Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

search redirects; tdsskiller won't run

Started by jamie829 , Jul 11 2011 02:51 PM

  • This topic is locked This topic is locked

#1
jamie829
Posted 11 July 2011 - 02:51 PM

jamie829

    Member

  • Member
  • PipPip
  • 18 posts
Apparently have a search redirect virus. Internet running slow, browser constantly redirects. I read about the malware removal guides on this site and tried to follow this guide: http://www.geekstogo...ogle-redirects/, but can't get tdsskiller to run, and can't resolve the problem.
The results of my OTL scan are pasted below.

TIA

OTL logfile created on: 7/11/2011 4:28:20 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 50.11% Memory free
2.11 Gb Paging File | 1.57 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 18.26 Gb Free Space | 49.08% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wentxp.exe (WinEncrypt)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (wencrservice) -- C:\WINDOWS\System32\wentxp.exe (WinEncrypt)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110711.003\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110711.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WENCRNT4) -- C:\WINDOWS\system32\drivers\WENCRNT4.sys ()
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (N100) -- C:\WINDOWS\system32\drivers\n100325.sys (Compaq Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.moment...10101074100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.moment...10101074100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Documents and Settings\Eric\My Documents\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Documents and Settings\Eric\My Documents\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 09:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:55:27 | 000,000,000 | ---D | M]

[2009/06/24 09:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/11 14:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qo7b9gu.default\extensions
[2011/02/02 11:49:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qo7b9gu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/11 14:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/26 09:07:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/04 16:31:32 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/01/26 12:32:34 | 000,002,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/07/11 15:48:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244477265281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1244477256875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8125.2855324074 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = _________.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2017/05/18 12:19:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2017/05/18 12:51:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData
[2017/05/18 12:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2017/05/18 12:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2017/05/18 12:41:32 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2017/05/18 12:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2017/05/18 12:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2017/05/18 12:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2017/05/18 12:32:28 | 000,000,000 | ---D | C] -- C:\dell
[2017/05/18 12:30:58 | 000,446,464 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
[2017/05/18 12:30:57 | 000,328,480 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
[2017/05/18 12:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2017/05/18 12:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2017/05/18 12:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2017/05/18 12:24:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2017/05/18 12:23:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2017/05/18 12:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2017/05/18 12:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2017/05/18 12:22:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2017/05/18 12:22:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2017/05/18 12:22:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2017/05/18 12:22:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2017/05/18 12:22:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2017/05/18 12:22:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2017/05/18 12:22:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2017/05/18 12:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2017/05/18 12:22:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2017/05/18 12:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2017/05/18 12:21:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2017/05/18 12:21:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2017/05/18 12:19:56 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2017/05/18 12:18:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2017/05/18 12:18:10 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2017/05/18 12:18:10 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2017/05/18 12:17:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2017/05/18 12:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2017/05/18 12:17:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2017/05/18 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2017/05/18 12:17:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2017/05/18 12:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2017/05/18 12:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2017/05/18 12:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2017/05/18 12:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2017/05/18 12:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2017/05/18 12:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2017/05/18 12:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2017/05/18 12:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2017/05/18 12:16:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2017/05/18 12:16:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2017/05/18 12:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2017/05/18 12:16:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2017/05/18 12:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2017/05/18 12:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2017/05/18 12:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2017/05/18 12:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2017/05/18 12:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2017/05/18 12:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2017/05/18 12:15:58 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2017/05/18 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2017/05/18 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2017/05/18 12:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2017/05/18 12:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2017/05/18 12:15:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2017/05/18 12:14:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2017/05/17 13:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2017/05/17 13:28:13 | 000,000,000 | R--D | C] -- C:\Program Files
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2017/05/17 13:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Templates
[2017/05/17 13:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2017/05/17 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2017/05/17 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2017/05/17 13:27:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2017/05/17 13:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Application Data
[2017/05/17 13:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2017/05/17 13:23:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2017/05/17 13:23:30 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2017/05/17 13:23:30 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/11 16:24:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/11 16:22:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 15:03:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/11 14:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/07/11 13:54:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/11 13:52:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/07/11 13:52:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/07/11 09:33:08 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/07/06 12:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/06 12:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/06 12:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/07/06 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/06 09:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/07/05 16:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/07/05 16:44:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/07/05 16:44:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/07/05 10:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

