Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo fix undo help! Computer is messed up.


  • This topic is locked This topic is locked
51 replies to this topic

#1 therion

therion

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 28 October 2014 - 10:46 PM

I ran combo fix. (Don't ask me why, my computer was real slow , I had run it before with no problems but yes I know I should not have) and now my computer is messed up horribly. I have no sound, I notice I cannot use Search or copy and paste. I cannot start my iolo system  mechanic to try and restore a backed up  registry . I cannot do a system restore either.  My taskbar is messed up as well. I noticed two icons have disappeared from my desktop but I cannot recall what they were. I suspect something related to windows.  I tried some things that I had viewed in forums. I ran the ERDNT.EXE (Combofix) which is suppose to restore the registry but to no avail. I ran the programs listed. I ran malwarebytes and no infections were found. I ran superantispyware and it found two items which were quarentined 1. c documents and settings all users application data pclunst.exe and 2. c documents and settings dell customer my document combofix.exe.

 

I cannot even do a recovery with recovery console.  I cannot even use my installation disk to do a windows repair , the computer does not recognize.

 

I have included combfix notepad, combofix quarentined, combofix notepad showing what was done on 10 27 14 when things went wrong,attachtxt, screen317 security check and dds txt.

 

There is a file called qoobox , quarentined , registry backups dated 10 27 14 the day things went bad.

They are called tcpip.reg and some safeboot dat files . Not sure if this stuff is relevant. Just want to cover all I can.

 

 

 

Any help would be appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 31 October 2014 - 10:45 PM

Ran combo fix and all hell went wrong.


I cannot system restore, I cannot do a repair

runs extremely slow
Firewall disabled and can't run
No sound
Some icons disappeared from my desktop
the task bar is screwed up
cannot copy and paste
cannot drag files to other places
Sometimes when opening up an application internet acess is lost.
Cannot run dfrg
Cannot run my IOLO SYSTEM MECHANIC says The Component iolosystemservice" is required operate properly and could not be started.
When I was running combo fix my iolo system guard said two viruses were blocked but I didn't write down. The site says something about a RPCSS.DLL being quanrentined and causing problems with computer.
The Iolo website A


Ran Superantispyware, Malewarebytes,spybot search and destroy,Adwcleaner,RogueKiller,OTL,tdsskiller











stop unknown hard error system root/system32/ntdll.dll

combo fix has detected presence of rootkit activity.

ritos
oembios
twett
sdra64
intel64
wsn
poema
swin32
localsyn64
64dlls
sdra73
sjdfh sudrh sjdrh
win32aus

 

ComboFix 13-10-31.01 - Dell Customer 10/31/2013  22:55:25.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.766.135 [GMT -6:00]
Running from: c:\documents and settings\Dell Customer\My Documents\Downloads\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *Disabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1373802628.bdinstall.bin
c:\documents and settings\All Users\Application Data\SMR410\Archive\afd.sys
c:\documents and settings\Dell Customer\WINDOWS
c:\documents and settings\Dell Customer\WINDOWS\win.ini
c:\windows\Inst9755.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\is-0STUH.tmp
c:\windows\system32\is-8H5MQ.tmp
c:\windows\system32\win32
c:\windows\system32\Win32\DriveCleanup.exe
c:\windows\system32\win32\Win32\DriveCleanup.exe
c:\windows\unicows.1
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-01 to 2013-11-01  )))))))))))))))))))))))))))))))
.
.
2013-11-01 04:04 . 2013-11-01 04:04    --------    d-----w-    c:\documents and settings\Dell Customer\Application Data\iolo
2013-11-01 03:37 . 2013-11-01 03:37    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-31 22:48 . 2013-10-31 22:48    --------    d-----w-    c:\documents and settings\Dell Customer\Local Settings\Application Data\VS Revo Group
2013-10-31 22:48 . 2013-10-31 22:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\VS Revo Group
2013-10-31 22:48 . 2009-12-30 17:20    27064    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-10-31 22:48 . 2013-10-31 22:48    --------    d-----w-    c:\program files\VS Revo Group
2013-10-31 14:12 . 2013-10-31 14:19    --------    d-----w-    C:\a10b584283dcdf7fcaba
2013-10-31 12:06 . 2013-10-31 12:07    --------    d-----w-    c:\documents and settings\All Users\Application Data\SMR410
2013-10-31 12:04 . 2013-10-31 12:04    --------    d-----w-    c:\documents and settings\Dell Customer\Local Settings\Application Data\NPE
2013-10-31 08:27 . 2013-10-31 08:27    3584    ----a-r-    c:\documents and settings\Dell Customer\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2013-10-31 08:26 . 2013-10-31 08:26    --------    d-----w-    c:\program files\Windows Installer Clean Up
2013-10-31 08:20 . 2013-10-31 08:29    --------    d-----w-    c:\program files\MSECACHE
2013-10-31 07:17 . 2013-09-20 16:49    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2013-10-31 07:16 . 2013-10-31 07:18    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-10-31 07:12 . 2013-10-31 07:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-10-31 07:05 . 2013-10-31 07:05    26872    ----a-w-    c:\windows\system32\drivers\FixTDSS.sys
2013-10-31 06:53 . 2013-10-31 06:53    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-10-31 06:38 . 2013-10-31 22:44    --------    d-----w-    C:\AdwCleaner
2013-10-31 05:23 . 2013-10-31 05:23    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-31 05:23 . 2013-04-04 20:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-31 03:48 . 2013-10-31 03:48    --------    d-----w-    c:\documents and settings\Dell Customer\Application Data\SUPERAntiSpyware.com
2013-10-31 03:47 . 2013-10-31 03:57    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-10-31 03:47 . 2013-10-31 03:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-10-30 22:42 . 2013-10-30 22:42    74703    ----a-w-    c:\windows\system32\mfc45.dat
2013-10-29 11:01 . 2013-10-29 11:01    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2013-10-29 11:01 . 2013-10-31 13:57    --------    d-----w-    c:\documents and settings\Dell Customer\Application Data\Check Point Software Technologies LTD
2013-10-29 11:01 . 2013-10-29 11:10    --------    d-----w-    c:\program files\CheckPoint
2013-10-29 11:00 . 2013-10-29 11:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\CheckPoint
2013-10-25 02:14 . 2013-10-25 02:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-21 01:45 . 2013-10-21 01:45    --------    d-----w-    c:\windows\VirtualEar
2013-10-21 01:45 . 2003-08-19 23:36    65536    ----a-w-    c:\windows\system32\Audio3d.dll
2013-10-21 01:45 . 2004-11-19 15:00    49152    ----a-w-    c:\windows\system32\DSndUp.exe
2013-10-21 01:45 . 2002-04-17 19:05    45056    ----a-w-    c:\windows\system32\CleanUp.exe
2013-10-21 01:45 . 2001-10-04 19:50    991232    ----a-w-    c:\windows\system32\virtear.dll
2013-10-21 01:45 . 2013-10-21 01:45    180356    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-10-21 01:45 . 2004-04-19 04:42    733184    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-10-21 01:45 . 2004-04-19 04:40    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-10-21 01:45 . 2004-04-19 04:39    266240    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-10-21 01:45 . 2004-04-19 04:39    172032    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-10-21 01:45 . 2004-04-19 04:39    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-10-21 01:45 . 2013-10-21 01:45    303236    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-10-06 10:03 . 2013-10-06 10:03    --------    d-----w-    c:\windows\system32\CatRoot_bak
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 09:30 . 2013-05-18 11:22    71048    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-14 09:30 . 2013-05-18 11:22    692616    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-31 5707544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Booter Progam.lnk - c:\windows\SYSTEM32\shutdown.exe -r -t 10 -c "Karma Got You!" [2004-8-12 19456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 10:19    10520    ----a-w-    c:\windows\SYSTEM32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       ???
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 22:37    2178832    -c--a-w-    c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/31/2013 1:17 AM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/31/2013 1:17 AM 1042272]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys --> c:\windows\system32\drivers\gfibto.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [10/31/2013 1:17 AM 171416]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [10/31/2013 9:37 PM 40776]
S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [10/31/2013 4:48 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IPVNMon
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-12 13:55    99840    ----a-w-    c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-18 09:30]
.
2013-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-11-01 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-31 16:57]
.
2013-10-31 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-31 16:49]
.
2013-10-31 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-31 16:51]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\eky1y9yo.default-1377229983890\
FF - prefs.js: browser.startup.homepage - hxxp://red.clientapps.yahoo.com/customize/links/msgr8/*http://www.yahoo.com/
FF - ExtSQL: 2013-10-18 22:29; mytube@ashishmishra.in; c:\documents and settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\eky1y9yo.default-1377229983890\extensions\mytube@ashishmishra.in.xpi
FF - ExtSQL: 2013-10-31 22:20; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\eky1y9yo.default-1377229983890\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Beyluxe Messenger1 - c:\windows\Beyluxe Messenger\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-31 23:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-10-31  23:11:22
ComboFix-quarantined-files.txt  2013-11-01 05:11
.
Pre-Run: 15,544,643,584 bytes free
Post-Run: 16,355,401,728 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=opt


ComboFix 13-10-31.01 - Dell Customer 10/31/2013  22:55:25.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.766.135 [GMT -6:00]
Running from: c:\documents and settings\Dell Customer\My Documents\Downloads\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *Disabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1373802628.bdinstall.bin
c:\documents and settings\All Users\Application Data\SMR410\Archive\afd.sys
c:\documents and settings\Dell Customer\WINDOWS
c:\documents and settings\Dell Customer\WINDOWS\win.ini
c:\windows\Inst9755.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\is-0STUH.tmp
c:\windows\system32\is-8H5MQ.tmp
c:\windows\system32\win32
c:\windows\system32\Win32\DriveCleanup.exe
c:\windows\system32\win32\Win32\DriveCleanup.exe
c:\windows\unicows.1
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-01 to 2013-11-01  )))))))))))))))))))))))))))))))
.
.
2013-11-01 04:04 . 2013-11-01 04:04    --------    d-----w-    c:\documents and settings\Dell Customer\Application Data\iolo
2013-11-01 03:37 . 2013-11-01 03:37    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-31 22:48 . 2013-10-31 22:48    --------    d-----w-    c:\documents and settings\Dell Customer\Local Settings\Application Data\VS Revo Group
2013-10-31 22:48 . 2013-10-31 22:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\VS Revo Group
2013-10-31 22:48 . 2009-12-30 17:20    27064    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-10-31 22:48 . 2013-10-31 22:48    --------    d-----w-    c:\program files\VS Revo Group
2013-10-31 14:12 . 2013-10-31 14:19    --------    d-----w-    C:\a10b584283dcdf7fcaba
2013-10-31 12:06 . 2013-10-31 12:07    --------    d-----w-    c:\documents and settings\All Users\Application Data\SMR410
2013-10-31 12:04 . 2013-10-31 12:04    --------    d-----w-    c:\documents and settings\Dell Customer\Local Settings\Application Data\NPE
2013-10-31 08:27 . 2013-10-31 08:27    3584    ----a-r-    c:\documents and settings\Dell Customer\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2013-10-31 08:26 . 2013-10-31 08:26    --------    d-----w-    c:\program files\Windows Installer Clean Up
2013-10-31 08:20 . 2013-10-31 08:29    --------    d-----w-    c:\program files\MSECACHE
2013-10-31 07:17 . 2013-09-20 16:49    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2013-10-31 07:16 . 2013-10-31 07:18    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-10-31 07:12 . 2013-10-31 07:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-10-31 07:05 . 2013-10-31 07:05    26872    ----a-w-    c:\windows\system32\drivers\FixTDSS.sys
2013-10-31 06:53 . 2013-10-31 06:53    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-10-31 06:38 . 2013-10-31 22:44    --------    d-----w-    C:\AdwCleaner
2013-10-31 05:23 . 2013-10-31 05:23    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-31 05:23 . 2013-04-04 20:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-31 03:48 . 2013-10-31 03:48    --------    d-----w-    c:\documents and settings\Dell Customer\Application Data\SUPERAntiSpyware.com
2013-10-31 03:47 . 2013-10-31 03:57    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-10-31 03:47 . 2013-10-31 03:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-10-30 22:42 . 2013-10-30 22:42    74703    ----a-w-    c:\windows\system32\mfc45.dat
2013-10-29 11:01 . 2013-10-29 11:01    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2013-10-29 11:01 . 2013-10-31 13:57    --------    d-----w-    c:\documents and settings\Dell Customer\Application Data\Check Point Software Technologies LTD
2013-10-29 11:01 . 2013-10-29 11:10    --------    d-----w-    c:\program files\CheckPoint
2013-10-29 11:00 . 2013-10-29 11:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\CheckPoint
2013-10-25 02:14 . 2013-10-25 02:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-21 01:45 . 2013-10-21 01:45    --------    d-----w-    c:\windows\VirtualEar
2013-10-21 01:45 . 2003-08-19 23:36    65536    ----a-w-    c:\windows\system32\Audio3d.dll
2013-10-21 01:45 . 2004-11-19 15:00    49152    ----a-w-    c:\windows\system32\DSndUp.exe
2013-10-21 01:45 . 2002-04-17 19:05    45056    ----a-w-    c:\windows\system32\CleanUp.exe
2013-10-21 01:45 . 2001-10-04 19:50    991232    ----a-w-    c:\windows\system32\virtear.dll
2013-10-21 01:45 . 2013-10-21 01:45    180356    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-10-21 01:45 . 2004-04-19 04:42    733184    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-10-21 01:45 . 2004-04-19 04:40    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-10-21 01:45 . 2004-04-19 04:39    266240    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-10-21 01:45 . 2004-04-19 04:39    172032    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-10-21 01:45 . 2004-04-19 04:39    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-10-21 01:45 . 2013-10-21 01:45    303236    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-10-06 10:03 . 2013-10-06 10:03    --------    d-----w-    c:\windows\system32\CatRoot_bak
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 09:30 . 2013-05-18 11:22    71048    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-14 09:30 . 2013-05-18 11:22    692616    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-31 5707544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Booter Progam.lnk - c:\windows\SYSTEM32\shutdown.exe -r -t 10 -c "Karma Got You!" [2004-8-12 19456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 10:19    10520    ----a-w-    c:\windows\SYSTEM32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       ???
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 22:37    2178832    -c--a-w-    c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/31/2013 1:17 AM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/31/2013 1:17 AM 1042272]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys --> c:\windows\system32\drivers\gfibto.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [10/31/2013 1:17 AM 171416]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [10/31/2013 9:37 PM 40776]
S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [10/31/2013 4:48 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IPVNMon
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-12 13:55    99840    ----a-w-    c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-18 09:30]
.
2013-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-11-01 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-31 16:57]
.
2013-10-31 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-31 16:49]
.
2013-10-31 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-31 16:51]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\eky1y9yo.default-1377229983890\
FF - prefs.js: browser.startup.homepage - hxxp://red.clientapps.yahoo.com/customize/links/msgr8/*http://www.yahoo.com/
FF - ExtSQL: 2013-10-18 22:29; mytube@ashishmishra.in; c:\documents and settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\eky1y9yo.default-1377229983890\extensions\mytube@ashishmishra.in.xpi
FF - ExtSQL: 2013-10-31 22:20; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\eky1y9yo.default-1377229983890\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Beyluxe Messenger1 - c:\windows\Beyluxe Messenger\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-31 23:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-10-31  23:11:22
ComboFix-quarantined-files.txt  2013-11-01 05:11
.
Pre-Run: 15,544,643,584 bytes free
Post-Run: 16,355,401,728 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog
.
- - End Of File - - 6A79870F933F9DF58A9DE4A34EB38BED
8F558EB6672622401DA993E1E865C861



2014-10-27 05:59:04 . 2014-10-27 05:59:04              610 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WebrootSpySweeperService.reg.dat
2014-10-27 05:59:03 . 2014-10-27 05:59:03              530 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AMPSE.reg.dat
2014-10-27 05:59:02 . 2014-10-27 05:59:02              522 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AMP.reg.dat
2014-10-27 05:59:01 . 2014-10-27 05:59:01              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-61232109.sys.reg.dat
2014-10-27 05:20:28 . 2014-10-27 05:20:28          261,003 ----a-w-  C:\Qoobox\Quarantine\G\av5.zip
2014-10-27 05:20:27 . 2007-11-07 13:03:18          562,688 ----a-w-  C:\Qoobox\Quarantine\G\install.exe.vir


# AdwCleaner v3.311 - Report created 31/10/2014 at 18:06:16
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dell Customer - DGVRKS61
# Running from : C:\Documents and Settings\Dell Customer\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\b4x0p1jk.default-1392965757419\prefs.js ]


[ File : C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\f4a1dz9h.default-1394252383156\prefs.js ]

Line Deleted : user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]

[ File : C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\r3diiyof.default-1390459211145\prefs.js ]


[ File : C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\wr8nfrgp.default-1390468761574\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R1].txt - [3420 octets] - [01/06/2014 07:03:20]
AdwCleaner[R2].txt - [336 octets] - [26/10/2014 20:40:42]
AdwCleaner[R3].txt - [89927 octets] - [26/10/2014 20:43:24]
AdwCleaner[R4].txt - [8293 octets] - [30/10/2014 14:55:04]
AdwCleaner[R5].txt - [2337 octets] - [31/10/2014 06:40:58]
AdwCleaner[R6].txt - [2082 octets] - [31/10/2014 17:40:24]
AdwCleaner[R7].txt - [2142 octets] - [31/10/2014 17:47:30]
AdwCleaner[S1].txt - [3317 octets] - [01/06/2014 07:08:20]
AdwCleaner[S2].txt - [91550 octets] - [26/10/2014 20:52:48]
AdwCleaner[S3].txt - [8458 octets] - [30/10/2014 19:58:03]
AdwCleaner[S4].txt - [2017 octets] - [31/10/2014 18:06:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2077 octets] ##########














DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.9.2
Run by Dell Customer at 17:20:56 on 2014-10-28
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dell Customer\My Documents\Downloads\SecurityCheck.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k DComLaunch
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - <orphaned>
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - LocalServer32 - <no file>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
BHO: SidebarAutoLaunch Class: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - LocalServer32 - <no file>
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - LocalServer32 - <no file>
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ioloGovernor] c:\program files\iolo\system mechanic professional\ioloGovernor.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{DD6177B0-85B7-4185-8928-501C8FF3B917} : DHCPNameServer = 192.168.0.1 68.94.156.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dell customer\application data\mozilla\firefox\profiles\f4a1dz9h.default-1394252383156\
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1205146.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1206147.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? esgiguard;esgiguard
R? gfibto;gfibto
R? ioloSystemService;iolo System Service
R? Revoflt;Revoflt
R? Vsdatant;Vsdatant
R? vseqrts;vseqrts
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AMP;Active Malware Protection Minifilter Driver
S? AMPSE;Active Malware Protection Support Driver
S? MBAMSwissArmy;MBAMSwissArmy
S? PDFsFilter;PDFsFilter
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? vseamps;vseamps
S? vsedsps;vsedsps
.
=============== Created Last 30 ================
.
2014-10-28 09:25:07    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2014-10-28 09:24:27    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-10-28 04:10:24    419357    -c--a-w-    c:\windows\system32\dllcache\dgconfig.dll
2014-10-28 04:10:21    29531    -c--a-w-    c:\windows\system32\dllcache\dgapci.sys
2014-10-28 04:10:18    24649    -c--a-w-    c:\windows\system32\dllcache\dfe650d.sys
2014-10-28 04:10:16    24648    -c--a-w-    c:\windows\system32\dllcache\dfe650.sys
2014-10-28 04:10:14    24064    -c--a-w-    c:\windows\system32\dllcache\devldr32.exe
2014-10-28 04:10:11    256512    -c--a-w-    c:\windows\system32\dllcache\devcon32.dll
2014-10-28 04:10:09    20928    -c--a-w-    c:\windows\system32\dllcache\defpa.sys
2014-10-28 04:10:06    7424    -c--a-w-    c:\windows\system32\dllcache\ddsmc.sys
2014-10-28 04:10:03    110592    -c--a-w-    c:\windows\system32\dllcache\dc260usd.dll
2014-10-28 04:10:01    86016    -c--a-w-    c:\windows\system32\dllcache\dc240usd.dll
2014-10-28 04:08:56    249856    -c--a-w-    c:\windows\system32\dllcache\ctmasetp.dll
2014-10-28 04:07:58    13952    -c--a-w-    c:\windows\system32\dllcache\cmbatt.sys
2014-10-28 04:06:59    27164    -c--a-w-    c:\windows\system32\dllcache\ce3n5.sys
2014-10-28 04:05:34    13824    -c--a-w-    c:\windows\system32\dllcache\bulltlp3.sys
2014-10-28 04:04:58    19456    -c--a-w-    c:\windows\system32\dllcache\brbidiif.dll
2014-10-28 04:03:59    89952    -c--a-w-    c:\windows\system32\dllcache\b1cbase.sys
2014-10-28 04:02:59    70528    -c--a-w-    c:\windows\system32\dllcache\atiragem.sys
2014-10-28 04:01:57    5632    -c--a-w-    c:\windows\system32\dllcache\EXCH_adsiisex.dll
2014-10-28 04:01:33    46112    -c--a-w-    c:\windows\system32\dllcache\adptsf50.sys
2014-10-28 04:01:29    10880    -c--a-w-    c:\windows\system32\dllcache\admjoy.sys
2014-10-28 04:01:18    747392    -c--a-w-    c:\windows\system32\dllcache\adm8830.sys
2014-10-28 04:01:16    553984    -c--a-w-    c:\windows\system32\dllcache\adm8820.sys
2014-10-28 04:01:15    584448    -c--a-w-    c:\windows\system32\dllcache\adm8810.sys
2014-10-28 04:01:13    20160    -c--a-w-    c:\windows\system32\dllcache\adm8511.sys
2014-10-28 04:01:11    7424    -c--a-w-    c:\windows\system32\dllcache\adicvls.sys
2014-10-28 04:01:09    61440    -c--a-w-    c:\windows\system32\dllcache\acerscad.dll
2014-10-28 04:01:04    84480    -c--a-w-    c:\windows\system32\dllcache\ac97via.sys
2014-10-28 04:00:53    297728    -c--a-w-    c:\windows\system32\dllcache\ac97sis.sys
2014-10-28 04:00:51    96256    -c--a-w-    c:\windows\system32\dllcache\ac97intc.sys
2014-10-28 04:00:47    231552    -c--a-w-    c:\windows\system32\dllcache\ac97ali.sys
2014-10-28 04:00:36    462848    -c--a-w-    c:\windows\system32\dllcache\a3dapi.dll
2014-10-28 04:00:34    38400    -c--a-w-    c:\windows\system32\dllcache\8514a.dll
2014-10-28 04:00:30    48128    -c--a-w-    c:\windows\system32\dllcache\61883.sys
2014-10-28 04:00:16    12288    -c--a-w-    c:\windows\system32\dllcache\4mmdat.sys
2014-10-28 04:00:05    148352    -c--a-w-    c:\windows\system32\dllcache\3dfxvsm.sys
2014-10-28 04:00:04    689216    -c--a-w-    c:\windows\system32\dllcache\3dfxvs.dll
2014-10-28 04:00:02    762780    -c--a-w-    c:\windows\system32\dllcache\3cwmcru.sys
2014-10-28 04:00:01    11264    -c--a-w-    c:\windows\system32\dllcache\1394vdbg.sys
2014-10-28 03:59:56    53376    -c--a-w-    c:\windows\system32\dllcache\1394bus.sys
2014-10-28 03:59:25    66048    -c--a-w-    c:\windows\system32\dllcache\s3legacy.dll
2014-10-28 02:51:39    2097984    ----a-w-    c:\windows\system32\Incinerator32.dll
2014-10-28 02:51:35    9341    ----a-w-    c:\windows\system32\drivers\filedisk.sys
2014-10-28 02:51:11    --------    d-----w-    c:\documents and settings\all users\application data\ioloGovernor
2014-10-28 02:51:07    68464    ----a-w-    c:\windows\system32\drivers\PDFsFilter.sys
2014-10-28 02:51:07    41616    ----a-w-    c:\windows\system32\iolobtdfg.exe
2014-10-28 02:51:07    23568    ----a-w-    c:\windows\system32\smrgdf.exe
2014-10-28 02:51:05    --------    d-----w-    c:\documents and settings\dell customer\application data\ioloGovernor
2014-10-28 02:51:03    56200    ----a-w-    c:\windows\system32\offreg.dll
2014-10-28 02:50:59    --------    d-----w-    c:\program files\iolo
2014-10-28 02:43:02    --------    d-----w-    c:\documents and settings\dell customer\application data\iolo
2014-10-28 02:38:33    74703    ----a-w-    c:\windows\system32\mfc45.dat
2014-10-28 01:31:21    116224    -c--a-w-    c:\windows\system32\dllcache\xrxwiadr.dll
2014-10-28 01:31:01    18944    -c--a-w-    c:\windows\system32\dllcache\xrxscnui.dll
2014-10-28 01:29:36    8192    -c--a-w-    c:\windows\system32\dllcache\wshirda.dll
2014-10-28 01:28:55    8832    -c--a-w-    c:\windows\system32\dllcache\wmiacpi.sys
2014-10-28 01:27:08    31744    -c--a-w-    c:\windows\system32\dllcache\wceusbsh.sys
2014-10-28 01:22:38    26112    -c--a-w-    c:\windows\system32\dllcache\usbser.sys
2014-10-28 01:22:23    25856    -c--a-w-    c:\windows\system32\dllcache\usbprint.sys
2014-10-28 01:22:08    17152    -c--a-w-    c:\windows\system32\dllcache\usbohci.sys
2014-10-28 01:17:43    82944    -c--a-w-    c:\windows\system32\dllcache\tp4mon.exe
2014-10-28 01:16:16    149376    -c--a-w-    c:\windows\system32\dllcache\tffsport.sys
2014-10-28 01:12:44    7552    -c--a-w-    c:\windows\system32\dllcache\sonyait.sys
2014-10-28 01:11:21    6912    -c--a-w-    c:\windows\system32\dllcache\smbclass.sys
2014-10-28 01:11:08    16000    -c--a-w-    c:\windows\system32\dllcache\smbbatt.sys
2014-10-28 01:07:44    11520    -c--a-w-    c:\windows\system32\dllcache\scsiscan.sys
2014-10-28 01:06:55    43904    -c--a-w-    c:\windows\system32\dllcache\sbp2port.sys
2014-10-28 01:05:02    29696    -c--a-w-    c:\windows\system32\dllcache\rw450ext.dll
2014-10-28 01:04:46    27648    -c--a-w-    c:\windows\system32\dllcache\rw430ext.dll
2014-10-28 01:03:54    395776    -c--a-w-    c:\windows\system32\dllcache\rpcss.dll
2014-10-28 01:03:47    79104    -c--a-w-    c:\windows\system32\dllcache\rocket.sys
2014-10-28 01:02:28    6016    -c--a-w-    c:\windows\system32\dllcache\qic157.sys
2014-10-28 01:01:53    159232    -c--a-w-    c:\windows\system32\dllcache\ptpusd.dll
2014-10-28 01:01:15    363520    -c--a-w-    c:\windows\system32\dllcache\psisdecd.dll
2014-10-28 01:00:54    17664    -c--a-w-    c:\windows\system32\dllcache\ppa3.sys
2014-10-28 01:00:35    8832    -c--a-w-    c:\windows\system32\dllcache\powerfil.sys
2014-10-28 00:59:30    259328    -c--a-w-    c:\windows\system32\dllcache\perm3dd.dll
2014-10-28 00:59:16    28032    -c--a-w-    c:\windows\system32\dllcache\perm3.sys
2014-10-28 00:59:02    211584    -c--a-w-    c:\windows\system32\dllcache\perm2dll.dll
2014-10-28 00:58:47    27904    -c--a-w-    c:\windows\system32\dllcache\perm2.sys
2014-10-28 00:55:26    61696    -c--a-w-    c:\windows\system32\dllcache\ohci1394.sys
2014-10-28 00:54:03    28672    -c--a-w-    c:\windows\system32\dllcache\nscirda.sys
2014-10-28 00:51:18    49024    -c--a-w-    c:\windows\system32\dllcache\mstape.sys
2014-10-28 00:50:46    22016    -c--a-w-    c:\windows\system32\dllcache\msircomm.sys
2014-10-28 00:49:55    51200    -c--a-w-    c:\windows\system32\dllcache\msdv.sys
2014-10-28 00:49:32    15232    -c--a-w-    c:\windows\system32\dllcache\mpe.sys
2014-10-28 00:48:48    26112    -c--a-w-    c:\windows\system32\dllcache\memstpci.sys
2014-10-28 00:47:17    7040    -c--a-w-    c:\windows\system32\dllcache\ltotape.sys
2014-10-28 00:45:55    34688    -c--a-w-    c:\windows\system32\dllcache\lbrtfdc.sys
2014-10-28 00:45:17    253952    -c--a-w-    c:\windows\system32\dllcache\kdsusd.dll
2014-10-28 00:45:02    48640    -c--a-w-    c:\windows\system32\dllcache\kdsui.dll
2014-10-28 00:44:14    14592    -c--a-w-    c:\windows\system32\dllcache\kbdhid.sys
2014-10-28 00:43:45    6144    -c--a-w-    c:\windows\system32\dllcache\kbd106.dll
2014-10-28 00:43:05    28160    -c--a-w-    c:\windows\system32\dllcache\irmon.dll
2014-10-28 00:42:45    151552    -c--a-w-    c:\windows\system32\dllcache\irftp.exe
2014-10-28 00:42:28    88192    -c--a-w-    c:\windows\system32\dllcache\irda.sys
2014-10-28 00:40:03    702845    -c--a-w-    c:\windows\system32\dllcache\i81xdnt5.dll
2014-10-28 00:36:52    20352    -c--a-w-    c:\windows\system32\dllcache\hidbatt.sys
2014-10-28 00:36:27    28288    -c--a-w-    c:\windows\system32\dllcache\grserial.sys
2014-10-28 00:36:01    59136    -c--a-w-    c:\windows\system32\dllcache\gckernel.sys
2014-10-28 00:35:46    10624    -c--a-w-    c:\windows\system32\dllcache\gameenum.sys
2014-10-28 00:29:38    206976    -c--a-w-    c:\windows\system32\dllcache\dot4.sys
2014-10-28 00:29:14    8320    -c--a-w-    c:\windows\system32\dllcache\dlttape.sys
2014-10-27 14:29:19    --------    d-----w-    c:\documents and settings\all users\application data\FileCure
2014-10-27 14:29:18    --------    d-----w-    c:\documents and settings\all users\application data\Conduit
2014-10-27 14:07:56    --------    d-----w-    c:\documents and settings\dell customer\local settings\application data\Adobe
2014-10-27 10:00:27    --------    d-----w-    c:\documents and settings\dell customer\WINDOWS
2014-10-27 10:00:25    29809    ----a-w-    c:\documents and settings\all users\application data\1373802628.bdinstall.bin
2014-10-27 09:48:29    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-27 09:48:15    --------    d-----w-    c:\documents and settings\all users\application data\RogueKiller
2014-10-27 08:22:13    129872    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2014-10-27 08:22:07    --------    d-----w-    c:\program files\SpywareBlaster
2014-10-15 12:34:06    220784    ----a-w-    c:\program files\mozilla firefox\sandboxbroker.dll
.
==================== Find3M  ====================
.
2014-10-27 14:40:08    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 16:11:18    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 16:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-22 09:02:45    701104    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-22 09:02:43    71344    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 13:27:17    25992    ----a-w-    c:\windows\system32\pgdfgsvc.exe
.
============= FINISH: 17:33:57.56 ===============







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:42 PM, on 10/31/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dell Customer\My Documents\Downloads\RogueKiller.exe
C:\Documents and Settings\Dell Customer\My Documents\Downloads\RogueKiller.exe
C:\Documents and Settings\Dell Customer\My Documents\Downloads\RogueKiller.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ioloGovernor] C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3749318984-4252393807-2332203289-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-3749318984-4252393807-2332203289-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: Booter Progam.lnk = C:\WINDOWS\SYSTEM32\shutdown.exe (User '?')
O4 - .DEFAULT Startup: Booter Progam.lnk = C:\WINDOWS\SYSTEM32\shutdown.exe (User 'Default user')
O4 - .DEFAULT User Startup: Booter Progam.lnk = C:\WINDOWS\SYSTEM32\shutdown.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 7182 bytes




 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 02 November 2014 - 10:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553776 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 03 November 2014 - 12:35 AM

I ran Combofix NOT in safe mode (Don't ask me why, Yes I know I totally screwed things up)
and now my computer is totally screwed up, I will provide the combofix attachment.


I cannot do a system restore (System Restore is not able to protect your computer. Please restart computer and then Run System Restore again) Cannot run again.
I do a repair installation and NOTHING changes.
I have run sfc /scannow and nothing changes.
I have run CHKDSK and nothing changes.

Symptoms Includ) No sound,Taskbar malfunctioning, Cannot copy and paste or drag files, Windows firewall does not work, and I cannot open my
System Mechanic Professional cannot  start so I can used a saved backup entry (The application has crashed and will now terminate) I cannot run my iolo firewall.
I cannot search (no search box comes up) I cannot go to add/remove anymore (Windows cannot find c windows32 rundll.32exe) I cannot degrag. I cannot access ANYTHING in control panels. I cannot look at properties under MY COMPUTER. When I reboot a windows installer box keeps popping up.  In a nutshell I have really screwed things up.
I have access to the internet.


I ran the ERDNT.EXE to set back to saved registry but symptoms remain.





combo fix has detected presence of rootkit activity.

ntos
oembios
twext
twex
sdra64
intel64                             
wsnpoema

swin32 ( advertisements monitors browsing habits)
localsyn64
64dlls
sdra73
sjdfh sudrh sjdrh
win32aus(adware)



I have run Spybot, SuperantiSpyware, Malwarebytes, Malicious removal tool (FOUND NOTHING) , TDSSKILLER, ADWARE,HIJACK THIS, ROGUE KILLER, MBAR (FOUND NOTHING)



#5 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 03 November 2014 - 12:36 AM

COMBOFIX TEXT WHEN ALL HELL BROKE LOOSE)

