Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual Computer Behavior


  • This topic is locked This topic is locked
23 replies to this topic

#1 fcapuno

fcapuno

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 27 April 2015 - 11:53 AM

My laptop has been rather slow with sporadic stuttering when doing simple tasks. I suspect that the problem is actually a hardware failure. However, after a scan, I have found some entries from GeniusBar. While I had taken some measures to remove GeniusBar, I wanted to confirm if the computer was clean before actually fixing any faulty hardware (if I have to clone the hard drive, I don't want to clone an infected hard drive).
 

Additionally, I have been unable to update the computer with Windows Update for some time as I run into multiple installation errors.

I do have a FRST scan which I'll include below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by Owner (administrator) on OWNER-E8317648A on 27-04-2015 09:42:43
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files\user extensions\Client.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\user extensions\Client.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 1999-12-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [ProcessLassoManagementConsole] => C:\Program Files\Process Lasso\processlasso.exe [949032 2014-12-17] (Bitsum LLC)
HKLM\...\Run: [ProcessGovernor] => C:\Program Files\Process Lasso\processgovernor.exe [675624 2014-12-17] (Bitsum LLC)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-1547161642-1606980848-725345543-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-1547161642-1606980848-725345543-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632840 2015-02-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1547161642-1606980848-725345543-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1547161642-1606980848-725345543-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad++\Notepad++ParamProxy.exe"
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-24]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-09-03]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1547161642-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-07] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-07] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369753115671
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.13.1.254 10.13.1.253