========== Files - Modified Within 30 Days ==========

[2017/05/18 12:23:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2017/05/18 12:22:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2017/05/18 12:21:33 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2017/05/18 12:19:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2017/05/18 12:19:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2017/05/18 12:19:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2017/05/18 12:19:00 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2017/05/18 12:16:31 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/11 16:27:33 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\problem.rtf
[2011/07/11 16:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/11 15:48:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/11 14:49:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 13:52:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/07/11 13:52:25 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/07/11 09:09:15 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/08 14:20:45 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/08 14:20:45 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/06 13:32:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/07/05 12:53:25 | 000,011,078 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/05 09:12:15 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16310052
[2011/07/05 09:12:15 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16310052r
[2011/07/05 09:11:37 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16310052
[2011/07/05 09:07:31 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/01 16:48:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/27 17:29:38 | 000,000,229 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2017/05/18 12:32:51 | 000,063,876 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2017/05/18 12:32:51 | 000,061,799 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2017/05/18 12:32:51 | 000,061,701 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2017/05/18 12:32:51 | 000,061,144 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2017/05/18 12:32:51 | 000,060,785 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2017/05/18 12:32:51 | 000,060,209 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2017/05/18 12:32:51 | 000,059,816 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2017/05/18 12:32:51 | 000,058,834 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2017/05/18 12:32:51 | 000,058,223 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2017/05/18 12:32:51 | 000,057,049 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2017/05/18 12:23:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2017/05/18 12:23:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2017/05/18 12:22:54 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2017/05/18 12:22:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2017/05/18 12:22:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2017/05/18 12:21:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2017/05/18 12:20:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2017/05/18 12:20:35 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2017/05/18 12:20:28 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2017/05/18 12:20:27 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2017/05/18 12:20:26 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2017/05/18 12:20:17 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2017/05/18 12:20:12 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2017/05/18 12:19:58 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2017/05/18 12:19:13 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2017/05/18 12:19:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2017/05/18 12:19:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2017/05/18 12:19:11 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2017/05/18 12:19:11 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2017/05/18 12:19:11 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2017/05/18 12:17:51 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2017/05/18 12:17:26 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2017/05/18 12:17:25 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2017/05/18 12:17:25 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2017/05/18 12:17:20 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2017/05/18 12:16:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2017/05/18 12:15:47 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2017/05/18 12:15:47 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2017/05/18 12:15:46 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2017/05/18 12:15:38 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2017/05/17 13:28:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2017/05/17 13:28:14 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2017/05/17 13:28:14 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2017/05/17 13:28:13 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2017/05/17 13:28:13 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2017/05/17 13:28:02 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2017/05/17 13:27:53 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2017/05/17 13:27:53 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2017/05/17 13:27:53 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2017/05/17 13:27:53 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2017/05/17 13:27:53 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2017/05/17 13:27:53 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2017/05/17 13:27:53 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2017/05/17 13:27:53 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2017/05/17 13:27:53 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2017/05/17 13:27:53 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2017/05/17 13:27:53 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2017/05/17 13:27:53 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2017/05/17 13:27:53 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2017/05/17 13:27:19 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2017/05/17 13:26:32 | 000,000,281 | RHS- | C] () -- C:\boot.ini
[2017/05/17 13:26:29 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/11 16:27:33 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\problem.rtf
[2011/07/05 16:38:40 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
[2011/07/05 09:54:53 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/05 09:54:52 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/07/05 09:54:51 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/05 09:54:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/07/05 09:12:15 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16310052r
[2011/07/05 09:12:14 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16310052
[2011/07/05 09:11:37 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16310052
[2011/07/01 16:31:25 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/07 11:27:09 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2011/06/07 11:26:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SDConfig.dll
[2011/05/27 13:12:32 | 000,004,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/17 12:48:06 | 000,010,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3r55o4iu38cp6m5y1371t6bgnvmx46q6
[2011/04/21 14:55:21 | 000,052,068 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/18 16:17:33 | 000,001,598 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3d7k4f634w266c7
[2011/03/28 11:39:26 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\clspskey.dll
[2010/09/23 16:46:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/16 15:06:06 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WENCRNT4.sys
[2010/05/27 15:11:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/02 12:44:38 | 000,009,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3330083627
[2010/04/02 12:43:37 | 000,009,970 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1526028726
[2010/04/02 12:42:01 | 000,012,830 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 12:42:01 | 000,001,284 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/03/31 14:51:55 | 000,016,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7VJ5
[2010/02/09 15:16:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hlepogo.bin
[2010/02/09 15:16:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzorifino.dat
[2010/02/09 15:10:49 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat
[2009/10/26 11:14:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/06/12 15:50:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/12 15:50:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/12 15:50:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/08/18 14:59:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/25 18:09:14 | 000,001,018 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/07/03 15:21:37 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2008/06/05 12:06:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/04 19:28:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/04 15:01:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/05/18 12:54:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 10:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 10:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/02/01 13:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aCpEkEn15400
[2011/02/03 12:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gJjPeGp05200
[2010/04/02 14:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/06 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 11 July 2011 - 02:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you try this for starters