ComboFix 14-10-27.01 - Dell Customer 10/26/2014  23:31:34.6.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.766.363 [GMT -5:00]
Running from: c:\documents and settings\Dell Customer\My Documents\Downloads\ComboFix.exe
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dell Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
c:\program files\Messenger\rtcimsp.dll
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\kb893803v2_wxp.cat
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\EventSystem.log
c:\windows\settings.reg
c:\windows\system32\11f42b0c.dll
c:\windows\system32\4509767d.dll
c:\windows\system32\5f1e0e12.dll
c:\windows\system32\5fa44cd4.dll
c:\windows\system32\6b8b6f07.dll
c:\windows\wininit.ini
c:\windows\YAHELITE.INI
G:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-27 to 2014-10-27  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-12 04:28 . 2014-08-20 05:54    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-22 09:02 . 2013-05-18 11:22    701104    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-22 09:02 . 2013-05-18 11:22    71344    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 13:27 . 2014-09-10 13:27    25992    ----a-w-    c:\windows\system32\pgdfgsvc.exe
2014-08-13 04:57 . 2013-11-02 09:58    41616    ----a-w-    c:\windows\system32\iolobtdfg.exe
2014-08-13 04:57 . 2013-11-02 09:58    23568    ----a-w-    c:\windows\system32\smrgdf.exe
2014-08-13 04:41 . 2013-11-02 09:59    2097984    ----a-w-    c:\windows\system32\Incinerator32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys
[7] 2004-08-12 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[7] 2004-08-12 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\asyncmac.sys
.
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys
[7] 2004-08-12 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2004-08-12 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\kbdclass.sys
.
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys
[7] 2004-08-12 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-12 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ndis.sys
.
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[7] 2004-08-12 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-12 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntfs.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-12 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-12 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\tcpip.sys
.
[7] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SYSTEM32\browser.dll
[7] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SYSTEM32\DLLCACHE\browser.dll
[7] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219-v2$\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2004-08-12 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[7] 2004-08-12 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lsass.exe
[7] 2004-08-12 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2004-08-12 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-12 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
[7] 2004-08-12 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netman.dll
.
[7] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SYSTEM32\comres.dll
[7] 2004-08-12 13:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
[7] 2004-08-12 13:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\ERDNT\cache\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\bits\qmgr.dll
[7] 2004-08-12 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[7] 2004-08-12 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ERDNT\cache\qmgr.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-12 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
[7] 2004-08-12 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SYSTEM32\DLLCACHE\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-12 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-12 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\winlogon.exe
[7] 2004-08-12 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2004-08-12 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe
.
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\SYSTEM32\wuauclt.exe
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2004-08-12 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2004-08-12 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\ERDNT\cache\wuauclt.exe
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ipsec.sys
[7] 2004-08-12 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
[7] 2004-08-12 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ipsec.sys
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SYSTEM32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SYSTEM32\DLLCACHE\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\46043000\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-12 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-12 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\cryptsvc.dll
[7] 2004-08-12 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[7] 2004-08-12 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\cryptsvc.dll
.
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\DLLCACHE\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-12 13:57 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
[7] 2004-08-12 13:57 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\ERDNT\cache\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\imm32.dll
[7] 2004-08-12 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2004-08-12 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\imm32.dll
.
[7] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\SYSTEM32\kernel32.dll
[7] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2922229$\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2004-08-12 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-12 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[7] 2004-08-12 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-12 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lpk.dll
[7] 2004-08-12 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[7] 2004-08-12 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lpk.dll
.
[7] 2014-04-30 . 56B89EC7C5FF7FA1FCBF4142D166F9E0 . 3094528 . . [6.00.2900.6550] . . c:\windows\SYSTEM32\mshtml.dll
[7] 2014-04-30 . 56B89EC7C5FF7FA1FCBF4142D166F9E0 . 3094528 . . [6.00.2900.6550] . . c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
[-] 2013-04-16 . 4555C2EE3B09252E8392CFBE9E466ECE . 3623936 . . [7.00.6000.21335] . . c:\windows\SoftwareDistribution\Download\9616f4f040d9a9847d9b95123c66a7c5\sp3qfe\mshtml.dll
[-] 2013-02-24 . D6B1D63009B2A39B2F7474C381954454 . 3621376 . . [7.00.6000.17128] . . c:\windows\ie7updates\KB2829530-IE7\mshtml.dll
[-] 2013-02-24 . 4739FC66BA226319011057CD192B2019 . 3623424 . . [7.00.6000.21330] . . c:\windows\$hf_mig$\KB2817183-IE7\SP3QFE\mshtml.dll
[-] 2013-02-06 . 6351DB337BC5BFCE27299F18A6B80A7D . 3620352 . . [7.00.6000.17123] . . c:\windows\ie7updates\KB2817183-IE7\mshtml.dll
[-] 2013-02-06 . BB6D00A3AAB963A04089BA5F8238EC9E . 3622400 . . [7.00.6000.21325] . . c:\windows\$hf_mig$\KB2809289-IE7\SP3QFE\mshtml.dll
[-] 2013-01-18 . 62A5B23CCB21149C62FA2CEA66701985 . 3619840 . . [7.00.6000.17122] . . c:\windows\ie7updates\KB2809289-IE7\mshtml.dll
[-] 2013-01-18 . 44C2A5C5AEA9B3325D97A7862955D865 . 3621888 . . [7.00.6000.21324] . . c:\windows\$hf_mig$\KB2792100-IE7\SP3QFE\mshtml.dll
[-] 2013-01-11 . 830BB7F63412366F3AAD7BB723C29DE4 . 3619328 . . [7.00.6000.17117] . . c:\windows\ie7updates\KB2792100-IE7\mshtml.dll
[-] 2013-01-11 . 728F5E630CDF204DF0707BEA5E0F3D28 . 3621376 . . [7.00.6000.21319] . . c:\windows\$hf_mig$\KB2799329-IE7\SP3QFE\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SYSTEM32\msvcrt.dll
[7] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ERDNT\cache\msvcrt.dll
[7] 2004-08-12 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-12 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[7] 2004-08-12 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netlogon.dll
[7] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[7] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SYSTEM32\powrprof.dll
[7] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\scecli.dll
[7] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[7] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfc.dll
[7] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[7] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\svchost.exe
[7] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[7] 2004-08-12 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-12 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2004-08-12 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-12 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\userinit.exe
[7] 2004-08-12 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2004-08-12 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\userinit.exe
.
[7] 2014-02-25 . 1C6D1B9371904CA97A4B49D88E98B615 . 668672 . . [6.00.2900.6525] . . c:\windows\SYSTEM32\wininet.dll
[7] 2014-02-25 . 1C6D1B9371904CA97A4B49D88E98B615 . 668672 . . [6.00.2900.6525] . . c:\windows\SYSTEM32\DLLCACHE\wininet.dll
[-] 2013-04-16 . 729B764A70D3F111E2A3227D8ACB9F0D . 841216 . . [7.00.6000.21335] . . c:\windows\SoftwareDistribution\Download\9616f4f040d9a9847d9b95123c66a7c5\sp3qfe\wininet.dll
[-] 2013-02-24 . B1A78919A94575E87C8C41D24CBCD05C . 832512 . . [7.00.6000.17128] . . c:\windows\ie7updates\KB2829530-IE7\wininet.dll
[-] 2013-02-24 . 028FDE9D1F9ACA0572F0333B5A9DED3F . 841216 . . [7.00.6000.21330] . . c:\windows\$hf_mig$\KB2817183-IE7\SP3QFE\wininet.dll
[-] 2013-02-06 . E4E5BDE977FE2330D6B970CC832DF3A8 . 832512 . . [7.00.6000.17123] . . c:\windows\ie7updates\KB2817183-IE7\wininet.dll
[-] 2013-02-06 . 1654825C23BBC27DD90EC9259D46E7D4 . 841216 . . [7.00.6000.21325] . . c:\windows\$hf_mig$\KB2809289-IE7\SP3QFE\wininet.dll
[-] 2012-12-26 . D791D18AA6BEFA2847FABAC4A858DBA3 . 832512 . . [7.00.6000.17117] . . c:\windows\ie7updates\KB2809289-IE7\wininet.dll
[-] 2012-12-26 . 805E1B1394EC962563464C6BA3128FE8 . 841216 . . [7.00.6000.21319] . . c:\windows\$hf_mig$\KB2792100-IE7\SP3QFE\wininet.dll
[-] 2012-11-01 . 8381B36D077D043D0D4FE6AC94C44A1F . 832512 . . [7.00.6000.17115] . . c:\windows\ie7updates\KB2792100-IE7\wininet.dll
[-] 2012-11-01 . EA3D664709A7B217AAE73F943E5C9004 . 841216 . . [7.00.6000.21317] . . c:\windows\$hf_mig$\KB2761465-IE7\SP3QFE\wininet.dll
[-] 2012-08-27 . DF2480180D6A9AFD27399B9713EDD7E0 . 832512 . . [7.00.6000.17114] . . c:\windows\ie7updates\KB2761465-IE7\wininet.dll
[-] 2012-08-27 . 6CD5747A2DD6EB4E8875BA13A9E7C44E . 841216 . . [7.00.6000.21316] . . c:\windows\$hf_mig$\KB2744842-IE7\SP3QFE\wininet.dll
[-] 2012-07-03 . A4AF4F29A1653CD9552617CDA990A6D1 . 832512 . . [7.00.6000.17112] . . c:\windows\ie7updates\KB2744842-IE7\wininet.dll
[-] 2012-07-03 . CDB2036117C14BD29D3E27B528F6FBFA . 841216 . . [7.00.6000.21314] . . c:\windows\$hf_mig$\KB2722913-IE7\SP3QFE\wininet.dll
[-] 2012-05-15 . 4728B67CC9190C8F46500A9DF97F1490 . 832512 . . [7.00.6000.17111] . . c:\windows\ie7updates\KB2722913-IE7\wininet.dll
[-] 2012-05-15 . 30EC18A4F840E14B3753CDBEC6DA4178 . 841216 . . [7.00.6000.21313] . . c:\windows\$hf_mig$\KB2699988-IE7\SP3QFE\wininet.dll
[-] 2012-03-01 . 250D98BE880626148704345445EA272D . 841216 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\wininet.dll
[-] 2011-12-19 . 79F234876B53CFE10BFC4A40681399C9 . 841216 . . [7.00.6000.21310] . . c:\windows\$hf_mig$\KB2647516-IE7\SP3QFE\wininet.dll
[-] 2011-10-31 . 4A23B5E3B92F5C54D3A04EA86FF9DC00 . 841216 . . [7.00.6000.21308] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-08-17 . 6E388A1A8AA9EF62E6252530549940C1 . 841216 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-06-21 . 5F70C2D11D088E160EB6F4A5562CDE95 . 841216 . . [7.00.6000.21302] . . c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\wininet.dll
[-] 2011-04-25 . 72942C4583A65E93FB21CA4F5D0A54C7 . 841216 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\wininet.dll
[-] 2011-02-17 . 25FF5FFE129621CD879F9DB3B308D42C . 841216 . . [7.00.6000.21298] . . c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\wininet.dll
[-] 2010-12-20 . 9C444BC487BBC30773C67F17F1108ABB . 841216 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\wininet.dll
[-] 2010-11-06 . F4310169BC5EE25617301E8E78FE5C84 . 841216 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\wininet.dll
[-] 2010-09-09 . 032F0278A8E39AA3F72FD795F5A83A23 . 841216 . . [7.00.6000.21293] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\wininet.dll
[-] 2010-06-24 . 2E5F7848F3FEECC1F3915A64C0AD0FA8 . 841216 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB2936068$\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-22 . A1BC17EB3758D73C3938B2318820F5B4 . 665600 . . [6.00.2900.3199] . . c:\windows\ie7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-02-20 . B258C922D22DEEC880B60720531D7627 . 665600 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2004-09-29 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2004-08-12 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-12 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ws2_32.dll
[7] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ws2help.dll
[7] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
[7] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-12 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-12 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-12 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[7] 2004-08-12 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regedit.exe
.
[7] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\SYSTEM32\ole32.dll
[7] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\SYSTEM32\DLLCACHE\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2876217$\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[7] 2004-08-12 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[7] 2004-08-12 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ole32.dll
.
[7] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\SYSTEM32\usp10.dll
[7] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\SYSTEM32\DLLCACHE\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB2850869$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-12 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
[7] 2004-08-12 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\ERDNT\cache\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SYSTEM32\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\ERDNT\cache\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ctfmon.exe
[7] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ctfmon.exe
.
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\SYSTEM32\shsvcs.dll
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\SYSTEM32\DLLCACHE\shsvcs.dll
[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-12 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[7] 2004-08-12 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\shsvcs.dll
.
[7] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[7] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\msimg32.dll
[7] 2004-08-12 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
[7] 2004-08-12 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\msimg32.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\srsvc.dll
[7] 2004-08-12 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[7] 2004-08-12 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wscntfy.exe
[7] 2004-08-12 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[7] 2004-08-12 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\xmlprov.dll
[7] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[7] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\xmlprov.dll
.
[7] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[7] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\SYSTEM32\ntdll.dll
[7] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\SYSTEM32\DLLCACHE\ntdll.dll
[7] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[7] 2004-08-12 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
[7] 2004-08-12 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntdll.dll
.
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[7] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[7] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\msctfime.ime
[7] 2004-08-12 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
[7] 2004-08-12 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\MSCTFIME.IME
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\eventlog.dll
[7] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[7] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\eventlog.dll
.
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfcfiles.dll
[7] 2004-08-12 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2004-08-12 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfcfiles.dll
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ipsec.sys
[7] 2004-08-12 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
[7] 2004-08-12 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ipsec.sys
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\regsvc.dll
[7] 2004-08-12 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[7] 2004-08-12 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\schedsvc.dll
[7] 2004-08-12 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[7] 2004-08-12 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ssdpsrv.dll
[7] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[7] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\termsrv.dll
[7] 2004-08-12 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2004-08-12 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\hnetcfg.dll
[7] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
[7] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\hnetcfg.dll
.
[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SYSTEM32\DRIVERS\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[7] 2004-08-12 14:06 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-12 14:06 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ERDNT\cache\aec.sys
.
[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\agp440.sys
.
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys
[7] 2004-08-12 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2004-08-12 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SYSTEM32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SYSTEM32\DLLCACHE\mfc40u.dll
[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2004-08-12 13:59 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-12 13:59 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\msgsvc.dll
[7] 2004-08-12 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[7] 2004-08-12 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\msgsvc.dll
.
[7] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SYSTEM32\ntkrnlpa.exe
[7] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[7] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[7] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2859537$\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-02-21 . 501C033D08AC37C4BE751633AB02197C . 2057984 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2004-08-12 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-12 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB914882$\ntkrnlpa.exe
[7] 2004-08-12 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
.
[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SYSTEM32\ntmssvc.dll
[7] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[7] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ERDNT\cache\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[7] 2004-08-12 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 2004-08-12 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SYSTEM32\dsound.dll
[7] 2004-08-12 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[7] 2004-08-12 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\ERDNT\cache\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SYSTEM32\d3d9.dll
[7] 2004-08-12 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
[7] 2004-08-12 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\ERDNT\cache\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SYSTEM32\ddraw.dll
[7] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[7] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\ERDNT\cache\ddraw.dll
.
[7] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\olepro32.dll
[7] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[7] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\perfctrs.dll
[7] 2004-08-12 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
[7] 2004-08-12 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\version.dll
[7] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
[7] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\version.dll
.
[7] 2013-04-04 . 924CBA24D6762ECFB163A192811BB00D . 643200 . . [7.00.6000.21335] . . c:\windows\SoftwareDistribution\Download\9616f4f040d9a9847d9b95123c66a7c5\sp3qfe\iexplore.exe
[7] 2013-02-21 . 186E5B46F7DCEB473E2548E20F071934 . 643184 . . [7.00.6000.17128] . . c:\windows\ie7updates\KB2829530-IE7\iexplore.exe
[7] 2013-02-21 . 7AF7B81E7EB68875961BE10AFFE25EBA . 643184 . . [7.00.6000.21330] . . c:\windows\$hf_mig$\KB2817183-IE7\SP3QFE\iexplore.exe
[7] 2013-02-04 . 96B6F270F134261DFD48EBF041B1E5E1 . 643104 . . [7.00.6000.17123] . . c:\windows\ie7updates\KB2817183-IE7\iexplore.exe
[7] 2013-02-03 . 81C0465919B6D37A11BEE1F699150EF9 . 643104 . . [7.00.6000.21325] . . c:\windows\$hf_mig$\KB2809289-IE7\SP3QFE\iexplore.exe
[7] 2012-12-21 . C3DDC05C898F19D35A4A2B5F707CA916 . 643120 . . [7.00.6000.17117] . . c:\windows\ie7updates\KB2809289-IE7\iexplore.exe
[7] 2012-12-21 . 8C468BEF81657CB0522115EC08C1A685 . 643120 . . [7.00.6000.21319] . . c:\windows\$hf_mig$\KB2792100-IE7\SP3QFE\iexplore.exe
[7] 2012-10-31 . F77E696991FED3B92E09AC0CE91E9BCA . 643104 . . [7.00.6000.17115] . . c:\windows\ie7updates\KB2792100-IE7\iexplore.exe
[7] 2012-10-31 . CE4C28454C062C30489D4B82FDB515F3 . 643104 . . [7.00.6000.21317] . . c:\windows\$hf_mig$\KB2761465-IE7\SP3QFE\iexplore.exe
[7] 2012-08-26 . 326B5461CCD7DB0CD6B126ADEB28667A . 634504 . . [7.00.6000.17114] . . c:\windows\ie7updates\KB2761465-IE7\iexplore.exe
[7] 2012-08-26 . F516E1F811AC01F5DA1D486051069A7C . 634504 . . [7.00.6000.21316] . . c:\windows\$hf_mig$\KB2744842-IE7\SP3QFE\iexplore.exe
[7] 2012-07-03 . 0F06AE8613FE66FF4C02A0C27D0DC7EF . 634488 . . [7.00.6000.17112] . . c:\windows\ie7updates\KB2744842-IE7\iexplore.exe
[7] 2012-07-03 . 5A120ED9A6327241A69241A3D854AB21 . 634488 . . [7.00.6000.21314] . . c:\windows\$hf_mig$\KB2722913-IE7\SP3QFE\iexplore.exe
[7] 2012-04-22 . 0A39EEAD063CCDFF36AC9F0B8F800956 . 634488 . . [7.00.6000.17110] . . c:\windows\ie7updates\KB2722913-IE7\iexplore.exe
[7] 2012-04-22 . CE2379FC341C65CAD88FF8264A791AB5 . 634488 . . [7.00.6000.21312] . . c:\windows\$hf_mig$\KB2699988-IE7\SP3QFE\iexplore.exe
[7] 2012-02-29 . DF642AABFDACE36E3B4329091A07DE87 . 634680 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iexplore.exe
[7] 2011-12-16 . DB9D9A73FACB0B11992201D670D73E16 . 634680 . . [7.00.6000.21310] . . c:\windows\$hf_mig$\KB2647516-IE7\SP3QFE\iexplore.exe
[7] 2011-10-31 . 1C5DA2D9EA2A59D0D5C116FA3A5A21AA . 634504 . . [7.00.6000.21308] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\iexplore.exe
[7] 2011-08-17 . CB0AFAF9E5C5FE70EC7087E71275DD33 . 634632 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iexplore.exe
[7] 2011-06-20 . DE0F15DD275A36C3E67DC1E36F958F3A . 634648 . . [7.00.6000.21302] . . c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\iexplore.exe
[7] 2011-04-21 . 3E23DBEBE1020D52C63235E4189FAC03 . 634648 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe
[7] 2011-02-14 . E3CC8CCF21BFDC954255BB17083FB9F0 . 634648 . . [7.00.6000.21298] . . c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\iexplore.exe
[7] 2010-12-20 . B74CBEBA34E3CAA2CCACC87FEE8A16C0 . 634648 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe
[7] 2010-10-18 . DA6E1F0F1932B62DD2F6ED05541C555C . 634648 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
[7] 2010-08-25 . F047BEB9771E45A05F425499A30F9BBA . 634648 . . [7.00.6000.21293] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe
[7] 2010-06-17 . B0BC6DC9C9277250C5C8F7B7A48A02CC . 634648 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[-] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[-] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[-] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[-] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[-] 2007-06-27 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
[-] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe
[-] 2007-02-28 . D321092F8529CDAE843D6E24E3CAC6CB . 625152 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe
[7] 2004-08-12 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-12 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
[7] 2013-10-30 10:12 . EF01D104449CC654FDCF423C92BD8846 . 275568 . . [25.0] . . c:\windows\ERDNT\cache\firefox.exe
.
[7] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SYSTEM32\ntoskrnl.exe
[7] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[7] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[7] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2859537$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-02-21 . DF4D09B676964646FA166A78C816B4C3 . 2180992 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2004-08-12 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-12 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB914882$\ntoskrnl.exe
[7] 2004-08-12 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\srsvc.dll
[7] 2004-08-12 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[7] 2004-08-12 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\w32time.dll
[7] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
[7] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[7] 2004-08-12 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[7] 2004-08-12 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\midimap.dll
[7] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
[7] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[7] 2004-08-12 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[7] 2004-08-12 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\rasadhlp.dll
.
[7] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[7] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wshtcpip.dll
[7] 2004-08-12 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
[7] 2004-08-12 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-12 6692632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"ioloGovernor"="c:\program files\iolo\System Mechanic Professional\ioloGovernor.exe" [2014-08-13 870224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Booter Progam.lnk - c:\windows\SYSTEM32\shutdown.exe -r -t 10 -c "Karma Got You!" [2004-8-12 19456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 10:19    10520    ----a-w-    c:\windows\SYSTEM32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       ???\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 22:37    2178832    -c--a-w-    c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22531:TCP"= 22531:TCP:BitComet 22531 TCP
"22531:UDP"= 22531:UDP:BitComet 22531 UDP
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/11/2012 1:54 PM 142648]
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\SYSTEM32\DRIVERS\amp.sys [7/24/2014 11:38 PM 139528]
R2 AMPSE;Active Malware Protection Support Driver;c:\windows\SYSTEM32\DRIVERS\ampse.sys [7/24/2014 11:38 PM 1386760]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/2/2013 4:59 AM 4700872]
R2 PDFsFilter;PDFsFilter;c:\windows\SYSTEM32\DRIVERS\PDFsFilter.sys [11/2/2013 4:58 AM 68464]
R2 vseamps;vseamps;c:\program files\Common Files\Commtouch\AntiVirus5\vseamps.exe [3/25/2014 3:49 PM 97544]
R2 vsedsps;vsedsps;c:\program files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [3/25/2014 3:49 PM 97544]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys --> c:\windows\system32\drivers\gfibto.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys --> c:\windows\system32\DRIVERS\revoflt.sys [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [3/25/2014 3:49 PM 142600]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IPVNMon
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-04-14 10:41    99840    ----a-w-    c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-18 09:02]
.
2014-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-10-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-31 01:59]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\f4a1dz9h.default-1394252383156\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-61232109.sys
SafeBoot-AMP
SafeBoot-AMPSE
SafeBoot-WebrootSpySweeperService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-27 00:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-10-27  01:02:32
ComboFix-quarantined-files.txt  2014-10-27 06:02
ComboFix2.txt  2013-11-01 05:11
.
Pre-Run: 10,807,463,936 bytes free
Post-Run: 10,791,645,184 bytes free
.
- - End Of File - - F59165DBDDB999892FC278FCE6288675
8F558EB6672622401DA993E1E865C861

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 05 November 2014 - 04:39 PM

Greetings therion and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. It sounds like we have quite a chore ahead of us. I can't promise we can undo it but we will certainly try. Please be patient while I review the information then try to figure out what options are available to us.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 05 November 2014 - 05:08 PM

Greetings,

Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce

  • Check the Export keys radio button.
  • Press the Go button
  • Zip and attach the report to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Edited by Oh My!, 05 November 2014 - 07:03 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 05 November 2014 - 11:12 PM

I don't have the option to send to COMPRESSED ZIP FOLDER so I have to just post here. Sorry I will have to break the text up and post.
 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):3f,00,3f,00,3f,00,00,00,a0,00,00,00,00,00
"CriticalSectionTimeout"=dword:00278d00
"EnableMCA"=dword:00000001
"EnableMCE"=dword:00000000
"ExcludeFromKnownDlls"=hex(7):00,00
"GlobalFlag"=dword:00000000
"HeapDeCommitFreeBlockThreshold"=dword:00000000
"HeapDeCommitTotalFreeThreshold"=dword:00000000
"HeapSegmentCommit"=dword:00000000
"HeapSegmentReserve"=dword:00000000
"ObjectDirectories"=hex(7):5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,\
  00,5c,00,52,00,50,00,43,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,\
  00,00,00,00
"ProtectionMode"=dword:00000001
"ResourceTimeoutCount"=dword:0009e340
"ProcessorControl"=dword:00000002
"RegisteredProcessors"=dword:00000001
"LicensedProcessors"=dword:00000001
"AutoChkTimeOut"=dword:00000005

Edited by Oh My!, 06 November 2014 - 02:35 PM.
Extra information removed


#9 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 05 November 2014 - 11:13 PM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\CWD]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\CWD\ff060102423da0000407108e0500]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\CWD\ff060102423da0000407108e0500\1]
"Add1"=hex:02,15,40,a0,10,1e,b8,23,00,8e,d8,8b,0e,14,07,81,e1,00,02,1f,c3
"Change1"=hex:01,1d,50,48,0c,55,8b,ec,b8,00,00,9c,59,81,e1,00,02,55,8b,ec,b8,\
  00,00,e8,e7,57,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBI01]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBI01\ff06010242935100040720730500]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBI01\ff06010242935100040720730500\1]
"Change1"=hex:01,49,d0,18,22,45,55,8b,ec,1e,b4,43,32,c0,c5,56,06,cd,21,1f,72,\
  0a,c4,5e,0a,26,89,0f,33,c0,eb,04,50,e8,fa,02,5d,4d,cb,55,8b,ec,1e,b8,00,43,\
  c5,56,06,cd,21,1f,72,0d,c4,5e,0a,80,e1,1f,26,89,0f,33,c0,eb,04,50,e8,fa,02,\
  5d,cb

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBI02]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBI02\ff06010242468300040790c80400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBI02\ff06010242468300040790c80400\1]
"Change1"=hex:01,51,12,46,26,45,55,8b,ec,56,57,1e,b4,43,32,c0,c5,56,06,cd,21,\
  1f,72,0a,c4,5e,0a,26,89,0f,33,c0,eb,04,50,e8,4b,03,5f,5e,5d,4d,cb,45,55,8b,\
  ec,1e,b4,43,32,c0,c5,56,06,cd,21,1f,72,0a,c4,5e,0a,80,e1,1f,26,89,0f,33,c0,\
  eb,04,50,e8,4b,03,5d,4d,cb,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBIN]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBIN\ff0601024cab7b000407b0ea0400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTBIN\ff0601024cab7b000407b0ea0400\2]
"Change1"=hex:01,15,f0,3b,08,3d,03,5f,74,03,e9,06,00,3d,03,5f,90,90,e9,06,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTSCR]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTSCR\ff060102c47b1f00040750db0100]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\INSTSCR\ff060102c47b1f00040750db0100\e]
"Change1"=hex:01,13,84,1e,07,45,55,8b,ec,68,00,20,45,55,8b,ec,68,02,20

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\LTSPRINT]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\LTSPRINT\ff060102424f3f000306706600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\LTSPRINT\ff060102424f3f000306706600\1]
"Change1"=hex:01,0b,9c,1c,03,3d,00,01,3d,00,06

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\MYST]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\MYST\ff060102423bab000407102e0600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\MYST\ff060102423bab000407102e0600\1]
"Add1"=hex:02,15,40,ab,10,1e,b8,23,00,8e,d8,8b,0e,14,07,81,e1,00,02,1f,c3
"Change1"=hex:01,1d,50,49,0c,55,8b,ec,b8,00,00,9c,59,81,e1,00,02,55,8b,ec,b8,\
  00,00,e8,e7,61,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\OUTPOST]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\OUTPOST\ff06010242410f000306801500]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\OUTPOST\ff06010242410f000306801500\1]
"Change1"=hex:01,0f,09,0a,05,9a,73,05,ff,01,b8,03,0a,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\PALED40]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\PALED40\ff060102420032000407401b0100]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\PALED40\ff060102420032000407401b0100\1]
"Change1"=hex:01,07,b7,21,01,d8,0c

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601024211e100040750e50700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601024211e100040750e50700\1]
"Change1"=hex:01,1d,3f,e0,0c,8b,46,e8,8b,56,ea,2b,46,fa,1b,56,fc,b8,50,01,ba,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601024237e6000407d00e0800]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601024237e6000407d00e0800\1]
"Change1"=hex:01,1d,65,e5,0c,8b,46,e8,8b,56,ea,2b,46,fa,1b,56,fc,b8,50,01,ba,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff060102428203000306401600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff060102428203000306401600\1]
"Change1"=hex:01,0f,28,03,05,33,ed,55,9a,13,b8,00,4c,cd,21