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x38nbj6b.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x38nbj6b.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-05-15]
FF Extension: Tree Style Tab - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x38nbj6b.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2013-12-02]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x38nbj6b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-19]
FF Extension: Menu Editor - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x38nbj6b.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2014-05-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-08-07] (Echobit LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [135176 2015-02-17] (Sandboxie Holdings, LLC)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 axaoegc; "C:\Documents and Settings\All Users\Application Data\websmartapp\1.1.0.30\aaopwsa.exe" -scm [X]
S2 boemcee; "C:\Documents and Settings\All Users\Application Data\websmartapp\1.1.0.30\aaopasa.exe" /ts2=1 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\DRIVERS\evolve.sys [18584 2014-06-28] (Echobit, LLC)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2015-02-17] (Sandboxie Holdings, LLC)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [113984 2015-04-07] (Power Software Ltd)
R3 ti21sony; C:\WINDOWS\System32\drivers\ti21sony.sys [808448 2007-01-24] (Texas Instruments)
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
R3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47488 2006-02-10] (TOSHIBA Corporation) [File not signed]
R3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-04-13] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [37632 2006-03-16] (TOSHIBA Corporation) [File not signed]
R1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
R3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-02-08] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [52864 2006-03-15] (TOSHIBA Corporation) [File not signed]
R3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [40192 2006-02-24] (TOSHIBA CORPORATION) [File not signed]
S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [245248 2006-05-23] (Marvell)
U5 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2018-04-12 17:45 - 2015-04-26 21:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2018-04-12 17:45 - 2015-04-26 21:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2018-04-12 17:45 - 2001-08-17 06:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys
2018-04-12 17:44 - 2018-04-12 17:44 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2018-04-12 17:44 - 2008-04-14 00:10 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys
2018-04-12 17:44 - 2001-08-17 05:51 - 00020752 _____ (Sony Corporation) C:\WINDOWS\system32\Drivers\SonyNC.sys
2018-04-12 17:43 - 2008-04-14 05:42 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbui.dll
2018-04-12 17:43 - 2008-04-14 00:06 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2018-04-12 17:43 - 2008-04-14 00:06 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmbatt.sys
2018-04-12 17:43 - 2008-04-14 00:06 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys
2018-04-12 17:43 - 2001-08-17 06:46 - 00006400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\enum1394.sys
2018-04-12 17:42 - 2018-04-12 17:42 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2018-04-12 17:42 - 2018-04-12 17:42 - 00000000 ____D () C:\Program Files\Common Files\ODBC
2018-04-12 17:42 - 2015-04-08 05:28 - 00625402 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-12 17:42 - 2014-09-09 13:30 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2018-04-12 17:42 - 2013-05-28 06:34 - 00004161 _____ () C:\WINDOWS\ODBCINST.INI
2018-04-12 17:42 - 2004-08-04 03:00 - 01685606 ____C () C:\WINDOWS\system32\dllcache\sam.spd
2018-04-12 17:42 - 2004-08-04 03:00 - 00774144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spttseng.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00643717 ____C () C:\WINDOWS\system32\dllcache\ltts1033.lxa
2018-04-12 17:42 - 2004-08-04 03:00 - 00605050 ____C () C:\WINDOWS\system32\dllcache\r1033tts.lxa
2018-04-12 17:42 - 2004-08-04 03:00 - 00077824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spcommon.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_869.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_866.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_857.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_855.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_852.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 ____C () C:\WINDOWS\system32\dllcache\c_737.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 _____ () C:\WINDOWS\system32\c_869.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 _____ () C:\WINDOWS\system32\c_866.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 _____ () C:\WINDOWS\system32\c_857.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 _____ () C:\WINDOWS\system32\c_855.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 _____ () C:\WINDOWS\system32\c_852.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066594 _____ () C:\WINDOWS\system32\c_737.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_875.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_28603.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_28599.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_28597.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_28595.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_28594.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10082.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10081.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10029.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10017.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10010.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10007.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_10006.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_875.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_28603.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_28599.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\C_28597.NLS