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/07/05 09:54:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
    [2011/07/05 09:12:15 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16310052r
    [2011/07/05 09:12:14 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16310052
    [2011/07/05 09:11:37 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16310052
    [2011/05/27 13:12:32 | 000,004,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
    [2011/05/17 12:48:06 | 000,010,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3r55o4iu38cp6m5y1371t6bgnvmx46q6
    [2011/04/18 16:17:33 | 000,001,598 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3d7k4f634w266c7
    [2010/04/02 12:44:38 | 000,009,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3330083627
    [2010/04/02 12:43:37 | 000,009,970 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1526028726
    [2010/04/02 12:42:01 | 000,012,830 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\LK2mfPE2j
    [2010/04/02 12:42:01 | 000,001,284 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
    [2010/03/31 14:51:55 | 000,016,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7VJ5
    [2010/02/09 15:16:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hlepogo.bin
    [2010/02/09 15:16:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzorifino.dat
    [2010/02/09 15:10:49 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat
    [2011/02/01 13:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aCpEkEn15400
    [2011/02/03 12:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gJjPeGp05200

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
jamie829
Posted 12 July 2011 - 08:30 AM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks Essex. I followed your directions and will post the logs below. One other thing I was reminded of (I noticed this in the OTL log) is that even before the current search redirect manifested itself, I had a problem with search.momentlook.com. It wasn't a pop up or really interfering with performance, but whenever I would type a term in the firefox address bar, rather than an actual internet address, I would be directed to the proper website. For example, if I typed "geekstogo" instead of Geekstogo.com, I would likely end up at the correct website anyway. But strangely, this search.momentlook.com stopped that function and would instead take me to a search result list from momentlook search. I didn't think it was a big deal, just figured a setting somehow got changed, but now that I notice it in the OTL log I am reminded of it. Thanks again.

OTL:
OTL logfile created on: 7/12/2011 9:58:06 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 67.14% Memory free
2.11 Gb Paging File | 1.79 Gb Available in Paging File | 84.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 18.48 Gb Free Space | 49.65% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wentxp.exe (WinEncrypt)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (wencrservice) -- C:\WINDOWS\System32\wentxp.exe (WinEncrypt)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110711.003\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110711.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WENCRNT4) -- C:\WINDOWS\system32\drivers\WENCRNT4.sys ()
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (N100) -- C:\WINDOWS\system32\drivers\n100325.sys (Compaq Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.moment...10101074100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.moment...10101074100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Documents and Settings\Eric\My Documents\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Documents and Settings\Eric\My Documents\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 09:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:55:27 | 000,000,000 | ---D | M]