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601025621ef000407f07a0700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601025621ef000407f07a0700\3]
"Change1"=hex:01,1d,f3,45,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601025642ea00040750550700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601025642ea00040750550700\3]
"Change1"=hex:01,1d,b7,41,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff060102564ee6000407b0670700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff060102564ee6000407b0670700\3]
"Change1"=hex:01,15,7c,35,08,66,8b,46,fc,66,2b,46,f0,66,b8,50,01,00,00,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff060102565ce5000407d0600700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff060102565ce5000407d0600700\3]
"Change1"=hex:01,1d,fd,34,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601025674e6000407704d0700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff0601025674e6000407704d0700\3]
"Change1"=hex:01,1d,cf,3d,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256b1dd00040760ef0b00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256b1dd00040760ef0b00\3]
"Change1"=hex:01,15,2c,3b,08,66,8b,46,f0,66,2b,46,f4,66,b8,50,01,00,00,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256c1ef00040770fb0600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256c1ef00040770fb0600\3]
"Change1"=hex:01,1d,fd,38,0c,8b,46,f0,8b,56,f2,2b,46,f4,1b,56,f6,b8,50,01,ba,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256e2e400040750600700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256e2e400040750600700\3]
"Change1"=hex:01,1d,fd,34,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256eae500040710640700]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256eae500040710640700\3]
"Change1"=hex:01,1d,fd,34,0c,8b,4e,f0,8b,5e,f2,2b,4e,f4,1b,5e,f6,b9,50,01,bb,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256faef00040710c50600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP\ff06010256faef00040710c50600\3]
"Change1"=hex:01,1d,b7,33,0c,8b,46,f0,8b,56,f2,2b,46,f4,1b,56,f6,b8,50,01,ba,\
  00,00,90,90,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP16]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP16\ff0601024cd875000407a0db0100]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\SETUP16\ff0601024cd875000407a0db0100\2]
"Change1"=hex:01,23,17,42,0f,8b,c8,8b,d0,8b,5e,0e,2a,e4,89,07,8a,cd,2a,ed,b9,\
  0a,00,ba,03,0a,8b,5e,0e,2a,e4,90,90,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\USA]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\USA\ff06010242059b00040710780600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\USA\ff06010242059b00040710780600\1]
"Change1"=hex:01,1d,95,44,0c,55,8b,ec,b8,00,00,9c,59,81,e1,00,02,55,8b,ec,b8,\
  00,00,e8,67,56,90,90,90
"Change2"=hex:01,25,05,9b,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  1e,b8,23,00,8e,d8,8b,0e,14,07,81,e1,00,02,1f,c3

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\VB]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\VB\ff060102ec353f00040780c81300]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\VB\ff060102ec353f00040780c81300\12]
"Change1"=hex:01,11,1b,03,06,81,3e,ba,31,34,03,81,3e,ba,31,09,03

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\VB40016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\VB40016\ff0702021401ee3e000407d0460e00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\VB40016\ff0702021401ee3e000407d0460e00\16]
"Change1"=hex:01,11,6d,2a,06,81,3e,6e,36,34,03,81,3e,6e,36,09,03

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\WISE0001]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\WISE0001\ff0601024cf4ef000407604e0100]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppPatches\WISE0001\ff0601024cf4ef000407604e0100\2]
"Change1"=hex:01,0f,8e,00,05,9a,4b,00,0f,02,b8,0c,29,90,90

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\DOS Devices]
"AUX"="\\DosDevices\\COM1"
"MAILSLOT"="\\Device\\MailSlot"
"NUL"="\\Device\\Null"
"PIPE"="\\Device\\NamedPipe"
"PRN"="\\DosDevices\\LPT1"
"UNC"="\\Device\\Mup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Environment]
"ComSpec"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
  00,6d,00,64,00,2e,00,65,00,78,00,65,00,00,00
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,3b,00,25,00,\
  53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,3b,00,25,\
  00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\
  73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,\
  00,3b,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
  46,00,69,00,6c,00,65,00,73,00,5c,00,51,00,75,00,69,00,63,00,6b,00,54,00,69,\
  00,6d,00,65,00,5c,00,51,00,54,00,53,00,79,00,73,00,74,00,65,00,6d,00,3b,00,\
  43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,\
  00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
  77,00,73,00,50,00,6f,00,77,00,65,00,72,00,53,00,68,00,65,00,6c,00,6c,00,5c,\
  00,76,00,31,00,2e,00,30,00,3b,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,\
  72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,\
  00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,63,00,\
  72,00,6f,00,6e,00,69,00,73,00,5c,00,53,00,6e,00,61,00,70,00,41,00,50,00,49,\
  00,00,00
"windir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,00,00
"FP_NO_HOST_CHECK"="NO"
"OS"="Windows_NT"
"PROCESSOR_ARCHITECTURE"="x86"
"PROCESSOR_LEVEL"="15"
"PROCESSOR_IDENTIFIER"="x86 Family 15 Model 4 Stepping 1, GenuineIntel"
"PROCESSOR_REVISION"="0401"
"NUMBER_OF_PROCESSORS"="1"
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1"
"TEMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,54,00,45,00,4d,00,50,00,00,00
"TMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
  25,00,5c,00,54,00,45,00,4d,00,50,00,00,00
"tvdumpflags"="8"
"asl.log"="Destination=file;OnFirstLog=command,environment"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Executive]
"AdditionalDelayedWorkerThreads"=dword:00000000
"PriorityQuantumMatrix"=hex:e0,9e,f4,85,00,00,00,00,d1,82,ce,01
"AdditionalCriticalWorkerThreads"=dword:00000004

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\FileRenameOperations]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\kernel]
"obcaseinsensitive"=dword:00000001
"ObUnsecureGlobalNames"=hex(7):6e,00,65,00,74,00,66,00,78,00,63,00,75,00,73,00,\
  74,00,6f,00,6d,00,70,00,65,00,72,00,66,00,63,00,6f,00,75,00,6e,00,74,00,65,\
  00,72,00,73,00,2e,00,31,00,2e,00,30,00,00,00,53,00,68,00,61,00,72,00,65,00,\
  64,00,50,00,65,00,72,00,66,00,49,00,50,00,43,00,42,00,6c,00,6f,00,63,00,6b,\
  00,00,00,43,00,6f,00,72,00,5f,00,50,00,72,00,69,00,76,00,61,00,74,00,65,00,\
  5f,00,49,00,50,00,43,00,42,00,6c,00,6f,00,63,00,6b,00,00,00,43,00,6f,00,72,\
  00,5f,00,50,00,75,00,62,00,6c,00,69,00,63,00,5f,00,49,00,50,00,43,00,42,00,\
  6c,00,6f,00,63,00,6b,00,5f,00,00,00,43,00,6f,00,72,00,5f,00,53,00,78,00,53,\
  00,50,00,75,00,62,00,6c,00,69,00,63,00,5f,00,49,00,50,00,43,00,42,00,6c,00,\
  6f,00,63,00,6b,00,5f,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\KnownDLLs]
"advapi32"="advapi32.dll"
"comdlg32"="comdlg32.dll"
"DllDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,00,00
"gdi32"="gdi32.dll"
"imagehlp"="imagehlp.dll"
"kernel32"="kernel32.dll"
"lz32"="lz32.dll"
"ole32"="ole32.dll"
"oleaut32"="oleaut32.dll"
"olecli32"="olecli32.dll"
"olecnv32"="olecnv32.dll"
"olesvr32"="olesvr32.dll"
"olethk32"="olethk32.dll"
"rpcrt4"="rpcrt4.dll"
"shell32"="shell32.dll"
"url"="url.dll"
"urlmon"="urlmon.dll"
"user32"="user32.dll"
"version"="version.dll"
"wininet"="wininet.dll"
"wldap32"="wldap32.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000
"LargeSystemCache"=dword:00000000
"NonPagedPoolQuota"=dword:00000000
"NonPagedPoolSize"=dword:00000000
"PagedPoolQuota"=dword:00000000
"PagedPoolSize"=dword:ffffffff
"SystemPages"=dword:0007b000
"PagingFiles"=hex(7):43,00,3a,00,5c,00,70,00,61,00,67,00,65,00,66,00,69,00,6c,\
  00,65,00,2e,00,73,00,79,00,73,00,20,00,31,00,31,00,35,00,32,00,20,00,32,00,\
  33,00,30,00,34,00,00,00,00,00
"PhysicalAddressExtension"=dword:00000000
"SessionImageSize"=dword:00000010
"SessionViewSize"=dword:00000030
"SessionPoolSize"=dword:00000004
"WriteWatch"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"IoPageLockLimit"=dword:04000000
"SecondLevelDataCache"=dword:00000000
"PoolUsageMaximum"=dword:0000003c

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:00000148
"AppLaunchMaxNumPages"=dword:00000fa0
"AppLaunchMaxNumSections"=dword:000000aa
"AppLaunchTimerPeriod"=hex:80,69,67,ff,ff,ff,ff,ff
"BootMaxNumPages"=dword:0001f400
"BootMaxNumSections"=dword:00000ff0
"BootTimerPeriod"=hex:00,f2,d8,f8,ff,ff,ff,ff
"MaxNumActiveTraces"=dword:00000008
"MaxNumSavedTraces"=dword:00000008
"RootDirPath"="Prefetch"
"HostingAppList"="DLLHOST.EXE,MMC.EXE,RUNDLL32.EXE"
"EnablePrefetcher"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Power]
"AcProcessorPolicy"=hex:01,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,a0,86,\
  01,00,a0,86,01,00,a0,86,01,00,28,32,00,00,02,00,00,00,a0,86,01,00,a0,86,01,\
  00,a0,86,01,00,28,3c,00,00,03,00,00,00,a0,86,01,00,a0,86,01,00,a0,86,01,00,\
  28,50,00,00,01,00,00,00
"DcProcessorPolicy"=hex:01,00,00,00,03,00,00,00,00,00,00,00,03,00,00,00,a0,86,\
  01,00,a0,86,01,00,a0,86,01,00,0a,14,00,00,02,00,00,00,a0,86,01,00,a0,86,01,\
  00,a0,86,01,00,14,28,00,00,03,00,00,00,a0,86,01,00,a0,86,01,00,a0,86,01,00,\
  14,46,00,00,01,00,00,00
"AcPolicy"=hex:01,00,00,00,00,00,00,00,03,00,00,00,10,00,00,00,02,00,00,00,03,\
  00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,84,28,\
  58,48,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,32,00,16,00,02,00,00,\
  00,04,00,00,00,02,00,00,00,00,00,00,00,5c,00,57,00,00,00,00,00,03,00,00,00,\
  01,00,00,00,03,00,00,00,02,00,00,00,04,00,00,c0,01,00,00,00,04,00,00,00,01,\
  00,00,00,0a,00,00,00,00,00,00,00,03,00,00,00,01,00,01,00,01,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,\
  61,f6,90,7c,30,f2,06,00,6e,d9,90,7c,f0,f2,06,00,00,00,00,00,00,64,64,00,02,\
  00,00,00,04,00,00,c0,00,00,00,00
"DcPolicy"=hex:01,00,00,00,00,00,00,00,03,00,00,00,10,00,00,00,02,00,00,00,03,\
  00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,\
  00,00,02,00,00,00,00,00,00,00,00,00,00,00,2c,01,00,00,32,03,2d,00,04,00,00,\
  00,04,00,00,00,02,00,00,00,00,00,00,00,39,00,33,00,84,03,00,00,03,00,00,00,\
  01,00,00,00,03,00,00,00,02,00,00,00,04,00,00,c0,01,00,00,00,04,00,00,00,01,\
  00,00,00,0a,00,00,00,00,00,00,00,03,00,00,00,01,00,01,00,01,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,00,00,2c,01,00,00,\
  01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,58,02,00,00,00,64,64,00,02,\
  00,00,00,04,00,00,c0,00,00,00,00
"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\SFC]
"ProgramFilesDir"="C:\\Program Files"
"CommonFilesDir"="C:\\Program Files\\Common Files"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\SubSystems]
"Debug"=hex(2):00,00
"Kmode"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,\
  69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00
"Optional"=hex(7):50,00,6f,00,73,00,69,00,78,00,00,00,00,00
"Required"=hex(7):44,00,65,00,62,00,75,00,67,00,00,00,57,00,69,00,6e,00,64,00,\
  6f,00,77,00,73,00,00,00,00,00
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
  00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
  65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
  00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
  72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
  00,32,00,34,00,2c,00,33,00,30,00,37,00,32,00,2c,00,35,00,31,00,32,00,20,00,\
  57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,00,75,\
  00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,3d,00,\
  57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,00,65,\
  00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,76,00,\
  2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,\
  00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,53,00,\
  65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,\
  00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,20,00,\
  53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,00,6e,\
  00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,65,00,\
  72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,00,7a,\
  00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,50,00,72,00,6f,00,66,00,\
  69,00,6c,00,65,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,\
  00,66,00,20,00,4d,00,61,00,78,00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,\
  54,00,68,00,72,00,65,00,61,00,64,00,73,00,3d,00,31,00,36,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase"=dword:7f6f0000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-28W34WWKYT9TPVMYFTKXT]
"ProductID"="76477-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,4c,98,2f,8e,3d,1d,5c,94,ad,58,ce,5d,19,d6,02,00,\
  00,00,00,00,d8,84,a1,43,73,50,03,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,32,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,00,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,3f,b5,3d,c0,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-3X9XJB3WC3BTKCWFHPQ72]
"ProductID"="76477-OEM-0057457-16627"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,35,37,34,35,37,2d,31,36,36,32,37,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,26,db,7c,44,4f,b0,b8,f0,43,7c,82,7d,b8,c7,02,00,\
  00,00,00,00,45,3f,d3,4c,e6,1d,07,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5b,00,82,74,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-C774FQHQFDCFMDFXGGCYG]
"ProductID"="76477-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,4c,98,2f,8e,3d,1d,5c,94,ad,58,ce,5d,19,d6,02,00,\
  00,00,00,00,de,29,ad,51,b2,cb,02,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1e,36,af,90,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-CB68K46GY2JFGK2WGJWB2]
"ProductID"="76477-OEM-0057457-16627"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,35,37,34,35,37,2d,31,36,36,32,37,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,26,db,7c,44,4f,b0,b8,f0,43,7c,82,7d,b8,c7,02,00,\
  00,00,00,00,45,3f,d3,4c,e6,1d,07,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5b,00,82,74,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-DG3XTJ4G88M3BHDC3CK98]
"ProductID"="76477-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,4c,98,2f,8e,3d,1d,5c,94,ad,58,ce,5d,19,d6,02,00,\
  00,00,00,00,96,1a,e6,51,a7,77,02,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,70,db,e1,b3,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-M4FHFM3KQ2886D9HWJJH3]
"ProductID"="76477-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,4c,98,2f,8e,3d,1d,5c,94,ad,58,ce,5d,19,d6,02,00,\
  00,00,00,00,4c,1d,e5,51,ec,54,02,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,3f,d2,3b,37,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-QB73PBDMF6XM2798HY4BB]
"ProductID"="76477-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,4c,98,2f,8e,3d,1d,5c,94,ad,58,ce,5d,19,d6,02,00,\
  00,00,00,00,54,c6,18,41,83,bd,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,33,37,33,32,35,00,00,00,00,00,00,00,18,18,\
  00,00,92,ef,32,b8,ff,00,00,00,75,1a,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,46,50,09,70,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-RHJKCVY2HFHJMY2W6H66T]
"ProductID"="76477-OEM-0011903-00102"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,4c,98,2f,8e,3d,1d,5c,94,ad,58,ce,5d,19,d6,02,00,\
  00,00,00,00,de,29,ad,51,b2,cb,02,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1e,36,af,90,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-TG8JMCBC2G9QC9CF339FV]
"ProductID"="76477-OEM-0057457-16627"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,35,37,34,35,37,2d,31,36,36,32,37,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,26,db,7c,44,4f,b0,b8,f0,43,7c,82,7d,b8,c7,02,00,\
  00,00,00,00,45,3f,d3,4c,e6,1d,07,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5b,00,82,74,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Key-XPP4M4DQWWXY29K2GJPJ9]
"ProductID"="76477-OEM-0057457-16627"
"DigitalProductID"=hex:a4,00,00,00,03,00,00,00,37,36,34,37,37,2d,4f,45,4d,2d,\
  30,30,35,37,34,35,37,2d,31,36,36,32,37,00,2b,00,00,00,41,32,32,2d,30,30,30,\
  30,31,00,00,00,00,00,00,00,26,db,7c,44,4f,b0,b8,f0,43,7c,82,7d,b8,c7,02,00,\
  00,00,00,00,45,3f,d3,4c,e6,1d,07,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,38,30,31,32,37,00,00,00,00,00,00,00,d5,0e,\
  00,00,7f,0e,a9,c8,fe,02,00,00,c7,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5b,00,82,74,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\PnP]
"seed"=dword:80882bf4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\SigningHash-2J946TKMBDVV39]
"SigningHashData"=hex:2e,f3,0a,63,6d,91,2d,40,1c,e4,92,86,b4,5d,9c,6e,96,75,dc,\
  7c,51,17,1e,4c,ea,6a,2b,26,e5,e7,f4,35,89,2a,94,94,cb,11,4b,4a,9e,d3,21,ad,\
  05,e7,9e,41,d3,08,a4,40,2f,9b,77,b0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\SigningHash-J2X2CYPVVTP4HV]
"SigningHashData"=hex:b8,ee,d5,9e,1d,4b,38,eb,0b,6e,db,e2,91,a0,2b,16,27,b6,be,\
  40,2c,7f,7e,7e,55,cd,61,c3,cd,95,53,7c,28,e2,24,da,f3,65,c9,4d,16,c2,25,21,\
  b0,b2,9b,d0,09,ca,5e,5a,d0,ad,54,7d

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA\Starter]
"Installed"=dword:00000000
 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 06 November 2014 - 09:50 AM

Looks like we didn't get the results for the second registry key. Could you please rerun Miniregtool exporting this registry key?

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 06 November 2014 - 10:02 AM

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  74,00,73,00,63,00,75,00,70,00,67,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,\
  00
 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 06 November 2014 - 02:40 PM

Thank you,

Are you able to at least get to the Recovery Console using your XP instalation CD?

Please do this.

===================================================

Registry Fix

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
  00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recovery Console?
  • Did the registry fix merge properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 06 November 2014 - 06:38 PM

I can get to recovery console with a new disc I made.

 

I cannot load windows and do a repair because it says it cannot find the eula agreement

 

I cannot even copy and paste the above so I am going to have to type it out manually. After the first line how many times should I press enter. I other words how much space is there between the first and second lines? My computer is such a mess.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 06 November 2014 - 08:08 PM

Hold off on that and please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please attach both reports to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 therion

therion
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 06 November 2014 - 10:39 PM

Here are the two texts. I know I royally screwed things up. I can't copy and paste or drag. I can't even search. 
 