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\C_28595.NLS
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\C_28594.NLS
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_10082.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_10081.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_10029.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_10017.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_10010.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_10007.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_10006.nls
2018-04-12 17:42 - 2004-08-04 03:00 - 00061440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spcplui.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sapisvr.exe
2018-04-12 17:42 - 2004-08-04 03:00 - 00008192 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhept.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhept.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00007168 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdycl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdsl1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdsl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdpl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhu.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhela3.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz2.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcr.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\KBDAL.DLL
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdycl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsl1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdpl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhu.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhela3.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz2.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcr.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdal.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtuq.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtuf.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlv1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlv.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhela2.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdgkl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdest.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtuq.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtuf.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlv1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlv.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhela2.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdgkl.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdest.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdycc.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbduzb.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdur.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtat.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdru1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdru.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdro.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdpl1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdmon.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlt1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlt.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdkyr.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdkaz.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhu1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe319.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe220.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdbu.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdblr.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdazel.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdaze.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdycc.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbduzb.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdur.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtat.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdru1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdru.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdro.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdpl1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdmon.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlt1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlt.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkyr.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkaz.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhu1.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe319.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe220.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdbu.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdblr.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdazel.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdaze.dll
2018-04-12 17:42 - 2004-08-04 03:00 - 00000888 ____C () C:\WINDOWS\system32\dllcache\sam.sdf
2018-04-12 17:41 - 2018-04-12 17:41 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2018-04-12 17:41 - 2008-04-14 05:42 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system\winspool.drv
2018-04-12 17:41 - 2008-04-14 05:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\storprop.dll