[2009/06/24 09:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/11 14:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qo7b9gu.default\extensions
[2011/02/02 11:49:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qo7b9gu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/11 14:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/26 09:07:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/04 16:31:32 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/01/26 12:32:34 | 000,002,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/07/12 09:42:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244477265281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1244477256875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8125.2855324074 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ______.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2017/05/18 12:19:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2017/05/18 12:51:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData
[2017/05/18 12:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2017/05/18 12:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2017/05/18 12:41:59 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2017/05/18 12:41:58 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2017/05/18 12:41:57 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2017/05/18 12:41:56 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2017/05/18 12:41:56 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2017/05/18 12:41:55 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2017/05/18 12:41:54 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2017/05/18 12:41:52 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2017/05/18 12:41:35 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2017/05/18 12:41:35 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2017/05/18 12:41:35 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2017/05/18 12:41:35 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2017/05/18 12:41:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2017/05/18 12:41:32 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2017/05/18 12:41:32 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2017/05/18 12:41:32 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2017/05/18 12:41:32 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2017/05/18 12:41:32 | 000,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2017/05/18 12:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2017/05/18 12:39:52 | 000,043,136 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys
[2017/05/18 12:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2017/05/18 12:34:55 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2017/05/18 12:32:51 | 001,851,392 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2017/05/18 12:32:51 | 000,909,312 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2017/05/18 12:32:51 | 000,499,712 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2017/05/18 12:32:51 | 000,486,978 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2017/05/18 12:32:51 | 000,319,488 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2017/05/18 12:32:51 | 000,221,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll
[2017/05/18 12:32:51 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2017/05/18 12:32:51 | 000,197,371 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2017/05/18 12:32:51 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll
[2017/05/18 12:32:51 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2017/05/18 12:32:51 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2017/05/18 12:32:51 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2017/05/18 12:32:51 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2017/05/18 12:32:51 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2017/05/18 12:32:51 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2017/05/18 12:32:51 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2017/05/18 12:32:51 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2017/05/18 12:32:51 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2017/05/18 12:32:51 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2017/05/18 12:32:51 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe
[2017/05/18 12:32:51 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll
[2017/05/18 12:32:51 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2017/05/18 12:32:51 | 000,117,308 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2017/05/18 12:32:51 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2017/05/18 12:32:51 | 000,094,267 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2017/05/18 12:32:51 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2017/05/18 12:32:51 | 000,065,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v3691.dll
[2017/05/18 12:32:51 | 000,046,647 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a304.sys
[2017/05/18 12:32:51 | 000,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll
[2017/05/18 12:32:51 | 000,037,431 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a313.sys
[2017/05/18 12:32:51 | 000,036,927 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2017/05/18 12:32:51 | 000,033,847 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301b.sys
[2017/05/18 12:32:51 | 000,033,847 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301a.sys
[2017/05/18 12:32:51 | 000,033,335 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a311.sys
[2017/05/18 12:32:51 | 000,033,335 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a310.sys
[2017/05/18 12:32:51 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2017/05/18 12:32:51 | 000,029,751 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a303.sys
[2017/05/18 12:32:51 | 000,026,167 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a309.sys
[2017/05/18 12:32:51 | 000,021,559 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a307.sys
[2017/05/18 12:32:51 | 000,021,045 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\vch.sys
[2017/05/18 12:32:51 | 000,016,951 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a306.sys
[2017/05/18 12:32:51 | 000,012,855 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a305.sys
[2017/05/18 12:32:51 | 000,011,831 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a302.sys
[2017/05/18 12:32:51 | 000,011,319 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a314.sys
[2017/05/18 12:32:51 | 000,011,319 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a308.sys
[2017/05/18 12:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2017/05/18 12:32:28 | 000,000,000 | ---D | C] -- C:\dell
[2017/05/18 12:30:58 | 000,446,464 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
[2017/05/18 12:30:57 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2017/05/18 12:30:57 | 000,328,480 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
[2017/05/18 12:30:57 | 000,176,128 | ---- | C] (Dell Computer Corporation) -- C:\WINDOWS\System32\RcdScan.dll
[2017/05/18 12:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2017/05/18 12:30:56 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2017/05/18 12:30:55 | 000,013,632 | ---- | C] (Dell Computer Corporation) -- C:\WINDOWS\System32\drivers\omci.sys
[2017/05/18 12:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2017/05/18 12:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2017/05/18 12:24:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2017/05/18 12:23:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2017/05/18 12:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2017/05/18 12:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2017/05/18 12:22:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2017/05/18 12:22:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2017/05/18 12:22:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2017/05/18 12:22:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2017/05/18 12:22:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2017/05/18 12:22:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2017/05/18 12:22:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2017/05/18 12:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2017/05/18 12:22:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2017/05/18 12:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2017/05/18 12:21:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2017/05/18 12:21:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2017/05/18 12:21:22 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2017/05/18 12:21:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2017/05/18 12:21:22 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2017/05/18 12:21:21 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2017/05/18 12:21:21 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2017/05/18 12:21:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2017/05/18 12:21:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2017/05/18 12:21:19 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2017/05/18 12:21:19 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2017/05/18 12:21:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2017/05/18 12:21:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2017/05/18 12:21:18 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2017/05/18 12:21:18 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2017/05/18 12:21:17 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2017/05/18 12:21:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2017/05/18 12:21:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2017/05/18 12:21:15 