Thank you for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Dell Customer (administrator) on DGVRKS61 on 06-11-2014 20:30:17
Running from C:\Documents and Settings\Dell Customer\Desktop
Loaded Profile: Dell Customer (Available profiles: Dell Customer & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] ()
HKLM\...\Run: [ioloGovernor] => C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe [870224 2014-08-12] (iolo technologies, LLC)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\WRNotifier: WRLogonNTF.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3749318984-4252393807-2332203289-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3749318984-4252393807-2332203289-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-3749318984-4252393807-2332203289-1006\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Booter Progam.lnk
ShortcutTarget: Booter Progam.lnk -> C:\WINDOWS\SYSTEM32\shutdown.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Dell Customer\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: ??? 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3749318984-4252393807-2332203289-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {06DD0B39-6E5B-484C-93EA-36FBBF513753} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {15164201-AF25-45B3-B4F7-385EF2285137} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {47096062-1871-4496-8E4E-5A623FDA146B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {7EFF545E-65AE-4C2B-AE7C-B9D9E6EE7C3C} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {A7F39B63-42B4-4C99-8168-2C594F81BDD8} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKLM - {AAB7D940-3AE0-4F90-96F1-1924278316B7} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {DE0870DA-E124-43FD-A8E3-D0BB6E065F77} URL = http://video.yahoo.com/search/?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - Google URL = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
SearchScopes: HKCU - {0AB35578-153D-4487-890F-D646F81BFD25} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {47096062-1871-4496-8E4E-5A623FDA146B} URL =
SearchScopes: HKCU - {54B856CF-EFB1-44C8-B997-A1314112B19E} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKCU - {670BD9DB-8480-43B6-AA48-548928F3B17A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yie8ms
SearchScopes: HKCU - {86DB884F-19CF-4EA2-88CC-8FE8F62B75ED} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {885D2FD4-392C-45EA-8E88-BF12A050F82C} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {8FC5E783-175C-4A8B-9300-0F829FD6F3B4} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {A61A4FF5-18E5-4256-9CD7-6B027B226C00} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {D9E1E8A8-5599-4E43-8DDE-89670D2FDDF6} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {DD449BD8-15C3-4B8C-87C0-9F65B0F5F6E6} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - {DEC62464-118D-44DF-8AFC-25D777BCF5FA} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
BHO: No Name -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> No File
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
BHO: SidebarAutoLaunch Class -> {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -> No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKLM - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - No File
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 68.94.156.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\f4a1dz9h.default-1394252383156
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Extension: SmartVideo For YouTube - C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\f4a1dz9h.default-1394252383156\Extensions\mytube@ashishmishra.in.xpi [2014-05-31]
FF Extension: Saved Passwords Button (Gemte adgangskoder) - C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\f4a1dz9h.default-1394252383156\Extensions\savedpasswords@adamfranco.com.xpi [2014-09-14]
FF Extension: Adblock Plus - C:\Documents and Settings\Dell Customer\Application Data\Mozilla\Firefox\Profiles\f4a1dz9h.default-1394252383156\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-29]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Dell Customer\Local Settings\Application Data\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-19] (SUPERAntiSpyware.com)
S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-06-22] (Oracle Corporation)
S4 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
S2 ca82e1a5; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\Optimizer Pro\OptProCrash.dll",ENT
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S4 LVPrcSrv; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [X]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [X]
S2 RpcSs; %SystemRoot%\System32\rpcss.dll [X]
S2 vseamps; "C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe" [X]
S2 vsedsps; "C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe" [X]
S3 vseqrts; "C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe" [X]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
S4 WMPNetworkSvc; "C:\Program Files\Windows Media Player\WMPNetwk.exe" [X]
S3 WudfSvc; %SystemRoot%\System32\WUDFSvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-12] (Microsoft Corporation)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [139528 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1386760 2014-03-25] (CYREN Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-11-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2014-11-04] (Malwarebytes Corporation)
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 PDFsFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [68464 2014-08-12] (Raxco Software, Inc.)
S3 QCDonner; C:\WINDOWS\System32\DRIVERS\OVCD.sys [28032 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SSFS0BB9; C:\WINDOWS\System32\Drivers\SSFS0BB9.SYS [20280 2007-10-01] (Webroot Software Inc (www.webroot.com))
S3 SSKBFD; C:\WINDOWS\System32\Drivers\sskbfd.sys [23864 2007-10-01] (Webroot Software Inc (www.webroot.com))
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2011-12-28] (AnchorFree Inc)
S3 catchme; \??\C:\DOCUME~1\DELLCU~1\LOCALS~1\Temp\catchme.sys [X]
S4 dmload; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 FileDisk; No ImagePath
S0 gfibto; system32\drivers\gfibto.sys [X]
U0 IPVNMon; No ImagePath
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
U0 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
U0 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U0 OMCI; \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U0 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S3 Revoflt; system32\DRIVERS\revoflt.sys [X]
U0 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
U0 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
S2 SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U0 SSHRMD; SYSTEM32\Drivers\SSHRMD.SYS [X]
U0 SSIDRV; SYSTEM32\Drivers\SSIDRV.SYS [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
S1 Vsdatant; System32\vsdatant.sys [X]
U0 wanatw; system32\DRIVERS\wanatw4.sys [X]
S3 WudfPf; system32\DRIVERS\WudfPf.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 20:30 - 2014-11-06 20:30 - 00017858 _____ () C:\Documents and Settings\Dell Customer\Desktop\FRST.txt
2014-11-06 20:29 - 2014-11-06 20:30 - 00000000 ____D () C:\FRST
2014-11-06 20:29 - 2014-11-06 20:29 - 01106432 _____ (Farbar) C:\Documents and Settings\Dell Customer\Desktop\FRST.exe
2014-11-05 21:05 - 2014-11-05 21:05 - 00204220 _____ () C:\Documents and Settings\Dell Customer\Desktop\Minireg tool txt.txt
2014-11-05 20:56 - 2014-11-05 20:56 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Desktop\MiniRegTool
2014-11-05 20:55 - 2014-11-05 20:55 - 01167841 _____ () C:\Documents and Settings\Dell Customer\Desktop\MiniRegTool.zip
2014-11-05 16:25 - 2011-01-26 23:06 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Desktop\NTBR_CD
2014-11-05 16:23 - 2014-11-05 16:24 - 02565464 _____ () C:\Documents and Settings\Dell Customer\Desktop\NTBR_CD.exe
2014-11-05 16:21 - 2014-11-05 16:22 - 08867840 _____ () C:\Documents and Settings\Dell Customer\Desktop\SeaToolsDOS223ALL.ISO
2014-11-05 04:53 - 2014-11-05 04:53 - 00000745 _____ () C:\Documents and Settings\Dell Customer\Desktop\xp_exe_fix.zip
2014-11-05 04:39 - 2014-11-05 04:39 - 00000000 ____D () C:\WINDOWS\system32\rundll32
2014-11-05 01:50 - 2014-11-05 02:17 - 08271872 _____ () C:\Documents and Settings\Dell Customer\Desktop\XPRC.iso
2014-11-05 01:43 - 2014-11-05 01:43 - 03211786 _____ () C:\Documents and Settings\Dell Customer\Desktop\ARCDC.exe
2014-11-04 20:37 - 2014-11-04 20:40 - 05634808 _____ (Canneverbe Limited ) C:\Documents and Settings\Dell Customer\Desktop\cdbxp_setup_4.5.4.5143.exe
2014-11-04 20:31 - 2014-11-04 20:32 - 07716864 _____ () C:\Documents and Settings\Dell Customer\Desktop\BritecRecoveryConsole.iso
2014-11-04 20:27 - 2014-11-04 20:49 - 03469871 _____ () C:\Documents and Settings\Dell Customer\Desktop\SetupImgBurn_2.5.8.0.exe.part
2014-11-04 15:59 - 2004-08-12 07:58 - 00229439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\multibox.dll
2014-11-04 15:58 - 2004-08-12 07:58 - 01875968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.lex
2014-11-04 15:58 - 2004-08-12 07:58 - 00098304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.dll
2014-11-04 15:56 - 2004-08-12 07:58 - 01158818 ____C () C:\WINDOWS\system32\dllcache\korwbrkr.lex
2014-11-04 15:56 - 2004-08-12 07:58 - 00070656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\korwbrkr.dll
2014-11-04 15:54 - 2004-08-12 07:58 - 00471102 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imskdic.dll
2014-11-04 15:54 - 2004-08-12 07:58 - 00045109 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpuex.exe
2014-11-04 03:14 - 2014-11-06 16:29 - 00000000 _____ () C:\Documents and Settings\Dell Customer\Desktop\fix.reg
2014-11-03 21:52 - 2014-11-06 20:30 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Local Settings\temp
2014-11-03 21:52 - 2014-11-03 21:52 - 00020678 _____ () C:\ComboFix.txt
2014-11-03 21:52 - 2014-11-03 21:52 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-11-03 21:52 - 2014-11-03 21:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-03 20:34 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-03 20:34 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-03 20:34 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-03 20:34 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-03 20:34 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-03 20:34 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-03 20:34 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-03 20:34 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-03 20:34 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-03 20:25 - 2014-11-04 16:17 - 00043572 _____ () C:\WINDOWS\setupapi.log
2014-11-03 20:25 - 2014-11-03 20:27 - 05591672 ____R (Swearware) C:\Documents and Settings\Dell Customer\Desktop\ComboFix.exe
2014-11-03 20:25 - 2014-11-03 20:25 - 00001661 _____ () C:\WINDOWS\KB942288-v3.log
2014-11-03 17:04 - 2014-11-03 17:15 - 00000000 ____D () C:\Program Files\NT Registry Optimizer
2014-11-03 17:04 - 2014-11-03 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\NT Registry Optimizer
2014-11-03 16:59 - 2014-11-03 17:15 - 00000695 _____ () C:\Documents and Settings\Dell Customer\Desktop\NTREGOPT.lnk
2014-11-03 16:59 - 2014-11-03 16:59 - 00000592 _____ () C:\Documents and Settings\Dell Customer\Desktop\ERUNT.lnk
2014-11-03 16:59 - 2014-11-03 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-11-03 16:58 - 2014-11-03 16:59 - 00000000 ____D () C:\Program Files\ERUNT
2014-11-02 22:41 - 2014-11-02 22:41 - 00020437 _____ () C:\Documents and Settings\Dell Customer\Desktop\dds.txt
2014-11-02 21:48 - 2014-11-02 21:48 - 00006377 _____ () C:\Documents and Settings\Dell Customer\My Documents\RKreport_SCN_11022014_214721.log
2014-11-02 21:00 - 2014-11-02 21:03 - 14670424 _____ () C:\Documents and Settings\Dell Customer\My Documents\RogueKiller.exe
2014-11-02 20:58 - 2014-11-02 22:46 - 00566325 _____ () C:\Documents and Settings\Dell Customer\My Documents\COMPUTER INFO FOR DIAGNOSING.txt
2014-11-02 20:30 - 2014-11-02 20:34 - 00341576 _____ () C:\Documents and Settings\Dell Customer\Desktop\Rkill.txt
2014-11-02 18:32 - 2014-11-03 03:56 - 00000260 _____ () C:\WINDOWS\WINNT32.LOG
2014-11-02 16:08 - 2014-11-02 16:08 - 00000000 ____D () C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2014-11-02 15:56 - 2014-11-02 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
2014-11-02 15:47 - 2014-11-02 19:26 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-11-02 15:38 - 2014-11-03 21:52 - 00000000 ____D () C:\QooBox
2014-11-02 01:06 - 2014-11-02 01:06 - 00000512 _____ () C:\Documents and Settings\Dell Customer\Desktop\MBR.dat
2014-11-02 00:49 - 2014-11-02 19:10 - 00000370 _____ () C:\WINDOWS\system32\PARTIZAN.TXT
2014-11-02 00:40 - 2014-11-02 00:40 - 00024416 _____ (Greatis Software) C:\WINDOWS\system32\Drivers\regguard.sys
2014-11-02 00:38 - 2014-11-02 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegRun
2014-11-02 00:37 - 2014-11-02 00:37 - 00040720 _____ (Greatis Software) C:\WINDOWS\system32\Partizan.exe
2014-11-02 00:34 - 2014-11-02 00:52 - 00015616 _____ () C:\WINDOWS\Partizan.log
2014-11-02 00:17 - 2014-11-02 00:51 - 00035816 _____ (Greatis Software) C:\WINDOWS\system32\Drivers\Partizan.sys
2014-11-02 00:17 - 2014-11-02 00:40 - 00000000 ____D () C:\Documents and Settings\Dell Customer\My Documents\RegRun2
2014-11-02 00:17 - 2014-11-02 00:27 - 00000000 ____D () C:\Program Files\UnHackMe
2014-11-02 00:17 - 2014-11-02 00:17 - 00000682 _____ () C:\Documents and Settings\Dell Customer\Desktop\UnHackMe.lnk
2014-11-02 00:17 - 2014-11-02 00:17 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2014-11-02 00:17 - 2014-11-02 00:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\UnHackMe
2014-11-02 00:17 - 2014-06-30 15:45 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\system32\Drivers\UnHackMeDrv.sys
2014-11-02 00:08 - 2014-11-02 00:08 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2014-11-01 23:54 - 2014-11-01 23:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-11-01 23:53 - 2014-11-01 23:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-11-01 23:37 - 2014-11-01 23:40 - 15790435 _____ () C:\Documents and Settings\Dell Customer\Desktop\unhackme.zip
2014-11-01 22:01 - 2014-11-01 22:01 - 00000576 _____ () C:\WINDOWS\system32\config\afw_hm.conf
2014-11-01 22:01 - 2014-11-01 22:01 - 00000004 _____ () C:\WINDOWS\system32\config\afw_db.conf
2014-11-01 21:41 - 2014-11-01 21:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-11-01 21:41 - 2014-11-01 21:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-11-01 16:42 - 2014-11-01 16:42 - 00000000 _____ () C:\Documents and Settings\Dell Customer\My Documents\MGER.log
2014-11-01 07:00 - 2014-11-01 07:00 - 00000810 _____ () C:\Documents and Settings\Dell Customer\Desktop\iolo Personal Firewall.lnk
2014-11-01 00:00 - 2014-11-01 00:00 - 00003614 _____ () C:\Documents and Settings\Dell Customer\My Documents\zone labs.reg
2014-10-31 20:40 - 2014-11-02 01:51 - 00001734 _____ () C:\Documents and Settings\Dell Customer\Desktop\HijackThis.lnk
2014-10-31 20:40 - 2014-10-31 20:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
2014-10-31 20:11 - 2014-11-01 16:43 - 00490097 _____ () C:\Documents and Settings\Dell Customer\My Documents\rootkit activity.txt
2014-10-31 04:31 - 2014-11-02 15:30 - 00001890 _____ () C:\Documents and Settings\Dell Customer\Desktop\FixExec.txt
2014-10-31 03:11 - 2014-10-31 03:16 - 00000140 _____ () C:\Documents and Settings\Dell Customer\Desktop.lnk
2014-10-31 02:37 - 2008-04-14 04:42 - 00188494 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD52.tmp
2014-10-31 02:37 - 2008-04-14 04:42 - 00109840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4F.tmp
2014-10-31 02:37 - 2008-04-14 04:41 - 00598071 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD58.tmp
2014-10-31 02:37 - 2008-04-14 04:41 - 00020541 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD55.tmp
2014-10-31 02:37 - 2007-04-02 21:06 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5B.tmp
2014-10-31 02:36 - 2008-04-14 04:42 - 00188480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2E.tmp
2014-10-31 02:36 - 2008-04-14 04:42 - 00016439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2B.tmp
2014-10-31 02:36 - 2008-04-14 04:42 - 00016439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD25.tmp
2014-10-31 02:36 - 2008-04-14 04:42 - 00015120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4C.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00876653 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD49.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00184435 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD31.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00147513 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD37.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00102509 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3D.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00082035 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD34.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00049212 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD46.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00049210 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3A.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00041020 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD40.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00032826 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD43.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD28.tmp
2014-10-31 02:36 - 2008-04-14 04:41 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD22.tmp
2014-10-30 21:09 - 2014-10-30 21:09 - 00000000 ____D () C:\Program Files\Trend Micro
2014-10-30 20:47 - 2014-10-30 21:25 - 00000000 ____D () C:\Program Files\Advanced Fix
2014-10-30 20:31 - 2014-10-30 20:31 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-10-30 16:41 - 2014-10-30 16:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-30 13:24 - 2014-10-30 13:24 - 00000000 ____D () C:\Program Files\ESET
2014-10-30 10:29 - 2014-11-01 22:39 - 00000131 _____ () C:\WINDOWS\system32\config\rules.rdb
2014-10-30 10:29 - 2014-10-30 10:49 - 12268544 _____ () C:\WINDOWS\system32\config\fsdb.sdb
2014-10-30 10:28 - 2011-03-21 15:27 - 00708760 _____ (Agnitum Ltd.) C:\WINDOWS\system32\Drivers\SandBox.sys
2014-10-30 10:28 - 2011-02-02 16:04 - 00242040 _____ (VirusBuster Kft.) C:\WINDOWS\system32\Drivers\VBEngNT.sys
2014-10-30 10:24 - 2010-09-27 14:40 - 00267624 _____ (Agnitum Ltd.) C:\WINDOWS\system32\Drivers\afwcore.sys
2014-10-30 10:22 - 2014-10-30 10:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
2014-10-30 10:21 - 2010-04-20 15:05 - 00034280 _____ (Agnitum Ltd.) C:\WINDOWS\system32\Drivers\afw.sys
2014-10-30 10:20 - 2014-10-30 10:28 - 00000000 ____D () C:\WINDOWS\system32\Filt
2014-10-30 10:20 - 2014-10-30 10:20 - 00000000 ____D () C:\Program Files\Agnitum
2014-10-30 10:20 - 2014-10-30 10:20 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Application Data\Agnitum
2014-10-30 10:19 - 2014-10-30 10:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Agnitum
2014-10-30 09:17 - 2001-08-17 22:36 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2014-10-30 09:17 - 2001-08-17 12:49 - 00051552 ____C (Kensington Technology Group) C:\WINDOWS\system32\dllcache\ntgrip.sys
2014-10-30 09:16 - 2008-04-14 00:24 - 00028672 ____C (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys
2014-10-30 09:16 - 2008-04-13 22:05 - 00132695 ____C (802.11b) C:\WINDOWS\system32\dllcache\netwlan5.sys
2014-10-30 09:16 - 2001-08-17 22:36 - 00060480 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\neo20xx.dll
2014-10-30 09:16 - 2001-08-17 14:56 - 00091488 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i3disp.dll
2014-10-30 09:16 - 2001-08-17 13:53 - 00007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nsmmc.sys
2014-10-30 09:16 - 2001-08-17 13:49 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ne2000.sys
2014-10-30 09:16 - 2001-08-17 13:47 - 00009344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntapm.sys
2014-10-30 09:16 - 2001-08-17 12:50 - 00039264 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\neo20xx.sys
2014-10-30 09:16 - 2001-08-17 12:50 - 00033088 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128v2.sys
2014-10-30 09:16 - 2001-08-17 12:50 - 00027936 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i3d.sys
2014-10-30 09:16 - 2001-08-17 12:20 - 00126080 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2014-10-30 09:16 - 2001-08-17 12:20 - 00087040 ____C (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\nm6wdm.sys
2014-10-30 09:16 - 2001-08-17 12:12 - 00032840 ____C (NETGEAR Corporation.) C:\WINDOWS\system32\dllcache\ngrpci.sys
2014-10-30 09:16 - 2001-08-17 12:11 - 00065278 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\netflx3.sys
2014-10-30 09:15 - 2001-08-17 22:36 - 00059104 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128v2.dll
2014-10-30 09:15 - 2001-08-17 22:36 - 00019968 ____C (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\mxicfg.dll
2014-10-30 09:15 - 2001-08-17 22:36 - 00007168 ____C (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\mxport.dll
2014-10-30 09:15 - 2001-08-17 14:56 - 00035392 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128.dll
2014-10-30 09:15 - 2001-08-17 13:50 - 00075520 ____C (Moxa Technologies Co., Ltd.) C:\WINDOWS\system32\dllcache\mxport.sys
2014-10-30 09:15 - 2001-08-17 13:50 - 00021888 ____C (Moxa Technologies Co., Ltd.) C:\WINDOWS\system32\dllcache\mxcard.sys
2014-10-30 09:15 - 2001-08-17 13:49 - 00019968 ____C (Macronix International Co., Ltd. ) C:\WINDOWS\system32\dllcache\mxnic.sys
2014-10-30 09:15 - 2001-08-17 12:50 - 00013664 ____C (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128.sys
2014-10-30 09:15 - 2001-08-17 12:11 - 00128000 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\n100325.sys
2014-10-30 09:15 - 2001-08-17 12:11 - 00052255 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\n1000nt5.sys
2014-10-30 09:14 - 2008-04-14 00:16 - 00049024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys
2014-10-30 09:14 - 2001-08-17 13:48 - 00012416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msriffwv.sys
2014-10-30 09:14 - 2001-08-17 12:50 - 00103296 ____C (Matrox Graphics Inc) C:\WINDOWS\system32\dllcache\mtxvideo.sys
2014-10-30 09:13 - 2008-04-14 00:24 - 00022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys
2014-10-30 09:13 - 2004-08-12 08:00 - 00126976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshearts.exe
2014-10-30 09:13 - 2001-08-17 14:02 - 00035200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msgame.sys
2014-10-30 09:13 - 2001-08-17 14:00 - 00002944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msmpu401.sys
2014-10-30 09:12 - 2008-04-14 05:42 - 00056832 ____C () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2014-10-30 09:12 - 2008-04-14 00:16 - 00051200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2014-10-30 09:12 - 2008-04-14 00:16 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2014-10-30 09:12 - 2004-08-12 07:59 - 00092416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.sys
2014-10-30 09:12 - 2004-08-12 07:59 - 00092032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.dll
2014-10-30 09:12 - 2004-08-12 07:59 - 00034304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\migisol.exe
2014-10-30 09:12 - 2001-08-17 14:56 - 00235648 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\mgaud.dll
2014-10-30 09:12 - 2001-08-17 13:52 - 00006528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\miniqic.sys
2014-10-30 09:12 - 2001-08-17 13:48 - 00006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfsio.sys
2014-10-30 09:12 - 2001-08-17 12:50 - 00320384 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\mgaum.sys
2014-10-30 09:11 - 2008-04-14 00:11 - 00026112 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys
2014-10-30 09:11 - 2008-04-14 00:10 - 00007040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys
2014-10-30 09:11 - 2008-04-13 23:53 - 00606684 ____C (LT) C:\WINDOWS\system32\dllcache\ltmdmnt.sys
2014-10-30 09:11 - 2008-04-13 23:53 - 00420992 ____C (LT) C:\WINDOWS\system32\dllcache\ltmdmntt.sys
2014-10-30 09:11 - 2008-04-13 22:09 - 00020864 ____C (Logitech Inc.) C:\WINDOWS\system32\dllcache\lwadihid.sys
2014-10-30 09:11 - 2001-08-17 22:36 - 00065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2014-10-30 09:11 - 2001-08-17 22:36 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\m3092dc.dll
2014-10-30 09:11 - 2001-08-17 22:36 - 00058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\m3091dc.dll
2014-10-30 09:11 - 2001-08-17 22:36 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\memgrp.dll
2014-10-30 09:11 - 2001-08-17 13:58 - 00008320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\memcard.sys
2014-10-30 09:11 - 2001-08-17 13:52 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mammoth.sys
2014-10-30 09:11 - 2001-08-17 13:28 - 00802683 ____C (Lucent Technologies) C:\WINDOWS\system32\dllcache\ltsm.sys
2014-10-30 09:11 - 2001-08-17 13:28 - 00797500 ____C (LT) C:\WINDOWS\system32\dllcache\ltsmt.sys
2014-10-30 09:11 - 2001-08-17 13:28 - 00576746 ____C (LT) C:\WINDOWS\system32\dllcache\ltmdmntl.sys
2014-10-30 09:11 - 2001-08-17 12:49 - 00022848 ____C (Logitech Inc.) C:\WINDOWS\system32\dllcache\lwusbhid.sys
2014-10-30 09:11 - 2001-08-17 12:19 - 00048768 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\maestro.sys
2014-10-30 09:11 - 2001-08-17 12:12 - 00164586 ____C (Madge Networks Ltd) C:\WINDOWS\system32\dllcache\mdgndis5.sys
2014-10-30 09:10 - 2008-04-14 00:10 - 00034688 ____C (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2014-10-30 09:10 - 2004-08-12 07:58 - 00047066 ____C () C:\WINDOWS\system32\dllcache\ksc.nls
2014-10-30 09:10 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kousd.dll
2014-10-30 09:10 - 2001-08-17 13:53 - 00004992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\loop.sys
2014-10-30 09:10 - 2001-08-17 13:51 - 00015744 ____C (Litronic Industries) C:\WINDOWS\system32\dllcache\lit220p.sys
2014-10-30 09:10 - 2001-08-17 13:28 - 00727786 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ltck000c.sys
2014-10-30 09:10 - 2001-08-17 12:12 - 00070730 ____C (Linksys Group, Inc.) C:\WINDOWS\system32\dllcache\lne100tx.sys
2014-10-30 09:10 - 2001-08-17 12:12 - 00026442 ____C (SMSC) C:\WINDOWS\system32\dllcache\lanepic5.sys
2014-10-30 09:10 - 2001-08-17 12:12 - 00020573 ____C (The Linksts Group ) C:\WINDOWS\system32\dllcache\lne100.sys
2014-10-30 09:10 - 2001-08-17 12:12 - 00019016 ____C (Kingston Technology Company ) C:\WINDOWS\system32\dllcache\ktc111.sys
2014-10-30 09:10 - 2001-08-17 12:11 - 00025065 ____C (D-Link) C:\WINDOWS\system32\dllcache\lmndis3.sys
2014-10-30 09:09 - 2008-04-14 05:41 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll
2014-10-30 09:09 - 2008-04-14 05:41 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll
2014-10-30 09:09 - 2008-04-14 05:39 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106.dll
2014-10-30 09:09 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2014-10-30 09:09 - 2004-08-12 07:58 - 00009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecat.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecnt.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnec95.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth3.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth2.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinpun.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdvntc.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdusa.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdurdu.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth1.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth0.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsyr2.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsyr1.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdintel.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdintam.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinmar.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinkan.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinhin.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinguj.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdindev.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdheb.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdfa.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbddiv2.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbddiv1.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda3.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda2.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda1.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdgeo.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdarmw.dll
2014-10-30 09:09 - 2004-08-12 07:58 - 00005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdarme.dll
2014-10-30 09:09 - 2001-08-17 22:36 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdjpn.dll
2014-10-30 09:09 - 2001-08-17 22:36 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkor.dll
2014-10-30 09:09 - 2001-08-17 14:55 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd103.dll
2014-10-30 09:08 - 2008-04-14 05:42 - 00151552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe
2014-10-30 09:08 - 2008-04-14 05:41 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll
2014-10-30 09:08 - 2008-04-14 00:24 - 00088192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys
2014-10-30 09:08 - 2004-08-12 07:58 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jupiw.dll
2014-10-30 09:08 - 2004-08-12 07:58 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101a.dll
2014-10-30 09:08 - 2001-08-17 22:36 - 00090200 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\io8ports.dll
2014-10-30 09:08 - 2001-08-17 14:55 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101c.dll
2014-10-30 09:08 - 2001-08-17 14:55 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101b.dll
2014-10-30 09:08 - 2001-08-17 13:51 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irsir.sys
2014-10-30 09:08 - 2001-08-17 13:50 - 00038784 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\io8.sys
2014-10-30 09:08 - 2001-08-17 13:49 - 00026624 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\dllcache\irstusb.sys
2014-10-30 09:08 - 2001-08-17 13:49 - 00023552 ____C (MKNet Corporation) C:\WINDOWS\system32\dllcache\irmk7.sys
2014-10-30 09:08 - 2001-08-17 13:47 - 00013056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inport.sys
2014-10-30 09:08 - 2001-08-17 12:12 - 00045632 ____C (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) C:\WINDOWS\system32\dllcache\ip5515.sys
2014-10-30 09:07 - 2004-08-12 07:58 - 00311359 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsv.exe
2014-10-30 09:07 - 2004-08-12 07:58 - 00134339 ____C () C:\WINDOWS\system32\dllcache\imekr.lex
2014-10-30 09:07 - 2004-08-12 07:58 - 00102463 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsm.dll
2014-10-30 09:07 - 2004-08-12 07:58 - 00059904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imkrinst.exe
2014-10-30 09:07 - 2004-08-12 07:58 - 00057398 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdadm.exe
2014-10-30 09:07 - 2004-08-12 07:58 - 00044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrmig.exe