2018-04-12 17:41 - 2008-04-14 05:42 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2018-04-12 17:41 - 2008-04-14 05:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\batt.dll
2018-04-12 17:41 - 2008-04-14 00:24 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys
2018-04-12 17:41 - 2005-03-21 16:48 - 00007710 ____C () C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2018-04-12 17:41 - 2004-08-04 03:00 - 01042903 ____C () C:\WINDOWS\system32\dllcache\SP2.CAT
2018-04-12 17:41 - 2004-08-04 03:00 - 00797189 ____C () C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2018-04-12 17:41 - 2004-08-04 03:00 - 00399645 ____C () C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2018-04-12 17:41 - 2004-08-04 03:00 - 00176157 ____C (Digi International, Inc.) C:\WINDOWS\system32\dllcache\dgrpsetu.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00176157 _____ (Digi International, Inc.) C:\WINDOWS\system32\dgrpsetu.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00126912 _____ (Microsoft Corporation) C:\WINDOWS\system\MSVIDEO.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00109456 _____ (Microsoft Corporation) C:\WINDOWS\system\AVIFILE.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00103424 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnclass.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00103424 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\EqnClass.Dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00085020 ____C (Digi International) C:\WINDOWS\system32\dllcache\dgsetup.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00085020 _____ (Digi International) C:\WINDOWS\system32\dgsetup.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system\OLECLI.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00073376 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIAVI.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00069584 _____ (Microsoft Corporation) C:\WINDOWS\system\AVICAP.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00068768 _____ (Microsoft Corporation) C:\WINDOWS\system\MMSYSTEM.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00066082 ____C () C:\WINDOWS\system32\dllcache\c_20127.nls
2018-04-12 17:41 - 2004-08-04 03:00 - 00066082 _____ () C:\WINDOWS\system32\c_20127.nls
2018-04-12 17:41 - 2004-08-04 03:00 - 00037484 ____C () C:\WINDOWS\system32\dllcache\MW770.CAT
2018-04-12 17:41 - 2004-08-04 03:00 - 00032816 _____ (Microsoft Corporation) C:\WINDOWS\system\COMMDLG.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIWAVE.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00025264 _____ (Microsoft Corporation) C:\WINDOWS\system\MCISEQ.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00024661 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spxcoins.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00024661 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\spxcoins.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system\OLESVR.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system\TAPI.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\taskman.exe
2018-04-12 17:41 - 2004-08-04 03:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\TASKMAN.EXE
2018-04-12 17:41 - 2004-08-04 03:00 - 00013600 _____ (Microsoft Corporation) C:\WINDOWS\system\WFWNET.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00013472 ____C () C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2018-04-12 17:41 - 2004-08-04 03:00 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irclass.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2018-04-12 17:41 - 2004-08-04 03:00 - 00009936 _____ (Microsoft Corporation) C:\WINDOWS\system\LZEXPAND.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00009008 _____ (Microsoft Corporation) C:\WINDOWS\system\VER.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00008574 ____C () C:\WINDOWS\system32\dllcache\IASNT4.CAT
2018-04-12 17:41 - 2004-08-04 03:00 - 00007334 ____C () C:\WINDOWS\system32\dllcache\wmerrenu.cat
2018-04-12 17:41 - 2004-08-04 03:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system\SHELL.DLL
2018-04-12 17:41 - 2004-08-04 03:00 - 00004048 _____ (Microsoft Corporation) C:\WINDOWS\system\TIMER.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00003360 _____ (Microsoft Corporation) C:\WINDOWS\system\SYSTEM.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00002577 ____N () C:\WINDOWS\system32\CONFIG.TMP
2018-04-12 17:41 - 2004-08-04 03:00 - 00002176 _____ (Microsoft Corporation) C:\WINDOWS\system\VGA.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00002032 _____ (Microsoft Corporation) C:\WINDOWS\system\MOUSE.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00002000 _____ (Microsoft Corporation) C:\WINDOWS\system\KEYBOARD.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00001744 _____ (Microsoft Corporation) C:\WINDOWS\system\SOUND.DRV
2018-04-12 17:41 - 2004-08-04 03:00 - 00001688 _____ () C:\WINDOWS\system32\AUTOEXEC.NT
2018-04-12 17:41 - 2004-08-04 03:00 - 00001152 _____ (Microsoft Corporation) C:\WINDOWS\system\MMTASK.TSK
2018-04-12 17:40 - 2015-03-11 09:35 - 00267800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-12 17:39 - 2018-04-12 17:39 - 00901120 _____ () C:\WINDOWS\system32\config\system.sav
2018-04-12 17:39 - 2018-04-12 17:39 - 00659456 _____ () C:\WINDOWS\system32\config\software.sav
2018-04-12 17:39 - 2018-04-12 17:39 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2018-04-12 17:39 - 2018-04-12 17:39 - 00094208 _____ () C:\WINDOWS\system32\config\default.sav
2018-04-12 17:39 - 2018-04-12 17:39 - 00001024 ____H () C:\WINDOWS\system32\config\userdiff.LOG
2018-04-12 17:39 - 2018-04-12 17:39 - 00001024 ____H () C:\WINDOWS\system32\config\TempKey.LOG
2018-04-12 17:39 - 2013-05-28 06:28 - 00000211 ___SH () C:\boot.ini
2018-04-12 17:31 - 2018-04-12 17:34 - 00000000 ____D () C:\WINDOWS\twain_32
2018-04-12 17:31 - 2018-04-12 17:34 - 00000000 ____D () C:\WINDOWS\system32\ras
