18:05 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (08/14/2014 00:09:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/14/2014 00:08:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
Error: (08/14/2014 00:08:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
 
Error: (08/14/2014 00:07:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (08/13/2014 11:54:15 PM) (Source: DCOM) (EventID: 10010) (User: OMC-HQ)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (08/13/2014 11:21:44 PM) (Source: DCOM) (EventID: 10010) (User: OMC-HQ)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (08/13/2014 11:19:42 PM) (Source: DCOM) (EventID: 10010) (User: OMC-HQ)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (08/13/2014 11:17:40 PM) (Source: DCOM) (EventID: 10010) (User: OMC-HQ)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (08/09/2014 06:26:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
 
Error: (08/09/2014 05:32:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (08/09/2014 06:27:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625
 
Error: (08/09/2014 06:27:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625
 
Error: (08/09/2014 06:27:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/09/2014 05:36:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:36:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:36:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:35:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: doccrmtt.exe0.0.0.0doccrmtt.exe0.0.0.0000021cf
 
Error: (08/09/2014 05:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jximjcxr.exe0.0.0.0jximjcxr.exe0.0.0.0000021cf
 
Error: (08/09/2014 05:18:05 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (08/09/2014 05:18:05 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 1270.98 MB
Available physical RAM: 695.36 MB
Total Pagefile: 2124.88 MB
Available Pagefile: 1734.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.26 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:71.48 GB) (Free:37.91 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (JOHNS DRIVE) (Removable) (Total:29.07 GB) (Free:4.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 14 August 2014 - 08:53 AM

Hi JohnStaton,
 
Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware.

You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here (which you should download, as you are running sp2).
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
S4 McDetect.exe; c:\program files\mcafee.com\agent\mcdetect.exe [X]
c:\program files\mcafee.com
  • Save the file to your flashdrive and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 JohnStaton

JohnStaton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 14 August 2014 - 08:55 AM

Here it is

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:10-08-2014 01
Ran by Michael S Bergman at 2014-08-14 06:41:30 Run:1
Running from E:\OMEGA
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
S4 McDetect.exe; c:\program files\mcafee.com\agent\mcdetect.exe [X]
c:\program files\mcafee.com
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoNetworkConnections => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\MaxRecentDocs => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoNetConnectDisconnect => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRemoteRecursiveEvents => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsHistory => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ClearRecentDocsOnExit => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartBanner => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWinKey => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoNetConnextDisconnect => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMConfigurePrograms => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanle => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoAdminPage => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
"HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}" => Key not found.
McDetect.exe => Service deleted successfully.
"c:\program files\mcafee.com" => File/Directory not found.
 
==== End of Fixlog ====


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 14 August 2014 - 09:06 AM

Hi JohnStaton,
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 JohnStaton

JohnStaton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rancho Cucamonga, CA
  • Local time:01:39 PM

Posted 14 August 2014 - 03:24 PM

Here is the Emsisoft log

 

 

Emsisoft Emergency Kit - Version 4.0
Last update: 8/14/2014 7:20:25 AM
User account: OMC-HQ\Michael S Bergman
 
Scan settings:
 
Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 8/14/2014 7:52:26 AM
C:\Documents and Settings\All Users\Application Data\pc1data detected: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1897952563-623108426-4068385309-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\Documents and Settings\Michael S Bergman\My Documents\ouxljeh.html -> (INFECTED_JS) detected: JS:Trojan.JS.Redirector.ZL (B)
 
Scanned 168083
Found 4
 
Scan end: 8/14/2014 1:18:57 PM
Scan time: 5:26:31
 
C:\Documents and Settings\Michael S Bergman\My Documents\ouxljeh.html Quarantined JS:Trojan.JS.Redirector.ZL (B)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1897952563-623108426-4068385309-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
C:\Documents and Settings\All Users\Application Data\pc1data Quarantined Application.AppInstall (A)
 
Quarantined 4
 
 
 
ESET did not find anything nor did it produce a log file.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users