2014-10-30 09:06 - 2008-04-14 05:41 - 00702845 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2014-10-30 09:06 - 2008-04-13 22:04 - 00161020 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xnt5.sys
2014-10-30 09:06 - 2001-08-17 22:36 - 00372824 ____C (Xircom) C:\WINDOWS\system32\dllcache\iconf32.dll
2014-10-30 09:06 - 2001-08-17 22:36 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4com.dll
2014-10-30 09:06 - 2001-08-17 22:36 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4ext.dll
2014-10-30 09:06 - 2001-08-17 22:36 - 00045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5com.dll
2014-10-30 09:06 - 2001-08-17 22:36 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam3ext.dll
2014-10-30 09:06 - 2001-08-17 22:36 - 00020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5ext.dll
2014-10-30 09:06 - 2001-08-17 22:34 - 00009216 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmsgnet.dll
2014-10-30 09:06 - 2001-08-17 14:06 - 00154496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4usb.sys
2014-10-30 09:06 - 2001-08-17 14:06 - 00100992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5usb.sys
2014-10-30 09:06 - 2001-08-17 14:06 - 00038528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ibmvcap.sys
2014-10-30 09:06 - 2001-08-17 14:05 - 00141056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam3.sys
2014-10-30 09:06 - 2001-08-17 12:49 - 00058592 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\i740nt5.sys
2014-10-30 09:06 - 2001-08-17 12:12 - 00109085 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmtrp.sys
2014-10-30 09:06 - 2001-08-17 12:12 - 00100936 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmtok.sys
2014-10-30 09:06 - 2001-08-17 12:11 - 00028700 ____C (IBM Corp.) C:\WINDOWS\system32\dllcache\ibmexmp.sys
2014-10-30 09:05 - 2004-08-12 07:58 - 10129408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxkor.dll
2014-10-30 09:05 - 2004-08-12 07:58 - 10096640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxcht.dll
2014-10-30 09:05 - 2004-08-12 07:57 - 00013312 ____C (Hilgraeve, Inc.) C:\WINDOWS\system32\dllcache\htrn_jis.dll
2014-10-30 09:05 - 2001-08-17 22:36 - 00009759 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_inst.dll
2014-10-30 09:05 - 2001-08-17 14:56 - 00353184 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\i740dnt5.dll
2014-10-30 09:05 - 2001-08-17 13:28 - 00542879 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_msft.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00488383 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_v124.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00391199 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_k56k.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00289887 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_fall.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00199711 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_faxx.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00115807 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_fsks.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00073279 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_spkp.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00067167 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00057471 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_samp.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00050751 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_tone.sys
2014-10-30 09:05 - 2001-08-17 13:28 - 00044863 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_soar.sys
2014-10-30 09:04 - 2004-08-12 07:57 - 01175635 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hrtzres.dll
2014-10-30 09:04 - 2004-08-12 07:57 - 00057409 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hrtz.dll
2014-10-30 09:04 - 2004-08-12 07:57 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hrtzzm.exe
2014-10-30 09:04 - 2001-08-17 22:36 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpojwia.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00165888 ____C () C:\WINDOWS\system32\dllcache\hpgt53.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00126976 ____C (Hewlett Packard) C:\WINDOWS\system32\dllcache\hpgt34tk.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt21tk.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00119296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpdigwia.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00101376 ____C () C:\WINDOWS\system32\dllcache\hpgt34.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00093696 ____C () C:\WINDOWS\system32\dllcache\hpgt42.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00089088 ____C () C:\WINDOWS\system32\dllcache\hpgt33.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00083968 ____C () C:\WINDOWS\system32\dllcache\hpgt21.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00068608 ____C (Avisioin) C:\WINDOWS\system32\dllcache\hpgt53tk.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt33tk.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgtmcro.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt42tk.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hr1w.dll
2014-10-30 09:04 - 2001-08-17 22:36 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpsjmcro.dll
2014-10-30 09:04 - 2001-08-17 14:02 - 00008576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidgame.sys
2014-10-30 09:04 - 2001-08-17 14:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2014-10-30 09:04 - 2001-08-17 13:52 - 00005760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpt4qic.sys
2014-10-30 09:04 - 2001-08-17 13:28 - 00150239 ____C (Conexant) C:\WINDOWS\system32\dllcache\hsf_amos.sys
2014-10-30 09:03 - 2008-04-14 00:15 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2014-10-30 09:03 - 2008-04-14 00:15 - 00010624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys
2014-10-30 09:03 - 2008-04-14 00:10 - 00028288 ____C (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys
2014-10-30 09:03 - 2008-04-14 00:06 - 00020352 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys
2014-10-30 09:03 - 2004-08-12 07:58 - 00108827 ____C () C:\WINDOWS\system32\dllcache\hanja.lex
2014-10-30 09:03 - 2004-08-12 07:58 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hanjadic.dll
2014-10-30 09:03 - 2004-08-12 07:57 - 00605696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\getuname.dll
2014-10-30 09:03 - 2004-08-12 07:57 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclntr.dll
2014-10-30 09:03 - 2004-08-12 07:57 - 00111104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscfgwz.dll
2014-10-30 09:03 - 2004-08-12 07:57 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\freecell.exe
2014-10-30 09:03 - 2004-08-12 07:57 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsroute.dll
2014-10-30 09:03 - 2004-08-12 07:57 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssend.exe
2014-10-30 09:03 - 2004-08-12 07:57 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftlx041e.dll
2014-10-30 09:03 - 2001-08-17 22:36 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fuusd.dll
2014-10-30 09:03 - 2001-08-17 14:56 - 01733120 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g400d.dll
2014-10-30 09:03 - 2001-08-17 14:56 - 00470144 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g200d.dll
2014-10-30 09:03 - 2001-08-17 13:51 - 00082304 ____C (Gemplus) C:\WINDOWS\system32\dllcache\grclass.sys
2014-10-30 09:03 - 2001-08-17 13:51 - 00017408 ____C (Gemplus) C:\WINDOWS\system32\dllcache\gpr400.sys
2014-10-30 09:03 - 2001-08-17 13:28 - 00907456 ____C (Conexant) C:\WINDOWS\system32\dllcache\hcf_msft.sys
2014-10-30 09:03 - 2001-08-17 12:49 - 00322432 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g400m.sys
2014-10-30 09:03 - 2001-08-17 12:49 - 00320384 ____C (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g200m.sys
2014-10-30 09:03 - 2001-08-17 12:15 - 00455680 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fus2base.sys
2014-10-30 09:03 - 2001-08-17 12:15 - 00455296 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fusbbase.sys
2014-10-30 09:03 - 2001-08-17 12:15 - 00454912 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fxusbase.sys
2014-10-30 09:03 - 2001-08-17 12:15 - 00442240 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fpnpbase.sys
2014-10-30 09:03 - 2001-08-17 12:14 - 00444416 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fpcibase.sys
2014-10-30 09:03 - 2001-08-17 12:14 - 00441728 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\fpcmbase.sys
2014-10-30 09:02 - 2008-04-13 22:06 - 00137088 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\essm2e.sys
2014-10-30 09:02 - 2008-04-13 22:05 - 00034173 ____C (Marconi Communications, Inc.) C:\WINDOWS\system32\dllcache\forehe.sys
2014-10-30 09:02 - 2004-08-12 07:57 - 00057856 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuimgd.dll
2014-10-30 09:02 - 2004-08-12 07:57 - 00045056 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esunid.dll
2014-10-30 09:02 - 2004-08-12 07:57 - 00031744 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esucmd.dll
2014-10-30 09:02 - 2004-08-12 07:57 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\et4000.sys
2014-10-30 09:02 - 2004-08-12 07:57 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\flattemp.exe
2014-10-30 09:02 - 2001-08-17 22:36 - 00071680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fnfilter.dll
2014-10-30 09:02 - 2001-08-17 22:36 - 00045568 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esunib.dll
2014-10-30 09:02 - 2001-08-17 22:36 - 00045568 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuni.dll
2014-10-30 09:02 - 2001-08-17 22:36 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
2014-10-30 09:02 - 2001-08-17 22:36 - 00043008 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esucm.dll
2014-10-30 09:02 - 2001-08-17 22:36 - 00034816 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuimg.dll
2014-10-30 09:02 - 2001-08-17 13:52 - 00007040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\exabyte2.sys
2014-10-30 09:02 - 2001-08-17 13:28 - 00595647 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56cvmp.sys
2014-10-30 09:02 - 2001-08-17 13:28 - 00594238 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56hpi.sys
2014-10-30 09:02 - 2001-08-17 13:28 - 00347550 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56tpi.sys
2014-10-30 09:02 - 2001-08-17 12:19 - 00174464 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es198x.sys
2014-10-30 09:02 - 2001-08-17 12:19 - 00063360 ____C (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\ess.sys
2014-10-30 09:02 - 2001-08-17 12:13 - 00027165 ____C (VIA Technologies, Inc. ) C:\WINDOWS\system32\dllcache\fetnd5.sys
2014-10-30 09:02 - 2001-08-17 12:12 - 00024618 ____C (NETGEAR) C:\WINDOWS\system32\dllcache\fa410nd5.sys
2014-10-30 09:02 - 2001-08-17 12:12 - 00016998 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ex10.sys
2014-10-30 09:02 - 2001-08-17 12:12 - 00016074 ____C (NETGEAR Corp.) C:\WINDOWS\system32\dllcache\fa312nd5.sys
2014-10-30 09:02 - 2001-08-17 12:11 - 00012362 ____C (FUJITSU LIMITED) C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2014-10-30 09:02 - 2001-08-17 12:11 - 00011850 ____C (FUJITSU LIMITED) C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2014-10-30 09:02 - 2001-08-17 12:10 - 00022090 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\fem556n5.sys
2014-10-30 09:01 - 2001-08-17 22:36 - 00061952 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnloop.exe
2014-10-30 09:01 - 2001-08-17 22:36 - 00053248 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqndiag.exe
2014-10-30 09:01 - 2001-08-17 22:36 - 00051200 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnlogr.exe
2014-10-30 09:01 - 2001-08-17 13:53 - 00007296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\elmsmc.sys
2014-10-30 09:01 - 2001-08-17 13:50 - 00144896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\epcfw2k.sys
2014-10-30 09:01 - 2001-08-17 13:50 - 00114944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\epstw2k.sys
2014-10-30 09:01 - 2001-08-17 13:46 - 00006400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\enum1394.sys
2014-10-30 09:01 - 2001-08-17 13:28 - 00634134 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656ct5.sys
2014-10-30 09:01 - 2001-08-17 13:28 - 00241206 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656se5.sys
2014-10-30 09:01 - 2001-08-17 12:19 - 00283904 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\emu10k1m.sys
2014-10-30 09:01 - 2001-08-17 12:19 - 00072192 ____C (ESS Technology Inc.) C:\WINDOWS\system32\dllcache\es1969.sys
2014-10-30 09:01 - 2001-08-17 12:19 - 00040704 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1371mp.sys
2014-10-30 09:01 - 2001-08-17 12:19 - 00037120 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1370mp.sys
2014-10-30 09:01 - 2001-08-17 12:17 - 00629952 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqn.sys
2014-10-30 09:01 - 2001-08-17 12:12 - 00018503 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\epro4.sys
2014-10-30 09:01 - 2001-08-17 12:11 - 00455199 ____C (3Com Corporation.) C:\WINDOWS\system32\dllcache\el985n51.sys
2014-10-30 09:01 - 2001-08-17 12:11 - 00171520 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el99xn51.sys
2014-10-30 09:01 - 2001-08-17 12:11 - 00153631 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el90xnd5.sys
2014-10-30 09:01 - 2001-08-17 12:11 - 00077386 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656nd5.sys
2014-10-30 09:01 - 2001-08-17 12:11 - 00070174 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el98xn5.sys
2014-10-30 09:01 - 2001-08-17 12:11 - 00069194 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el656cd5.sys
2014-10-30 09:01 - 2001-08-17 12:11 - 00066591 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el90xbc5.sys
2014-10-30 09:01 - 2001-08-17 12:10 - 00069692 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el575nd5.sys
2014-10-30 09:01 - 2001-08-17 12:10 - 00055999 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el556nd5.sys
2014-10-30 09:01 - 2001-08-17 12:10 - 00044103 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el515.sys
2014-10-30 09:01 - 2001-08-17 12:10 - 00026141 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el589nd5.sys
2014-10-30 09:01 - 2001-08-17 12:10 - 00025159 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\elnk3.sys
2014-10-30 09:01 - 2001-08-17 12:10 - 00024653 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\el574nd4.sys
2014-10-30 09:01 - 2001-08-17 12:10 - 00019996 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\em556n4.sys
2014-10-30 09:00 - 2008-04-14 05:42 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2014-10-30 09:00 - 2008-04-14 00:10 - 00008320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys
2014-10-30 09:00 - 2008-04-14 00:09 - 00206976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4.sys
2014-10-30 09:00 - 2001-08-17 22:36 - 00614429 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiview.exe
2014-10-30 09:00 - 2001-08-17 22:36 - 00236060 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\ditrace.exe
2014-10-30 09:00 - 2001-08-17 22:36 - 00110621 ____C (Digi International, Inc.) C:\WINDOWS\system32\dllcache\digirlpt.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00102484 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiinf.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00041046 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiisdn.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00038985 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvsu.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00037962 ____C () C:\WINDOWS\system32\dllcache\divaprop.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00031305 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvpp.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00029768 ____C () C:\WINDOWS\system32\dllcache\divasu.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00006729 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvci.dll
2014-10-30 09:00 - 2001-08-17 22:36 - 00006216 ____C () C:\WINDOWS\system32\dllcache\divaci.dll
2014-10-30 09:00 - 2001-08-17 13:47 - 00023808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4usb.sys
2014-10-30 09:00 - 2001-08-17 13:47 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4prt.sys
2014-10-30 09:00 - 2001-08-17 13:47 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4scan.sys
2014-10-30 09:00 - 2001-08-17 12:20 - 00334208 ____C (Yamaha Corp.) C:\WINDOWS\system32\dllcache\ds1wdm.sys
2014-10-30 09:00 - 2001-08-17 12:17 - 00042432 ____C (Digi International, Inc.) C:\WINDOWS\system32\dllcache\digirlpt.sys
2014-10-30 09:00 - 2001-08-17 12:14 - 00952007 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\diwan.sys
2014-10-30 09:00 - 2001-08-17 12:14 - 00021606 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiisdn.sys
2014-10-30 09:00 - 2001-08-17 12:13 - 00091305 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\dimaint.sys
2014-10-30 09:00 - 2001-08-17 12:12 - 00050719 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\e1000nt5.sys
2014-10-30 09:00 - 2001-08-17 12:12 - 00028062 ____C (National Semiconductor Coproration) C:\WINDOWS\system32\dllcache\dp83820.sys
2014-10-30 09:00 - 2001-08-17 12:12 - 00019594 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\e100isa4.sys
2014-10-30 09:00 - 2001-08-17 12:11 - 00029696 ____C (CNet Technology, Inc. ) C:\WINDOWS\system32\dllcache\dm9pci5.sys
2014-10-30 09:00 - 2001-08-17 12:11 - 00026698 ____C (D-Link Corporation) C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
2014-10-30 08:59 - 2008-04-14 05:41 - 00249856 ____C (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll
2014-10-30 08:59 - 2008-04-13 22:06 - 00048640 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwrwdm.sys
2014-10-30 08:59 - 2001-08-17 22:36 - 00419357 ____C (Digi International) C:\WINDOWS\system32\dllcache\dgconfig.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00256512 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\devcon32.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00229462 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digifwrk.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00159828 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digihlc.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00131156 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digidbp.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc260usd.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc240usd.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00080896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc210usd.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00065622 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiasyn.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyycoins.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzports.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyyports.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzcoins.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc210_32.dll
2014-10-30 08:59 - 2001-08-17 22:36 - 00024064 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\devldr32.exe
2014-10-30 08:59 - 2001-08-17 22:36 - 00004096 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctwdm32.dll
2014-10-30 08:59 - 2001-08-17 13:52 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddsmc.sys
2014-10-30 08:59 - 2001-08-17 13:50 - 00050176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyyport.sys
2014-10-30 08:59 - 2001-08-17 13:50 - 00049792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzport.sys
2014-10-30 08:59 - 2001-08-17 13:50 - 00017152 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyclad-z.sys
2014-10-30 08:59 - 2001-08-17 13:50 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyclom-y.sys
2014-10-30 08:59 - 2001-08-17 12:19 - 00111872 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcspud.sys
2014-10-30 08:59 - 2001-08-17 12:19 - 00096256 ____C (Copyright © Creative Technology Ltd. 1994-2001) C:\WINDOWS\system32\dllcache\ctlsb16.sys
2014-10-30 08:59 - 2001-08-17 12:19 - 00093952 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcwdm.sys
2014-10-30 08:59 - 2001-08-17 12:19 - 00072832 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbwdm.sys
2014-10-30 08:59 - 2001-08-17 12:19 - 00003584 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcosnt5.sys
2014-10-30 08:59 - 2001-08-17 12:19 - 00003072 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbmidi.sys
2014-10-30 08:59 - 2001-08-17 12:19 - 00003072 ____C (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbase.sys
2014-10-30 08:59 - 2001-08-17 12:17 - 00090525 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digifep5.sys
2014-10-30 08:59 - 2001-08-17 12:17 - 00029531 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\dgapci.sys
2014-10-30 08:59 - 2001-08-17 12:13 - 00103044 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digidxb.sys
2014-10-30 08:59 - 2001-08-17 12:13 - 00037735 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiasyn.sys
2014-10-30 08:59 - 2001-08-17 12:12 - 00117760 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\d100ib5.sys
2014-10-30 08:59 - 2001-08-17 12:12 - 00063208 ____C (Intel Corporation.) C:\WINDOWS\system32\dllcache\dc21x4.sys
2014-10-30 08:59 - 2001-08-17 12:11 - 00024649 ____C (D-Link) C:\WINDOWS\system32\dllcache\dfe650d.sys
2014-10-30 08:59 - 2001-08-17 12:11 - 00024648 ____C (D-Link) C:\WINDOWS\system32\dllcache\dfe650.sys
2014-10-30 08:59 - 2001-08-17 12:11 - 00020928 ____C (Digital Networks, LLC) C:\WINDOWS\system32\dllcache\defpa.sys
2014-10-30 08:58 - 2008-04-14 00:11 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys
2014-10-30 08:58 - 2008-04-14 00:06 - 00013952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys
2014-10-30 08:58 - 2008-04-14 00:06 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys
2014-10-30 08:58 - 2004-08-12 07:58 - 01677824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chsbrkr.dll
2014-10-30 08:58 - 2004-08-12 07:58 - 00838144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtbrkr.dll
2014-10-30 08:58 - 2004-08-12 07:56 - 01039955 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmnresm.dll
2014-10-30 08:58 - 2004-08-12 07:56 - 00780885 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chkrres.dll
2014-10-30 08:58 - 2004-08-12 07:56 - 00217160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmnclim.dll
2014-10-30 08:58 - 2004-08-12 07:56 - 00080384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\charmap.exe
2014-10-30 08:58 - 2004-08-12 07:56 - 00042575 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chkrzm.exe
2014-10-30 08:58 - 2004-08-12 07:56 - 00040515 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chkr.dll
2014-10-30 08:58 - 2004-08-12 07:56 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cprofile.exe
2014-10-30 08:58 - 2004-08-12 07:56 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgport.exe
2014-10-30 08:58 - 2004-08-12 07:56 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgusr.exe
2014-10-30 08:58 - 2004-08-12 07:56 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chglogon.exe
2014-10-30 08:58 - 2004-08-12 07:56 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\change.exe
2014-10-30 08:58 - 2001-08-17 22:36 - 00216064 ____C (COMPAQ Inc.) C:\WINDOWS\system32\dllcache\cpscan.dll
2014-10-30 08:58 - 2001-08-17 22:36 - 00175104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\csamsp.dll
2014-10-30 08:58 - 2001-08-17 22:36 - 00044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cnusd.dll
2014-10-30 08:58 - 2001-08-17 22:36 - 00032256 ____C (Eicon Technology Corporation) C:\WINDOWS\system32\dllcache\diapi2NT.dll
2014-10-30 08:58 - 2001-08-17 14:56 - 00170880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl546x.dll
2014-10-30 08:58 - 2001-08-17 14:56 - 00111232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl5465.dll
2014-10-30 08:58 - 2001-08-17 14:56 - 00091264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cirrus.dll
2014-10-30 08:58 - 2001-08-17 14:02 - 00272640 ____C (RAVISENT Technologies Inc.) C:\WINDOWS\system32\dllcache\cinemclc.sys
2014-10-30 08:58 - 2001-08-17 13:57 - 00248064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl546xm.sys
2014-10-30 08:58 - 2001-08-17 13:57 - 00045696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cirrus.sys
2014-10-30 08:58 - 2001-08-17 13:51 - 00020736 ____C (OMNIKEY AG) C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
2014-10-30 08:58 - 2001-08-17 13:28 - 00714698 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2014-10-30 08:58 - 2001-08-17 12:19 - 00042112 ____C (Conexant Systems Inc.) C:\WINDOWS\system32\dllcache\crtaud.sys
2014-10-30 08:58 - 2001-08-17 12:19 - 00006912 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctlfacem.sys
2014-10-30 08:58 - 2001-08-17 12:19 - 00003712 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctljystk.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00980034 ____C (Xircom) C:\WINDOWS\system32\dllcache\cicap.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00049182 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem56n5.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00046108 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cben5.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00027164 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ce3n5.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00022044 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem33n5.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00022044 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem28n5.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00021533 ____C (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\cpqndis5.sys
2014-10-30 08:58 - 2001-08-17 12:13 - 00021530 ____C (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ce2n5.sys
2014-10-30 08:58 - 2001-08-17 12:12 - 00039680 ____C (Silicom Ltd.) C:\WINDOWS\system32\dllcache\cb325.sys
2014-10-30 08:58 - 2001-08-17 12:12 - 00037916 ____C (Fast Ethernet Controller Provider) C:\WINDOWS\system32\dllcache\cb102.sys
2014-10-30 08:58 - 2001-08-17 12:11 - 00060970 ____C (Compaq Computer Corp.) C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
2014-10-30 08:58 - 2001-08-17 12:11 - 00039936 ____C (Conexant Systems, Inc.) C:\WINDOWS\system32\dllcache\cnxt1803.sys
2014-10-30 08:57 - 2008-04-14 05:42 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2014-10-30 08:57 - 2008-04-14 05:41 - 00121856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll
2014-10-30 08:57 - 2008-04-14 00:16 - 00011776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2014-10-30 08:57 - 2004-08-12 07:56 - 00195618 ____C () C:\WINDOWS\system32\dllcache\c_10002.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00189986 ____C () C:\WINDOWS\system32\dllcache\c_1361.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00187938 ____C () C:\WINDOWS\system32\dllcache\c_20005.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00186402 ____C () C:\WINDOWS\system32\dllcache\c_20001.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00185378 ____C () C:\WINDOWS\system32\dllcache\c_20003.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00180770 ____C () C:\WINDOWS\system32\dllcache\c_20932.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00180258 ____C () C:\WINDOWS\system32\dllcache\c_20004.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00180258 ____C () C:\WINDOWS\system32\dllcache\c_20000.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00177698 ____C () C:\WINDOWS\system32\dllcache\c_20949.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00177698 ____C () C:\WINDOWS\system32\dllcache\c_10003.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00173602 ____C () C:\WINDOWS\system32\dllcache\c_20936.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00173602 ____C () C:\WINDOWS\system32\dllcache\c_20002.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00173602 ____C () C:\WINDOWS\system32\dllcache\c_10008.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00162850 ____C () C:\WINDOWS\system32\dllcache\c_10001.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_864.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_862.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_858.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_720.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_870.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_708.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_28596.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_21027.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_21025.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20924.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20880.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20871.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20838.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20833.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20424.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20423.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20420.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20297.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20290.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20285.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20284.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20280.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20278.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20277.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20273.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20269.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20108.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20107.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20106.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20105.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1149.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1148.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1147.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1146.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1145.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1144.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1143.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1142.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1141.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1140.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_1047.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10021.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10005.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10004.nls
2014-10-30 08:57 - 2004-08-12 07:56 - 00010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_iscii.dll
2014-10-30 08:57 - 2004-08-12 07:56 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_is2022.dll
2014-10-30 08:57 - 2004-08-12 07:55 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\calc.exe
2014-10-30 08:57 - 2004-08-12 07:55 - 00082172 ____C () C:\WINDOWS\system32\dllcache\bopomofo.nls
2014-10-30 08:57 - 2004-08-12 07:55 - 00066728 ____C () C:\WINDOWS\system32\dllcache\big5.nls
2014-10-30 08:57 - 2004-08-12 07:55 - 00054528 ____C (Philips Semiconductors GmbH) C:\WINDOWS\system32\dllcache\cap7146.sys