2018-04-12 17:31 - 2018-04-12 17:33 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2018-04-12 17:31 - 2018-04-12 17:33 - 00000000 ____D () C:\WINDOWS\system32\1033
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\wins
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\ShellExt
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\IME
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\export
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\Drivers\disdn
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\dhcp
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\3com_dmi
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\3076
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\2052
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\1054
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\1042
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\1041
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\1037
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\1031
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\1028
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\system32\1025
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\Provisioning
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\java
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\Driver Cache
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\dell
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\Connection Wizard
2018-04-12 17:31 - 2018-04-12 17:31 - 00000000 ____D () C:\WINDOWS\addins
2018-04-12 17:31 - 2015-04-08 04:36 - 00000000 ____D () C:\WINDOWS\Help
2018-04-12 17:31 - 2015-04-07 07:22 - 00000000 ____D () C:\WINDOWS\Media
2018-04-12 17:31 - 2015-04-07 04:41 - 00000000 ____D () C:\WINDOWS\security
2018-04-12 17:31 - 2015-03-10 10:40 - 00000000 ____D () C:\WINDOWS\system32\mui
2018-04-12 17:31 - 2013-10-18 14:58 - 00000000 ____D () C:\WINDOWS\system32\spool
2018-04-12 17:31 - 2013-06-15 22:44 - 00000000 ____D () C:\WINDOWS\Resources
2018-04-12 17:31 - 2013-06-15 22:23 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2018-04-12 17:31 - 2013-05-28 07:17 - 00000000 ____D () C:\WINDOWS\system32\usmt
2018-04-12 17:31 - 2013-05-28 07:17 - 00000000 ____D () C:\WINDOWS\PeerNet
2018-04-12 17:31 - 2013-05-28 07:17 - 00000000 ____D () C:\WINDOWS\ime
2018-04-12 17:31 - 2013-05-28 07:15 - 00000000 ____D () C:\WINDOWS\system32\npp
2018-04-12 17:31 - 2013-05-28 07:15 - 00000000 ____D () C:\WINDOWS\system
2018-04-12 17:31 - 2013-05-28 07:15 - 00000000 ____D () C:\WINDOWS\mui
2018-04-12 17:31 - 2013-05-28 07:15 - 00000000 ____D () C:\WINDOWS\msagent
2018-04-12 17:31 - 2013-05-28 06:35 - 00000000 ____D () C:\WINDOWS\repair
2018-04-12 17:31 - 2013-05-28 06:34 - 00000000 ____D () C:\WINDOWS\system32\ias
2018-04-12 17:31 - 2013-05-28 06:33 - 00000000 ___RD () C:\WINDOWS\Web
2018-04-12 17:31 - 2013-05-28 06:32 - 00000000 ____D () C:\WINDOWS\pchealth
2018-04-12 17:31 - 2013-05-28 06:30 - 00000000 ____D () C:\WINDOWS\Cursors
2015-04-27 09:42 - 2015-04-27 09:42 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2015-04-25 22:03 - 2015-04-25 22:03 - 00000802 _____ () C:\Documents and Settings\Owner\Desktop\TwitchDatesPokemon.lnk
2015-04-25 22:03 - 2015-04-25 22:03 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\TwitchDatesPokemon
2015-04-25 22:00 - 2015-04-26 05:36 - 00000000 ____D () C:\Program Files\TwitchDatesPokemon
2015-04-23 21:04 - 2015-04-23 21:04 - 00029767 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
2015-04-23 21:02 - 2015-04-27 09:44 - 00015854 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2015-04-23 21:01 - 2015-04-27 09:42 - 00000000 ____D () C:\FRST
2015-04-23 21:00 - 2015-04-27 09:42 - 01140736 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2015-04-23 20:30 - 2015-04-23 20:30 - 00025992 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\pgdfgsvc.exe
2015-04-23 08:13 - 2015-04-23 08:14 - 00000440 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-04-23 08:12 - 2015-04-23 08:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\PowerISO
2015-04-23 07:53 - 2015-04-23 07:53 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2015-04-23 07:53 - 2015-04-23 07:53 - 00000000 ____D () C:\Program Files\PowerISO
2015-04-23 07:53 - 2015-04-23 07:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2015-04-22 16:37 - 2015-04-22 17:30 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Windows 7
2015-04-22 11:45 - 2015-04-22 11:47 - 00000000 ____D () C:\Avenger
2015-04-21 17:19 - 2015-04-21 17:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-21 09:54 - 2015-04-21 10:06 - 00000000 ____D () C:\AdwCleaner
2015-04-21 09:51 - 2015-04-21 09:52 - 02217984 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner_4.201.exe
2015-04-21 06:04 - 2015-04-27 06:04 - 00000440 _____ () C:\WINDOWS\Tasks\Client.job
2015-04-21 06:04 - 2015-04-27 06:04 - 00000380 _____ () C:\WINDOWS\Tasks\Run Tasks.job
2015-04-21 06:04 - 2015-04-21 06:04 - 00000064 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\02dbed73cfcd51c4663d2ee72e04b9f2
2015-04-21 06:04 - 2015-04-21 06:04 - 00000000 ____D () C:\Program Files\user extensions
2015-04-21 06:02 - 2015-04-21 06:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\COMODO
2015-04-21 06:01 - 2015-04-21 06:01 - 00000000 ____D () C:\Program Files\COMODO
2015-04-21 05:56 - 2015-04-21 05:56 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\boeqrytkoe
2015-04-20 22:47 - 2015-04-20 22:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\MPC-HC
2015-04-20 22:47 - 2015-04-20 22:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
2015-04-15 00:23 - 2015-04-15 00:26 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-13 09:54 - 2015-04-13 09:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