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2017/05/18 12:21:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2017/05/18 12:21:14 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2017/05/18 12:21:14 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2017/05/18 12:21:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2017/05/18 12:21:14 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2017/05/18 12:21:14 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2017/05/18 12:21:13 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2017/05/18 12:21:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2017/05/18 12:21:11 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2017/05/18 12:21:10 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2017/05/18 12:21:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2017/05/18 12:21:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2017/05/18 12:21:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2017/05/18 12:21:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2017/05/18 12:21:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2017/05/18 12:21:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2017/05/18 12:21:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2017/05/18 12:21:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2017/05/18 12:21:07 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2017/05/18 12:21:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2017/05/18 12:21:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2017/05/18 12:21:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2017/05/18 12:21:07 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2017/05/18 12:21:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2017/05/18 12:21:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2017/05/18 12:21:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2017/05/18 12:21:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2017/05/18 12:21:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2017/05/18 12:21:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2017/05/18 12:21:07 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2017/05/18 12:21:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2017/05/18 12:21:03 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2017/05/18 12:21:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2017/05/18 12:21:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2017/05/18 12:21:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2017/05/18 12:21:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2017/05/18 12:21:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2017/05/18 12:21:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2017/05/18 12:21:00 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2017/05/18 12:21:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2017/05/18 12:20:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2017/05/18 12:20:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2017/05/18 12:20:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2017/05/18 12:20:56 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2017/05/18 12:20:56 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2017/05/18 12:20:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2017/05/18 12:20:56 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2017/05/18 12:20:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2017/05/18 12:20:55 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2017/05/18 12:20:55 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2017/05/18 12:20:55 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2017/05/18 12:20:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2017/05/18 12:20:54 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2017/05/18 12:20:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2017/05/18 12:20:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2017/05/18 12:20:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2017/05/18 12:20:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2017/05/18 12:20:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2017/05/18 12:20:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2017/05/18 12:20:49 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2017/05/18 12:20:45 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2017/05/18 12:20:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2017/05/18 12:20:39 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2017/05/18 12:20:39 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2017/05/18 12:20:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2017/05/18 12:20:38 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2017/05/18 12:20:37 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2017/05/18 12:20:35 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2017/05/18 12:20:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2017/05/18 12:20:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2017/05/18 12:20:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2017/05/18 12:20:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2017/05/18 12:20:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2017/05/18 12:20:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2017/05/18 12:20:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2017/05/18 12:20:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2017/05/18 12:20:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2017/05/18 12:20:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2017/05/18 12:20:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2017/05/18 12:20:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2017/05/18 12:20:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2017/05/18 12:20:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2017/05/18 12:20:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2017/05/18 12:20:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2017/05/18 12:20:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2017/05/18 12:20:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2017/05/18 12:20:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2017/05/18 12:20:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2017/05/18 12:20:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2017/05/18 12:20:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2017/05/18 12:20:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2017/05/18 12:20:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2017/05/18 12:20:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2017/05/18 12:20:31 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2017/05/18 12:20:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2017/05/18 12:20:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2017/05/18 12:20:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2017/05/18 12:20:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2017/05/18 12:20:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2017/05/18 12:20:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2017/05/18 12:20:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2017/05/18 12:20:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2017/05/18 12:20:29 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2017/05/18 12:20:28 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2017/05/18 12:20:28 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2017/05/18 12:20:28 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2017/05/18 12:20:28 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2017/05/18 12:20:28 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2017/05/18 12:20:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2017/05/18 12:20:28 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2017/05/18 12:20:27 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2017/05/18 12:20:27 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2017/05/18 12:20:27 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2017/05/18 12:20:27 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2017/05/18 12:20:27 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2017/05/18 12:20:27 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2017/05/18 12:20:27 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2017/05/18 12:20:27 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2017/05/18 12:20:26 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2017/05/18 12:20:26 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2017/05/18 12:20:26 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2017/05/18 12:20:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2017/05/18 12:20:26 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2017/05/18 12:20:26 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2017/05/18 12:20:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2017/05/18 12:20:26 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2017/05/18 12:20:25 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2017/05/18 12:20:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2017/05/18 12:20:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2017/05/18 12:20:25 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2017/05/18 12:20:21 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2017/05/18 12:20:14 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2017/05/18 12:20:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2017/05/18 12:20:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2017/05/18 12:20:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2017/05/18 12:20:10 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2017/05/18 12:20:10 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2017/05/18 