2014-10-30 08:57 - 2001-08-17 22:37 - 00244224 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext20.ax
2014-10-30 08:57 - 2001-08-17 22:37 - 00116736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.ax
2014-10-30 08:57 - 2001-08-17 22:37 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camexo20.ax
2014-10-30 08:57 - 2001-08-17 22:36 - 00236032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext20.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\binlsvc.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\brmfcwia.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00074240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camexo20.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00041472 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfusb.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00032256 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfrsmg.exe
2014-10-30 08:57 - 2001-08-17 22:36 - 00029696 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmflpt.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00019456 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brbidiif.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00015360 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfbidi.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00012800 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brevif.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00009728 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brserif.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00009728 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brcoinst.dll
2014-10-30 08:57 - 2001-08-17 22:36 - 00005120 ____C (Brother Industries,Ltd.) C:\WINDOWS\system32\dllcache\brscnrsm.dll
2014-10-30 08:57 - 2001-08-17 14:05 - 00314752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdro21.sys
2014-10-30 08:57 - 2001-08-17 14:04 - 00223232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdrv21.sys
2014-10-30 08:57 - 2001-08-17 14:04 - 00171264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdrv30.sys
2014-10-30 08:57 - 2001-08-17 13:51 - 00013824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bulltlp3.sys
2014-10-30 08:57 - 2001-08-17 13:28 - 00871388 ____C (BCM) C:\WINDOWS\system32\dllcache\bcmdm.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00060416 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brserwdm.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00039552 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparwdm.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00012160 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltlo.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00011008 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbmdm.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00010368 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbscn.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00003968 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltup.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00003168 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparimg.sys
2014-10-30 08:57 - 2001-08-17 13:12 - 00002944 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brfilt.sys
2014-10-30 08:57 - 2001-08-17 12:13 - 00164923 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\diapi2.sys
2014-10-30 08:57 - 2001-08-17 12:11 - 00066557 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42u.sys
2014-10-30 08:57 - 2001-08-17 12:11 - 00054271 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42xx5.sys
2014-10-30 08:57 - 2001-08-17 12:11 - 00031529 ____C (BreezeCOM) C:\WINDOWS\system32\dllcache\brzwlan.sys
2014-10-30 08:57 - 2001-08-17 12:11 - 00026568 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm4e5.sys
2014-10-30 08:56 - 2008-04-14 00:16 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys
2014-10-30 08:56 - 2008-04-14 00:16 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys
2014-10-30 08:56 - 2008-04-14 00:06 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys
2014-10-30 08:56 - 2008-04-13 22:05 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys
2014-10-30 08:56 - 2004-08-12 07:55 - 01817687 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bckgres.dll
2014-10-30 08:56 - 2004-08-12 07:55 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avtapi.dll
2014-10-30 08:56 - 2004-08-12 07:55 - 00082501 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bckg.dll
2014-10-30 08:56 - 2004-08-12 07:55 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avwav.dll
2014-10-30 08:56 - 2004-08-12 07:55 - 00042577 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bckgzm.exe
2014-10-30 08:56 - 2004-08-12 07:55 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avmeter.dll
2014-10-30 08:56 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll
2014-10-30 08:56 - 2001-08-17 22:36 - 00087552 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll
2014-10-30 08:56 - 2001-08-17 22:36 - 00045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2014-10-30 08:56 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe
2014-10-30 08:56 - 2001-08-17 14:56 - 00342336 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.dll
2014-10-30 08:56 - 2001-08-17 14:56 - 00268160 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll
2014-10-30 08:56 - 2001-08-17 14:56 - 00137216 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll
2014-10-30 08:56 - 2001-08-17 14:56 - 00104832 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll
2014-10-30 08:56 - 2001-08-17 14:55 - 00382592 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll
2014-10-30 08:56 - 2001-08-17 14:55 - 00096128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll
2014-10-30 08:56 - 2001-08-17 14:01 - 00036096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys
2014-10-30 08:56 - 2001-08-17 13:57 - 00077568 ____C (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys
2014-10-30 08:56 - 2001-08-17 13:49 - 00026624 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys
2014-10-30 08:56 - 2001-08-17 13:47 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00075136 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00049920 ____C () C:\WINDOWS\system32\dllcache\atirtcap.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00046464 ____C () C:\WINDOWS\system32\dllcache\atibt829.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00026880 ____C () C:\WINDOWS\system32\dllcache\atirtsnd.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00026624 ____C () C:\WINDOWS\system32\dllcache\ativxbar.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00023552 ____C () C:\WINDOWS\system32\dllcache\atixbar.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00019456 ____C () C:\WINDOWS\system32\dllcache\ativttxx.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00017152 ____C () C:\WINDOWS\system32\dllcache\atitvsnd.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00017152 ____C () C:\WINDOWS\system32\dllcache\atitunep.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00010240 ____C () C:\WINDOWS\system32\dllcache\atipcxxx.sys
2014-10-30 08:56 - 2001-08-17 12:49 - 00009472 ____C () C:\WINDOWS\system32\dllcache\ativmdcd.sys
2014-10-30 08:56 - 2001-08-17 12:48 - 00289664 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys
2014-10-30 08:56 - 2001-08-17 12:48 - 00281600 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys
2014-10-30 08:56 - 2001-08-17 12:48 - 00070528 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys
2014-10-30 08:56 - 2001-08-17 12:48 - 00036128 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.sys
2014-10-30 08:56 - 2001-08-17 12:19 - 00036992 ____C (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys
2014-10-30 08:56 - 2001-08-17 12:13 - 00089952 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\b1cbase.sys
2014-10-30 08:56 - 2001-08-17 12:13 - 00037568 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys
2014-10-30 08:56 - 2001-08-17 12:12 - 00097354 ____C (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys
2014-10-30 08:56 - 2001-08-17 12:11 - 00096640 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\b57xp32.sys
2014-10-30 08:56 - 2001-08-17 12:11 - 00027678 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys
2014-10-30 08:56 - 2001-08-17 12:11 - 00016969 ____C (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys
2014-10-30 08:55 - 2008-04-13 22:06 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys
2014-10-30 08:55 - 2001-08-17 22:37 - 00024576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax
2014-10-30 08:55 - 2001-08-17 22:36 - 00061440 ____C (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll
2014-10-30 08:55 - 2001-08-17 22:36 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2014-10-30 08:55 - 2001-08-17 13:53 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys
2014-10-30 08:55 - 2001-08-17 12:19 - 00747392 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys
2014-10-30 08:55 - 2001-08-17 12:19 - 00584448 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys
2014-10-30 08:55 - 2001-08-17 12:19 - 00553984 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys
2014-10-30 08:55 - 2001-08-17 12:11 - 00046112 ____C (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys
2014-10-30 08:55 - 2001-08-17 12:11 - 00020160 ____C (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys
2014-10-30 08:54 - 2008-04-14 00:16 - 00053376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys
2014-10-30 08:54 - 2008-04-14 00:16 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys
2014-10-30 08:54 - 2008-04-14 00:10 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys
2014-10-30 08:54 - 2008-04-13 22:06 - 00231552 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys
2014-10-30 08:54 - 2008-04-13 22:06 - 00084480 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys
2014-10-30 08:54 - 2001-08-17 22:36 - 00462848 ____C (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll
2014-10-30 08:54 - 2001-08-17 14:55 - 00689216 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll
2014-10-30 08:54 - 2001-08-17 14:55 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll
2014-10-30 08:54 - 2001-08-17 14:06 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys
2014-10-30 08:54 - 2001-08-17 13:28 - 00762780 ____C (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys
2014-10-30 08:54 - 2001-08-17 12:48 - 00148352 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2014-10-30 08:54 - 2001-08-17 12:20 - 00297728 ____C (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys
2014-10-30 08:54 - 2001-08-17 12:20 - 00096256 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys
2014-10-30 05:19 - 2014-11-02 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-30 05:17 - 2014-11-02 15:21 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Desktop\mbar
2014-10-30 04:13 - 2014-10-30 04:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-30 03:40 - 2014-10-30 03:40 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dll
2014-10-30 01:25 - 2014-10-30 01:25 - 18067456 _____ () C:\Documents and Settings\Dell Customer\My Documents\iso ipod transfer.iso
2014-10-30 00:15 - 2014-10-30 00:17 - 327866368 _____ () C:\Documents and Settings\Dell Customer\My Documents\iso image.iso
2014-10-29 23:45 - 2014-10-29 23:47 - 330018816 _____ () C:\Documents and Settings\Dell Customer\Desktop\iso file.iso
2014-10-29 23:24 - 2014-10-31 05:13 - 00000000 ____D () C:\Program Files\WinISO Computing
2014-10-29 23:24 - 2014-10-29 23:24 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Local Settings\Application Data\WinISO Computing
2014-10-29 23:24 - 2014-10-29 23:24 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Application Data\WinISO Computing
2014-10-29 23:24 - 2014-02-26 04:09 - 00121600 _____ (WinISO.com) C:\WINDOWS\system32\Drivers\WinisoCDBus.sys
2014-10-29 23:13 - 2014-10-30 01:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\1a6c2391acd69f80
2014-10-29 22:40 - 2014-10-29 22:40 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-29 22:37 - 2014-11-05 03:04 - 00000921 _____ () C:\Documents and Settings\Dell Customer\Application Data\burnaware.ini
2014-10-29 22:36 - 2014-10-29 22:36 - 00000729 _____ () C:\Documents and Settings\All Users\Desktop\BurnAware Free.lnk
2014-10-29 22:36 - 2014-10-29 22:36 - 00000000 ____D () C:\Program Files\BurnAware Free
2014-10-29 22:36 - 2014-10-29 22:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\BurnAware Free
2014-10-29 22:31 - 2014-11-05 02:27 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2014-10-29 22:31 - 2014-11-05 02:27 - 00001556 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2014-10-29 22:31 - 2014-11-05 02:27 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-10-29 22:31 - 2014-10-29 22:31 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Application Data\Canneverbe Limited
2014-10-29 22:31 - 2013-08-25 11:30 - 00013120 _____ () C:\WINDOWS\system32\Drivers\StarOpen.sys
2014-10-29 20:42 - 2014-11-03 05:31 - 00000160 _____ () C:\WINDOWS\wwwbatch.ini
2014-10-29 15:34 - 2014-10-29 15:34 - 00000000 ____D () C:\found.000
2014-10-29 08:12 - 2014-10-29 08:12 - 00000000 _____ () C:\av.mof
2014-10-29 08:10 - 2014-10-29 08:10 - 00000000 ___HD () C:\Program Files\WindowsUpdate
2014-10-29 08:09 - 2014-10-29 08:29 - 00007514 _____ () C:\WINDOWS\bitssetup.log
2014-10-29 08:09 - 2014-10-29 08:11 - 00000558 _____ () C:\WINDOWS\Windows Update.log
2014-10-29 06:49 - 2014-10-29 06:49 - 00000000 ____D () C:\RegBackup
2014-10-29 06:47 - 2014-10-29 06:47 - 00001812 _____ () C:\Documents and Settings\Dell Customer\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-10-29 06:47 - 2014-10-29 06:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-10-29 06:46 - 2014-10-29 06:46 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-10-29 01:38 - 2014-11-02 00:03 - 00000000 _____ () C:\WINDOWS\win.ini
2014-10-29 00:57 - 2014-10-29 00:57 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Application Data\Cleanersoft
2014-10-29 00:56 - 2014-10-30 10:48 - 00000000 ____D () C:\Program Files\Free Registry Fix
2014-10-28 23:20 - 2014-10-28 23:20 - 00000324 _____ () C:\Documents and Settings\Dell Customer\My Documents\audio sound max error code.txt
2014-10-28 23:08 - 2014-10-29 02:24 - 00000120 _____ () C:\WINDOWS\Reimage.ini
2014-10-28 21:36 - 2014-10-28 21:36 - 00016560 _____ () C:\Documents and Settings\Dell Customer\My Documents\dds.txt
2014-10-28 21:36 - 2014-10-28 21:36 - 00010627 _____ () C:\Documents and Settings\Dell Customer\My Documents\attach.txt
2014-10-28 20:07 - 2014-10-28 20:07 - 00000756 _____ () C:\Documents and Settings\Dell Customer\My Documents\combo fix 10 27 14.txt
2014-10-28 16:34 - 2014-11-02 22:41 - 00010760 _____ () C:\Documents and Settings\Dell Customer\Desktop\attach.txt
2014-10-28 13:55 - 2014-10-26 23:19 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141028-145528.backup
2014-10-28 03:26 - 2014-10-28 03:26 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-10-28 03:26 - 2014-10-28 03:26 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-10-28 03:26 - 2014-10-28 03:26 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-28 03:25 - 2014-10-28 03:25 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-28 03:25 - 2014-10-28 03:25 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-10-28 03:25 - 2014-10-28 03:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-28 03:25 - 2013-09-20 09:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-10-28 03:24 - 2014-10-28 03:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-28 00:32 - 2014-10-28 00:32 - 00013376 _____ () C:\Documents and Settings\Dell Customer\My Documents\registry in case something screws up.reg
2014-10-28 00:32 - 2014-10-28 00:32 - 00003894 _____ () C:\Documents and Settings\Dell Customer\My Documents\installation cd not working.reg
2014-10-27 20:51 - 2014-10-30 03:43 - 00001854 _____ () C:\Documents and Settings\Dell Customer\Desktop\LiveBoost.lnk
2014-10-27 20:51 - 2014-10-30 03:43 - 00001806 _____ () C:\Documents and Settings\Dell Customer\Desktop\System Mechanic Professional.lnk
2014-10-27 20:51 - 2014-10-30 03:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic Professional
2014-10-27 20:51 - 2014-10-30 03:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ioloGovernor
2014-10-27 20:51 - 2014-10-27 20:51 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Application Data\ioloGovernor
2014-10-27 20:51 - 2014-08-12 22:57 - 00041616 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iolobtdfg.exe
2014-10-27 20:51 - 2014-08-12 22:57 - 00023568 _____ (iolo technologies, LLC) C:\WINDOWS\system32\smrgdf.exe
2014-10-27 20:51 - 2014-08-12 22:41 - 02097984 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator32.dll
2014-10-27 20:51 - 2014-08-12 22:35 - 00068464 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\PDFsFilter.sys
2014-10-27 20:51 - 2014-08-12 22:35 - 00056200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2014-10-27 20:50 - 2014-11-01 06:54 - 00000000 ____D () C:\Program Files\iolo
2014-10-27 20:43 - 2014-10-27 20:51 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Application Data\iolo
2014-10-27 20:38 - 2014-10-27 20:38 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-10-27 20:25 - 2014-10-27 20:25 - 00001842 _____ () C:\Documents and Settings\Dell Customer\My Documents\AVSDK5_UNINST_2014-10-27 21.25.08.LOG
2014-10-27 19:31 - 2008-04-14 05:42 - 00116224 ____C (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2014-10-27 19:31 - 2008-04-14 05:42 - 00018944 ____C () C:\WINDOWS\system32\dllcache\xrxscnui.dll
2014-10-27 19:29 - 2008-04-14 05:42 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll
2014-10-27 19:28 - 2008-04-14 00:06 - 00008832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys
2014-10-27 19:27 - 2008-04-14 00:15 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wceusbsh.sys
2014-10-27 19:22 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2014-10-27 19:22 - 2008-04-14 00:15 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2014-10-27 19:22 - 2008-04-14 00:15 - 00017152 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys
2014-10-27 19:17 - 2008-04-14 05:42 - 00082944 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe
2014-10-27 19:16 - 2008-04-14 00:10 - 00149376 ____C (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys
2014-10-27 19:12 - 2008-04-14 00:10 - 00007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys
2014-10-27 19:11 - 2008-04-14 00:06 - 00016000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys
2014-10-27 19:11 - 2008-04-14 00:06 - 00006912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys
2014-10-27 19:07 - 2008-04-14 00:15 - 00011520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys
2014-10-27 19:06 - 2008-04-14 00:10 - 00043904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys
2014-10-27 19:05 - 2008-04-14 05:42 - 00029696 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll
2014-10-27 19:04 - 2008-04-14 05:42 - 00027648 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll
2014-10-27 19:03 - 2008-04-14 00:10 - 00079104 ____C (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys
2014-10-27 19:02 - 2008-04-14 00:10 - 00006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys
2014-10-27 19:01 - 2008-04-14 05:42 - 00363520 ____C () C:\WINDOWS\system32\dllcache\psisdecd.dll
2014-10-27 19:01 - 2008-04-14 05:42 - 00159232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll
2014-10-27 19:01 - 2008-04-14 05:42 - 00033280 ____C () C:\WINDOWS\system32\dllcache\psisrndr.ax
2014-10-27 19:00 - 2008-04-14 00:11 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys
2014-10-27 19:00 - 2008-04-14 00:10 - 00008832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys
2014-10-27 18:59 - 2008-04-14 05:40 - 00259328 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll
2014-10-27 18:59 - 2008-04-14 05:40 - 00211584 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll
2014-10-27 18:59 - 2008-04-14 00:14 - 00028032 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys
2014-10-27 18:58 - 2008-04-14 00:14 - 00027904 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys
2014-10-27 18:55 - 2008-04-14 00:16 - 00061696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ohci1394.sys
2014-10-27 09:41 - 2014-10-28 15:56 - 00008192 _____ () C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG
2014-10-27 09:41 - 2014-10-28 15:56 - 00008192 _____ () C:\Documents and Settings\LocalService\ntuser.tmp.LOG
2014-10-27 08:07 - 2014-11-03 04:44 - 00000000 ____D () C:\Documents and Settings\Dell Customer\Local Settings\Application Data\Adobe
2014-10-27 03:48 - 2014-11-02 22:06 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-27 03:48 - 2014-10-27 03:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-10-27 02:48 - 2014-11-03 21:02 - 00016384 _____ () C:\Documents and Settings\Dell Customer\ntuser.tmp.LOG
2014-10-27 02:48 - 2014-11-03 20:53 - 00008192 _____ () C:\WINDOWS\system32\config\security.tmp.LOG
2014-10-27 02:48 - 2014-10-27 02:48 - 00000000 _____ () C:\WINDOWS\system32\config\sam.tmp.LOG
2014-10-27 02:22 - 2014-10-27 09:25 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-10-27 02:22 - 2014-10-27 02:22 - 00000754 _____ () C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2014-10-27 02:22 - 2014-10-27 02:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-10-27 02:22 - 2009-03-24 11:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSSTDFMT.DLL
2014-10-27 01:35 - 2014-11-02 19:43 - 00010840 _____ () C:\WINDOWS\comsetup.log
2014-10-27 00:14 - 2014-10-27 00:14 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102714-01.dmp
2014-10-26 21:07 - 2014-10-26 21:07 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 20:24 - 2013-10-30 21:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-06 20:23 - 2005-04-09 13:01 - 01515867 ____C () C:\WINDOWS\WindowsUpdate.log
2014-11-06 16:46 - 2013-07-09 23:00 - 01048576 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-11-06 16:46 - 2005-12-15 15:06 - 00000278 __SHC () C:\Documents and Settings\Dell Customer\NTUSER.INI
2014-11-06 16:44 - 2011-02-14 05:08 - 00000000 __RDC () C:\Documents and Settings\Dell Customer\My Documents\Album covers and pics
2014-11-05 22:19 - 2004-08-10 12:08 - 00000178 __SHC () C:\Documents and Settings\NetworkService\NTUSER.INI
2014-11-04 22:06 - 2011-03-25 23:37 - 00000000 ____D () C:\WINDOWS\system32\config\Before Compact
2014-11-04 03:20 - 2008-02-01 15:14 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-04 02:53 - 2014-08-19 23:54 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 02:52 - 2014-08-19 23:53 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-03 22:09 - 2014-04-16 17:13 - 07864320 _____ () C:\Documents and Settings\Dell Customer\ntuser.bak
2014-11-03 22:09 - 2013-06-03 22:29 - 00057344 _____ () C:\WINDOWS\system32\config\security.bak
2014-11-03 22:09 - 2013-06-03 22:29 - 00024576 _____ () C:\WINDOWS\system32\config\sam.bak
2014-11-03 22:09 - 2013-06-03 21:55 - 34865152 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-03 22:09 - 2009-03-23 02:12 - 01110016 _____ () C:\Documents and Settings\LocalService\ntuser.bak
2014-11-03 22:09 - 2005-12-15 15:06 - 00000000 ____D () C:\Documents and Settings\Dell Customer
2014-11-03 22:09 - 2005-04-09 12:41 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-03 22:09 - 2005-04-09 12:41 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-03 22:09 - 1980-01-01 06:00 - 10223616 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-03 22:09 - 1980-01-01 06:00 - 01105920 _____ () C:\Documents and Settings\NetworkService\NTUSER.bak
2014-11-03 22:04 - 2005-04-09 12:40 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-03 21:59 - 2013-07-13 21:50 - 00704512 _____ () C:\WINDOWS\system32\config\DEFAULT.bak
2014-11-03 21:45 - 2013-11-24 15:27 - 00000000 _____ () C:\WINDOWS\system.ini
2014-11-03 21:02 - 2013-07-12 15:29 - 00024576 _____ () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-03 21:02 - 2013-07-12 15:29 - 00001024 _____ () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-03 20:52 - 2011-03-13 04:22 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-11-03 20:03 - 2004-08-10 12:08 - 00136464 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-03 04:00 - 2005-04-09 12:58 - 00013646 ____C () C:\WINDOWS\system32\WPA.DBL
2014-11-03 03:56 - 2013-10-06 04:06 - 00000150 _____ () C:\WINDOWS\setupact.log
2014-11-02 22:38 - 2005-04-09 12:46 - 00000441 __RSH () C:\boot.ini
2014-11-02 21:40 - 2014-06-01 06:03 - 00000000 ____D () C:\AdwCleaner
2014-11-02 20:15 - 2013-09-24 00:03 - 01162226 _____ () C:\WINDOWS\setupapi.log.0.old
2014-11-02 19:43 - 2013-10-29 00:10 - 00451088 _____ () C:\WINDOWS\ocgen.log
2014-11-02 19:43 - 2013-10-29 00:10 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-11-02 19:43 - 2013-06-03 21:18 - 01334643 ____C () C:\WINDOWS\FaxSetup.log
2014-11-02 19:43 - 2013-06-03 21:18 - 00600244 ____C () C:\WINDOWS\tsoc.log
2014-11-02 19:43 - 2013-06-03 21:18 - 00420786 ____C () C:\WINDOWS\ntdtcsetup.log
2014-11-02 19:43 - 2013-06-03 21:18 - 00174371 ____C () C:\WINDOWS\iis6.log
2014-11-02 19:43 - 2013-06-03 21:18 - 00074838 ____C () C:\WINDOWS\ocmsn.log
2014-11-02 19:43 - 2013-06-03 21:18 - 00072429 ____C () C:\WINDOWS\msgsocm.log
2014-11-02 19:26 - 2013-07-09 23:00 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-11-02 16:09 - 2013-07-01 16:45 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-02 01:29 - 2014-05-30 23:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-02 00:17 - 2011-03-16 02:54 - 00000002 ____C () C:\WINDOWS\system32\config.nt
2014-11-02 00:17 - 2004-08-12 07:55 - 00001688 ____C () C:\WINDOWS\system32\autoexec.nt
2014-11-02 00:08 - 2013-11-02 00:38 - 00026128 _____ () C:\Documents and Settings\Dell Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-01 23:45 - 2005-04-09 12:41 - 00000000 ____D () C:\WINDOWS\SECURITY
2014-11-01 23:17 - 2013-10-29 00:10 - 00004566 _____ () C:\WINDOWS\imsins.BAK
2014-11-01 23:17 - 2005-04-09 13:00 - 00732452 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 21:12 - 2014-05-31 18:07 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB982132$
2014-11-01 06:59 - 2011-03-25 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo
2014-10-30 19:56 - 2012-07-20 02:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-30 09:35 - 2013-10-29 05:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-10-29 08:21 - 2013-06-04 00:40 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-10-29 08:21 - 2013-06-04 00:40 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-10-29 08:19 - 2013-06-04 00:38 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-10-29 01:24 - 2013-06-04 05:45 - 00000379 ____C () C:\WINDOWS\ISSetup.log
2014-10-28 15:41 - 2014-07-09 16:47 - 00000000 ____D () C:\SUPERDelete
2014-10-28 13:55 - 2004-08-04 04:00 - 00449910 _____ () C:\WINDOWS\system32\Drivers\etc\hosts_bak_839
2014-10-28 03:25 - 2006-10-08 21:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-28 01:52 - 2005-04-09 12:40 - 00000000 ____D () C:\WINDOWS\Help
2014-10-27 23:41 - 2012-08-19 04:14 - 00958500 ____C () C:\Documents and Settings\Dell Customer\My Documents\mitchell parton spam lines 2 and passwords!.txt
2014-10-27 08:34 - 2014-08-19 23:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 08:34 - 2014-08-19 23:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 08:34 - 2013-10-30 23:23 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 00:14 - 2013-06-30 11:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-27 00:02 - 2005-04-09 13:01 - 00000006 ____C () C:\WINDOWS\Tasks\SA.DAT
2014-10-26 23:14 - 2012-10-20 22:00 - 00000000 ____D () C:\Program Files\Messenger
2014-10-26 22:17 - 2013-07-16 04:35 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-26 21:45 - 2013-05-18 05:22 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-26 21:07 - 2011-03-26 02:51 - 00000392 ____C () C:\WINDOWS\system32\iolo.ini.txt
2014-10-26 21:05 - 2004-08-10 11:59 - 00000159 ____C () C:\WINDOWS\WIADEBUG.LOG
2014-10-26 21:05 - 2004-08-10 11:59 - 00000050 ____C () C:\WINDOWS\WIASERVC.LOG
2014-10-23 19:45 - 2011-02-13 00:03 - 00000284 ____C () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-14 22:25 - 2014-05-31 17:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-14 21:18 - 2011-03-25 23:36 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2014-10-08 14:00 - 2014-06-01 06:13 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Dell Customer at 2014-11-06 20:34:42
Running from C:\Documents and Settings\Dell Customer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3herosoft iPod to Computer Transfer (HKLM\...\3herosoft iPod to Computer Transfer) (Version: 3.7.4.1216 - 3herosoft)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.12 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 7.5 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Intel® 537EP V9x DF PCI Modem (HKLM\...\Intel® 537EP V9x DF PCI Modem) (Version: - )
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel® PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
iolo technologies' System Mechanic Professional (HKLM\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Linksys Updater (HKLM\...\{C15B6175-689A-4D97-A42C-7225353F60A7}) (Version: 1.1.8015.381 - Linksys)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_10.51) (Version: - )
Logitech QuickCam (HKLM\...\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}) (Version: 11.50.1169 - Logitech Inc.)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.50) (Version: - )
Logitech QuickCam Express (HKLM\...\Logitech QuickCam Express) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Event Monitor (HKLM\...\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}) (Version: - )
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 (Version: 4.20.9818.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MVision (Version: 10.51.2027 - Logitech Inc.) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Mechanic 12 Professional (Version: 14.0.1 - ) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.0 - Tweaking.com)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
ZoneAlarm Firewall (Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3749318984-4252393807-2332203289-1006_Classes\CLSID\{07F29912-A340-4f99-8E98-1225B91B2467}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2014-11-03 20:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-10-25 16:37 - 2007-10-25 16:37 - 02178832 ____C () C:\Program Files\Logitech\QuickCam\Quickcam.exe
2007-10-25 16:44 - 2007-10-25 16:44 - 00103184 ____C () C:\Program Files\Logitech\QuickCam\LAppRes.dll
2007-10-25 16:33 - 2007-10-25 16:33 - 00344336 ____C () C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
2014-10-30 16:42 - 2014-10-30 16:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk => C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-3749318984-4252393807-2332203289-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3749318984-4252393807-2332203289-1009 - Limited - Enabled)
Dell Customer (S-1-5-21-3749318984-4252393807-2332203289-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dell Customer
Guest (S-1-5-21-3749318984-4252393807-2332203289-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3749318984-4252393807-2332203289-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3749318984-4252393807-2332203289-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 02:39:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]