2015-04-08 05:35 - 2015-04-08 05:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB963093$
2015-04-07 19:01 - 2015-04-07 19:01 - 00113984 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2015-04-07 07:19 - 2015-04-07 07:24 - 00000000 __HDC () C:\WINDOWS\ie8
2015-04-07 04:35 - 2015-04-07 04:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2492386$
2015-04-07 04:33 - 2015-04-08 04:34 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-04-07 04:33 - 2015-04-08 04:34 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-04-07 04:32 - 2015-04-07 04:33 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2015-04-07 04:32 - 2015-04-07 04:32 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-04-07 04:32 - 2015-04-07 04:32 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2015-04-07 04:32 - 2015-04-07 04:32 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2015-04-07 04:31 - 2015-04-07 04:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallbasecsp$
2015-04-07 04:30 - 2015-04-23 08:13 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-07 04:30 - 2015-04-13 13:24 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2015-04-07 04:29 - 2015-04-22 11:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB915800-v4$
2015-04-07 04:29 - 2008-03-07 10:02 - 00192000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\offfilt.dll
2015-04-07 04:29 - 2008-03-07 10:02 - 00098304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nlhtml.dll
2015-04-07 04:29 - 2008-03-07 10:02 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mimefilt.dll
2015-04-07 04:25 - 2015-04-07 04:25 - 00000000 ____D () C:\WINDOWS\system32\URTTEMP
2015-04-07 04:12 - 2011-03-11 07:10 - 00225262 ____C () C:\WINDOWS\system32\dllcache\msimain.sdb
2015-04-07 03:41 - 2015-04-07 01:22 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-04-07 01:26 - 2015-04-07 01:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-07 01:14 - 2015-04-07 03:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2018-04-12 17:42 - 2004-08-04 03:00 - 00000231 _____ () C:\WINDOWS\system.ini
2015-04-27 09:44 - 2013-06-15 21:59 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
2015-04-27 09:44 - 2013-05-28 06:40 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2015-04-27 09:44 - 2013-05-28 06:33 - 01992436 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 09:42 - 2013-05-28 06:39 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-04-27 09:40 - 2014-04-21 05:05 - 00001448 _____ () C:\WINDOWS\Sandboxie.ini
2015-04-27 08:23 - 2013-05-28 09:41 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-26 21:34 - 2013-11-25 12:12 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-04-26 21:31 - 2013-06-23 16:57 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
2015-04-26 21:29 - 2013-06-23 16:27 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
2015-04-26 21:27 - 2004-08-04 03:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-26 21:26 - 2013-06-24 11:16 - 00000000 ____D () C:\Program Files\Steam
2015-04-26 21:23 - 2014-04-16 03:27 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-26 21:23 - 2013-05-28 06:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-26 10:53 - 2013-05-28 06:40 - 00032644 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-26 10:39 - 2013-05-28 06:40 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2015-04-26 05:36 - 2013-06-16 02:05 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\RenPy
2015-04-24 16:11 - 2013-06-23 16:57 - 00001008 _____ () C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
2015-04-24 16:11 - 2013-06-23 16:50 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2015-04-23 20:44 - 2014-04-20 00:17 - 00000000 ____D () C:\Program Files\Game Dev Tycoon
2015-04-23 20:29 - 2013-05-28 06:40 - 00000000 ____D () C:\Documents and Settings\Owner
2015-04-23 20:24 - 2013-06-23 12:29 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Ventrilo
2015-04-23 20:24 - 2013-06-15 21:55 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
2015-04-23 20:24 - 2013-06-15 19:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Media Player Classic
2015-04-23 20:21 - 2014-05-11 19:07 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-04-23 20:21 - 2014-05-11 19:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-22 11:46 - 2013-06-15 21:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-21 10:23 - 2015-03-10 23:31 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-21 10:20 - 2013-06-16 23:04 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-04-21 06:24 - 2013-06-15 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-04-20 22:47 - 2013-06-15 19:47 - 00000000 ____D () C:\Program Files\Combined Community Codec Pack
2015-04-16 03:35 - 2013-07-19 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-16 03:19 - 2013-05-28 09:07 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 00:28 - 2013-05-28 09:41 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 00:28 - 2013-05-28 09:41 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-14 23:55 - 2013-07-03 04:50 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Steam
2015-04-08 05:28 - 2013-05-28 06:31 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-08 04:59 - 2013-05-28 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2015-04-08 04:34 - 2013-05-28 12:52 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2015-04-08 00:58 - 2013-10-18 14:55 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-07 07:36 - 2013-05-28 09:11 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-04-07 04:35 - 2013-05-28 06:35 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-04-07 04:34 - 2013-05-28 06:28 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-04-07 03:41 - 2013-06-24 08:53 - 00000000 ____D () C:\Program Files\Java
2015-04-07 01:22 - 2014-08-07 20:24 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