12:20:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2017/05/18 12:20:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2017/05/18 12:20:08 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2017/05/18 12:20:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2017/05/18 12:20:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2017/05/18 12:20:07 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2017/05/18 12:20:07 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2017/05/18 12:20:07 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2017/05/18 12:20:07 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2017/05/18 12:20:06 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2017/05/18 12:20:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2017/05/18 12:20:01 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2017/05/18 12:20:01 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2017/05/18 12:20:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2017/05/18 12:20:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2017/05/18 12:20:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2017/05/18 12:19:58 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2017/05/18 12:19:58 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2017/05/18 12:19:58 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2017/05/18 12:19:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2017/05/18 12:19:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2017/05/18 12:19:57 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2017/05/18 12:19:57 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2017/05/18 12:19:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2017/05/18 12:19:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2017/05/18 12:19:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2017/05/18 12:19:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2017/05/18 12:19:56 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2017/05/18 12:19:56 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2017/05/18 12:19:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2017/05/18 12:19:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2017/05/18 12:19:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2017/05/18 12:19:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2017/05/18 12:19:53 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2017/05/18 12:19:53 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2017/05/18 12:19:53 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2017/05/18 12:19:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2017/05/18 12:19:52 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2017/05/18 12:19:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2017/05/18 12:19:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2017/05/18 12:19:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2017/05/18 12:19:47 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2017/05/18 12:19:47 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2017/05/18 12:19:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2017/05/18 12:19:42 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2017/05/18 12:19:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2017/05/18 12:19:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2017/05/18 12:19:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2017/05/18 12:19:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2017/05/18 12:19:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2017/05/18 12:19:00 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2017/05/18 12:18:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2017/05/18 12:18:10 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2017/05/18 12:18:10 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2017/05/18 12:17:52 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2017/05/18 12:17:51 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2017/05/18 12:17:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2017/05/18 12:17:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2017/05/18 12:17:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2017/05/18 12:17:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2017/05/18 12:17:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2017/05/18 12:17:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2017/05/18 12:17:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2017/05/18 12:17:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2017/05/18 12:17:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2017/05/18 12:17:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2017/05/18 12:17:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2017/05/18 12:17:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2017/05/18 12:17:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2017/05/18 12:17:27 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2017/05/18 12:17:27 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2017/05/18 12:17:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2017/05/18 12:17:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2017/05/18 12:17:26 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2017/05/18 12:17:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2017/05/18 12:17:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2017/05/18 12:17:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2017/05/18 12:17:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2017/05/18 12:17:20 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2017/05/18 12:17:20 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2017/05/18 12:17:20 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2017/05/18 12:17:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2017/05/18 12:17:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2017/05/18 12:17:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2017/05/18 12:17:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2017/05/18 12:17:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2017/05/18 12:17:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2017/05/18 12:17:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2017/05/18 12:17:18 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2017/05/18 12:17:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2017/05/18 12:17:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2017/05/18 12:17:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2017/05/18 12:17:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2017/05/18 12:17:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2017/05/18 12:17:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2017/05/18 12:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2017/05/18 12:17:16 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2017/05/18 12:17:16 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2017/05/18 12:17:15 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2017/05/18 12:17:15 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2017/05/18 12:17:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2017/05/18 12:17:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2017/05/18 12:17:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2017/05/18 12:17:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2017/05/18 12:17:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2017/05/18 12:17:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2017/05/18 12:17:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2017/05/18 12:17:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2017/05/18 12:17:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2017/05/18 12:17:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2017/05/18 12:17:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2017/05/18 12:17:14 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2017/05/18 12:17:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2017/05/18 12:17:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2017/05/18 12:17:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2017/05/18 12:17:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2017/05/18 12:17:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2017/05/18 12:17:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2017/05/18 12:17:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2017/05/18 12:17:14 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2017/05/18 12:17:14 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2017/05/18 12:17:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2017/05/18 12:17:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2017/05/18 12:17:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2017/05/18 12:17:13 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2017/05/18 12:17:13 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2017/05/18 12:17:13 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2017/05/18 12:17:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2017/05/18 12:17:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2017/05/18 12:17:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2017/05/18 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2017/05/18 12:17:12 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2017/05/18 12:17:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2017/05/18 12:17:12 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2017/05/18 12:17:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2017/05/18 12:17:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2017/05/18 12:17:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2017/05/18 