Error: (11/02/2014 04:44:29 PM) (Source: MsiInstaller) (EventID: 1008) (User: DGVRKS61)
Description: The installation of C:\DOCUME~1\DELLCU~1\LOCALS~1\Temp\6139706A-62DD-11E4-A1AA-806D6172696F\kavkis.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (11/02/2014 04:12:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TEST_WPF.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.StubHelpers.InterfaceMarshaler.ConvertToManaged(IntPtr, IntPtr, IntPtr, Int32)
at MS.Win32.UnsafeNativeMethods.TF_CreateThreadMgr(ITfThreadMgr ByRef)
at MS.Internal.TextServicesLoader.Load()
at System.Windows.Threading.Dispatcher.GetMessagePump()
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at test_wpf.App.Main()

Error: (11/02/2014 04:09:54 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 test_wpf.exe, P2 1.0.0.0, P3 5353b84f, P4 windowsbase, P5 4.0.0.0, P6 51eea870, P7 13fc, P8 1e, P9 clr20r30, P10 clr20r31.

Error: (11/01/2014 04:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/01/2014 05:35:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/31/2014 04:15:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hitmanpro.exe, version 3.7.9.232, faulting module hitmanpro.exe, version 3.7.9.232, fault address 0x001496bb.
Processing media-specific event for [hitmanpro.exe!ws!]

Error: (10/31/2014 04:12:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hitmanpro.exe, version 3.7.9.232, faulting module hitmanpro.exe, version 3.7.9.232, fault address 0x001496bb.
Processing media-specific event for [hitmanpro.exe!ws!]

Error: (10/30/2014 09:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.0.5397, faulting module mozalloc.dll, version 33.0.0.5397, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/30/2014 04:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.0.5397, faulting module mozalloc.dll, version 33.0.0.5397, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (11/05/2014 02:47:46 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:45:37 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:43:33 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:41:24 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:38:40 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:36:36 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:33:05 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:24:00 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:22:00 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (11/05/2014 02:20:00 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1


Microsoft Office Sessions:
=========================
Error: (11/03/2014 02:39:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711msvcr100.dll10.0.40219.3250008d6fd

Error: (11/02/2014 04:44:29 PM) (Source: MsiInstaller) (EventID: 1008) (User: DGVRKS61)
Description: C:\DOCUME~1\DELLCU~1\LOCALS~1\Temp\6139706A-62DD-11E4-A1AA-806D6172696F\kavkis.msi(NULL)(NULL)(NULL)

Error: (11/02/2014 04:12:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TEST_WPF.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.StubHelpers.InterfaceMarshaler.ConvertToManaged(IntPtr, IntPtr, IntPtr, Int32)
at MS.Win32.UnsafeNativeMethods.TF_CreateThreadMgr(ITfThreadMgr ByRef)
at MS.Internal.TextServicesLoader.Load()
at System.Windows.Threading.Dispatcher.GetMessagePump()
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at test_wpf.App.Main()

Error: (11/02/2014 04:09:54 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3test_wpf.exe1.0.0.05353b84fwindowsbase4.0.0.051eea87013fc1epszqoadhx1u5zahbhohghldgiy4qixhxNIL

Error: (11/01/2014 04:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.2.5413mozalloc.dll33.0.2.541300001425

Error: (11/01/2014 05:35:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.2.5413mozalloc.dll33.0.2.541300001425

Error: (10/31/2014 04:15:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hitmanpro.exe3.7.9.232hitmanpro.exe3.7.9.232001496bb

Error: (10/31/2014 04:12:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hitmanpro.exe3.7.9.232hitmanpro.exe3.7.9.232001496bb

Error: (10/30/2014 09:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397mozalloc.dll33.0.0.539700001425

Error: (10/30/2014 04:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397mozalloc.dll33.0.0.539700001425


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 81%
Total physical RAM: 765.98 MB
Available physical RAM: 143.87 MB
Total Pagefile: 1874.86 MB
Available Pagefile: 1326.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1991.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.46 GB) (Free:2.9 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (NEW VOLUME) (Fixed) (Total:2.75 GB) (Free:1.62 GB) FAT32
Drive g: () (Fixed) (Total:148.98 GB) (Free:115.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: E394E394)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=34.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 5EA77432)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0B)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 06 November 2014 - 10:56 PM.
Logs posted





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users