==================== Files in the root of some directories =======

2015-04-21 06:04 - 2015-04-21 06:04 - 0000064 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\02dbed73cfcd51c4663d2ee72e04b9f2
2013-09-18 12:50 - 2013-09-18 12:50 - 0003584 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-19 21:42 - 2013-07-19 21:42 - 0001007 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\gcs.pref

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4b78c17d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8003756c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-90f0abe3.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a1942640.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-decc6faf.exe
C:\Documents and Settings\Owner\Local Settings\Temp\D12757CE-0266-E27C-DE9D-E79143816182.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt9yvyz.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files


Edited by fcapuno, 27 April 2015 - 11:58 AM.


BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:11 AM

Posted 01 May 2015 - 05:29 PM

hi,

 

Iam shelf life and will try to help you.  Your post is several days old. If you still need help simply replay back and we can begin.


How Can I Reduce My Risk to Malware?


#3 fcapuno

fcapuno
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 01 May 2015 - 06:12 PM

Thank you for replying and taking the time to do so! I do indeed still need help. I haven't done anything on the problem computer other than some light browsing and some text editing. However, if you want me to post fresh logs, I'll be free to do so as soon as I get off from work later today.


Edited by fcapuno, 01 May 2015 - 06:12 PM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:11 AM

Posted 01 May 2015 - 07:43 PM

To start we will get a download you can use. Its like Adwcleaner which you jave already run:

 

     Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Shutdown your antivirus to avoid any conflicts.

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator

    The tool will open and start scanning.

    Please be patient as this can take a while to complete.

    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    Post the contents of JRT.txt into your next message

 

 

I have been unable to update the computer with Windows Update

 

Iam sure you know that support for XP has ended, there wont be anymore new updates.

 

http://www.digitaltrends.com/computing/end-support-windows-xp-survival-guide/


How Can I Reduce My Risk to Malware?


#5 fcapuno

fcapuno
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 02 May 2015 - 12:36 AM

One log, coming up! Also, I couldn't retrieve updates for Microsoft Office from Windows Update which is what I was most concerned about. Otherwise, you are correct. I am quite aware that XP isn't being supported anymore.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 05/01/2015 at 22:12:17.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\couponprinter.ocx



~~~ Folders

Successfully deleted: [Folder] C:\ai_recyclebin



~~~ FireFox

Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\x38nbj6b.default\minidumps [15 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/01/2015 at 22:18:58.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:11 AM

Posted 02 May 2015 - 07:41 PM

You can try this "fixit" tool from MS. The 2nd one down is for XP:

 

https://support.microsoft.com/en-us/kb/971058


How Can I Reduce My Risk to Malware?


#7 fcapuno

fcapuno
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 02 May 2015 - 11:14 PM

Alright. I'm running it. I'll get back to you as soon as it's done. It looks like it's going to take awhile.



#8 fcapuno

fcapuno
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 03 May 2015 - 09:03 PM

I know it's poor form to bump a topic, however I just wanted to give an update stating the FixIt didn't work. It was unable to resolve the issue..

 

I did try to manually repair and reregister the DLLs myself as it states in the instructions, and it was unable to reregister the following DLL files (with error messages):

 

mshtml.dll (mshtml.dll was loaded, but the DllRegisterServer entry point was not found. This file cannot be registered.)

wucltux.dll (LoadLibrary("wucltux.dll") failed - The specified module could not be found.)

wuwebv.dll (LoadLibrary("wuwebv.dll") failed - The specified module could not be found.)



#9 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:11 AM

Posted 04 May 2015 - 04:58 PM

You didnt bump the topic, I was waiting for your result and it looks like the fixit didnt work. That would have been to easy. you can try running system file checker (SFC):

http://www.thewindowsclub.com/how-to-run-system-file-checker-analyze-its-logs-in-windows-7-vista

 

Lets remove some stuff with FRST, although it has nothing to do with the update problem.

 

Copy/paste whats below into notepad. Save it to your desktop as  fixlist.txt

Start FRST by doube clicking the icon and this time click the Fix button. The script will run in FRST. When its done it will produce a log on the desktop called fixlog.txt. Please copy/paste the results in your reply:

2015-04-21 06:04 - 2015-04-27 06:04 - 00000440 _____ () C:\WINDOWS\Tasks\Client.job
C:\Program Files\user extensions\Client.exe
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad++\Notepad++ParamProxy.exe"
EmptyTemp:

How Can I Reduce My Risk to Malware?


#10 fcapuno

fcapuno
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 04 May 2015 - 05:52 PM

FRST Fix Done!

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2015 01
Ran by Owner at 2015-05-04 15:39:56 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
2015-04-21 06:04 - 2015-04-27 06:04 - 00000440 _____ () C:\WINDOWS\Tasks\Client.job
C:\Program Files\user extensions\Client.exe
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad++\Notepad++ParamProxy.exe"
EmptyTemp:
*****************

C:\WINDOWS\Tasks\Client.job => Moved successfully.
C:\Program Files\user extensions\Client.exe => Moved successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\notepad.exe" => Key deleted successfully.
EmptyTemp: => Removed 1.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 15:43:08 ====



#11 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:11 AM

Posted 04 May 2015 - 08:28 PM

ok. Good. Heres a link for another Windows Update troubleshooter. Might do the same thing the "fixit" tool did, not sure:

 

http://www.majorgeeks.com/files/details/windows_update_troubleshooter.html


How Can I Reduce My Risk to Malware?