12:17:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2017/05/18 12:17:10 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2017/05/18 12:17:10 | 000,726,078 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2017/05/18 12:17:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2017/05/18 12:17:09 | 001,669,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2017/05/18 12:17:09 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2017/05/18 12:17:09 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2017/05/18 12:17:09 | 000,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2017/05/18 12:17:09 | 000,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2017/05/18 12:17:09 | 000,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2017/05/18 12:17:09 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2017/05/18 12:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2017/05/18 12:17:08 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2017/05/18 12:17:08 | 000,565,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2017/05/18 12:17:08 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2017/05/18 12:17:08 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2017/05/18 12:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2017/05/18 12:17:07 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2017/05/18 12:17:07 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2017/05/18 12:17:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2017/05/18 12:17:05 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2017/05/18 12:17:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2017/05/18 12:17:05 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2017/05/18 12:17:05 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2017/05/18 12:17:05 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2017/05/18 12:17:05 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2017/05/18 12:17:05 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2017/05/18 12:17:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2017/05/18 12:17:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2017/05/18 12:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2017/05/18 12:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2017/05/18 12:17:04 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2017/05/18 12:17:04 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2017/05/18 12:17:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2017/05/18 12:17:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2017/05/18 12:17:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2017/05/18 12:17:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2017/05/18 12:17:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2017/05/18 12:17:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2017/05/18 12:17:04 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2017/05/18 12:17:04 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2017/05/18 12:17:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2017/05/18 12:17:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2017/05/18 12:17:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2017/05/18 12:17:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2017/05/18 12:17:04 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2017/05/18 12:17:03 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2017/05/18 12:17:03 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2017/05/18 12:17:03 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2017/05/18 12:17:03 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2017/05/18 12:17:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2017/05/18 12:17:03 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2017/05/18 12:17:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2017/05/18 12:17:03 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2017/05/18 12:17:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2017/05/18 12:17:03 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2017/05/18 12:17:03 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2017/05/18 12:17:02 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2017/05/18 12:17:02 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2017/05/18 12:17:02 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2017/05/18 12:17:02 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2017/05/18 12:17:02 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2017/05/18 12:17:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2017/05/18 12:17:02 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2017/05/18 12:17:02 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2017/05/18 12:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2017/05/18 12:17:01 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2017/05/18 12:17:01 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2017/05/18 12:17:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2017/05/18 12:17:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2017/05/18 12:17:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2017/05/18 12:17:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2017/05/18 12:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2017/05/18 12:16:58 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2017/05/18 12:16:58 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2017/05/18 12:16:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2017/05/18 12:16:58 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2017/05/18 12:16:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2017/05/18 12:16:58 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2017/05/18 12:16:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2017/05/18 12:16:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2017/05/18 12:16:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2017/05/18 12:16:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2017/05/18 12:16:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2017/05/18 12:16:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2017/05/18 12:16:57 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2017/05/18 12:16:57 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2017/05/18 12:16:57 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2017/05/18 12:16:57 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2017/05/18 12:16:57 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2017/05/18 12:16:57 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2017/05/18 12:16:57 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2017/05/18 12:16:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2017/05/18 12:16:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2017/05/18 12:16:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2017/05/18 12:16:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2017/05/18 12:16:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2017/05/18 12:16:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2017/05/18 12:16:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2017/05/18 12:16:57 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2017/05/18 12:16:57 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2017/05/18 12:16:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2017/05/18 12:16:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2017/05/18 12:16:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2017/05/18 12:16:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2017/05/18 12:16:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2017/05/18 12:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2017/05/18 12:16:56 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2017/05/18 12:16:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2017/05/18 12:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2017/05/18 12:16:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2017/05/18 12:16:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2017/05/18 12:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2017/05/18 12:16:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2017/05/18 12:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2017/05/18 12:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2017/05/18 12:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2017/05/18 12:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2017/05/18 12:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2017/05/18 12:16:03 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2017/05/18 12:16:02 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2017/05/18 12:16:02 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2017/05/18 12:16:02 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2017/05/18 12:16:02 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2017/05/18 12:16:02 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2017/05/18 12:16:02 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2017/05/18 12:16:02 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2017/05/18 12:16:02 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2017/05/18 12:16:02 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2017/05/18 12:16:02 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2017/05/18 12:16:02 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2017/05/18 12:16:02 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2017/05/18 12:16:01 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2017/05/18 12:16:01 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2017/05/18 12:16:01 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2017/05/18 12:16:01 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2017/05/18 12:16:01 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2017/05/18 