#12 fcapuno

fcapuno
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 04 May 2015 - 10:33 PM

It's a Diagcab File and thus doesn't work on XP. Diagcabs look like they were designed for Vista and up. I did run System File Checker though, but nothing had changed.



#13 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:11 AM

Posted 05 May 2015 - 05:07 PM

The updates download ok but fail to install themselves? Do you have a XP install disc? A restore partition?

Do you have antivirus installed on the machine? I dont see one installed unless I missed it.

 

I missed this last go around. Make a new fixlist.txt and run it like before for these items delow

And post the fixlog.txt

S2 axaoegc; "C:\Documents and Settings\All Users\Application Data\websmartapp\1.1.0.30\aaopwsa.exe" -scm [X]
S2 boemcee; "C:\Documents and Settings\All Users\Application Data\websmartapp\1.1.0.30\aaopasa.exe" /ts2=1 [X]
2015-04-21 06:04 - 2015-04-21 06:04 - 0000064 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\02dbed73cfcd51c4663d2ee72e04b9f2
2013-09-18 12:50 - 2013-09-18 12:50 - 0003584 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-19 21:42 - 2013-07-19 21:42 - 0001007 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\gcs.pref


How Can I Reduce My Risk to Malware?


#14 fcapuno

fcapuno
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 05 May 2015 - 10:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2015 01
Ran by Owner at 2015-05-05 20:14:59 Run:2
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
S2 axaoegc; "C:\Documents and Settings\All Users\Application Data\websmartapp\1.1.0.30\aaopwsa.exe" -scm [X]
S2 boemcee; "C:\Documents and Settings\All Users\Application Data\websmartapp\1.1.0.30\aaopasa.exe" /ts2=1 [X]
2015-04-21 06:04 - 2015-04-21 06:04 - 0000064 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\02dbed73cfcd51c4663d2ee72e04b9f2
2013-09-18 12:50 - 2013-09-18 12:50 - 0003584 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-19 21:42 - 2013-07-19 21:42 - 0001007 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\gcs.pref
*****************

axaoegc => Service deleted successfully.
boemcee => Service deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\02dbed73cfcd51c4663d2ee72e04b9f2 => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\gcs.pref => Moved successfully.

==== End of Fixlog 20:14:59 ====

 

 

 

For the questions:

  • The laptop is a hand-me-down that had no anti-virus installed and clearly needed fixing when I received it due to the problems mentioned in the first post. The previous owner had noted how slow it was compared to how it was a few weeks ago but didn't find anything particularly wrong with it before replacing it and giving it to me as I often used it for school anyway and many of the documents were mine. I took the liberty of taking a look which led me to finding GeniusBar in the first place without ever seeing any evidence of it outside of malware scans. I figured there was more and this wasn't a case I could deal with on my own, thus why I'm here.
  • I do have several discs for XP. I used one when System File Checker prompted for it. I wasn't entirely sure what it had repaired, but the slowness problem hadn't changed, and neither did the situation with WU.
  • From what I can tell, the updates DO download but fail to install. I'm not entirely sure though. It's been a long time since I've had to work with XP.


#15 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:11 AM

Posted 06 May 2015 - 05:46 PM

Does it seem any faster since we have removed some stuff with FRST?  Does a updated malwarebytes come up clean after a scan?

So does it have a anitivirus installed on it now, because it looks like it dosnt.

 

Have you considered doing a resetting back to its factory defaults, might be a option in a boot screen. Or reformatting and reinstalling Windows itself, providing you have installation media.

Of course you would have to pull off any content you created unless you didnt care about losing it.

A reset back to factory defaults or a complete reinstall of Windows would probably do wonders.

 


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users