12:16:01 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2017/05/18 12:16:01 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2017/05/18 12:16:01 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2017/05/18 12:16:00 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2017/05/18 12:16:00 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2017/05/18 12:16:00 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2017/05/18 12:16:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2017/05/18 12:16:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2017/05/18 12:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2017/05/18 12:15:58 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2017/05/18 12:15:54 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2017/05/18 12:15:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2017/05/18 12:15:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2017/05/18 12:15:54 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2017/05/18 12:15:54 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2017/05/18 12:15:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2017/05/18 12:15:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2017/05/18 12:15:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2017/05/18 12:15:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2017/05/18 12:15:53 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2017/05/18 12:15:53 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2017/05/18 12:15:53 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2017/05/18 12:15:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2017/05/18 12:15:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2017/05/18 12:15:53 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2017/05/18 12:15:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2017/05/18 12:15:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2017/05/18 12:15:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2017/05/18 12:15:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2017/05/18 12:15:53 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2017/05/18 12:15:48 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2017/05/18 12:15:48 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2017/05/18 12:15:48 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2017/05/18 12:15:48 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2017/05/18 12:15:48 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2017/05/18 12:15:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2017/05/18 12:15:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2017/05/18 12:15:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2017/05/18 12:15:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2017/05/18 12:15:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2017/05/18 12:15:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2017/05/18 12:15:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2017/05/18 12:15:47 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2017/05/18 12:15:47 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2017/05/18 12:15:47 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2017/05/18 12:15:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2017/05/18 12:15:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2017/05/18 12:15:47 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2017/05/18 12:15:47 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2017/05/18 12:15:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2017/05/18 12:15:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2017/05/18 12:15:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2017/05/18 12:15:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2017/05/18 12:15:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2017/05/18 12:15:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2017/05/18 12:15:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2017/05/18 12:15:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2017/05/18 12:15:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2017/05/18 12:15:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2017/05/18 12:15:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2017/05/18 12:15:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2017/05/18 12:15:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2017/05/18 12:15:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2017/05/18 12:15:47 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2017/05/18 12:15:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2017/05/18 12:15:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2017/05/18 12:15:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2017/05/18 12:15:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2017/05/18 12:15:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2017/05/18 12:15:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2017/05/18 12:15:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2017/05/18 12:15:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2017/05/18 12:15:46 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2017/05/18 12:15:46 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2017/05/18 12:15:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2017/05/18 12:15:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2017/05/18 12:15:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2017/05/18 12:15:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2017/05/18 12:15:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2017/05/18 12:15:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2017/05/18 12:15:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2017/05/18 12:15:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2017/05/18 12:15:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2017/05/18 12:15:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2017/05/18 12:15:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2017/05/18 12:15:45 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2017/05/18 12:15:45 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2017/05/18 12:15:45 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2017/05/18 12:15:45 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2017/05/18 12:15:45 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2017/05/18 12:15:45 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2017/05/18 12:15:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2017/05/18 12:15:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2017/05/18 12:15:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2017/05/18 12:15:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2017/05/18 12:15:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2017/05/18 12:15:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2017/05/18 12:15:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2017/05/18 12:15:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2017/05/18 12:15:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2017/05/18 12:15:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2017/05/18 12:15:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2017/05/18 12:15:44 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2017/05/18 12:15:44 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2017/05/18 12:15:44 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2017/05/18 12:15:44 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2017/05/18 12:15:44 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2017/05/18 12:15:44 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2017/05/18 12:15:44 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2017/05/18 12:15:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2017/05/18 12:15:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2017/05/18 12:15:44 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2017/05/18 12:15:44 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2017/05/18 12:15:44 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2017/05/18 12:15:40 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2017/05/18 12:15:40 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2017/05/18 12:15:40 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2017/05/18 12:15:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2017/05/18 12:15:40 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2017/05/18 12:15:40 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2017/05/18 12:15:40 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2017/05/18 12:15:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2017/05/18 12:15:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2017/05/18 12:15:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2017/05/18 12:15:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2017/05/18 12:15:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2017/05/18 12:15:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2017/05/18 12:15:40 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2017/05/18 12:15:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2017/05/18 12:15:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2017/05/18 12:15:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2017/05/18 12:15:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2017/05/18 12:15:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2017/05/18 12:15:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2017/05/18 12:15:39 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2017/05/18 12:15:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2017/05/18 12:15:39 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2017/05/18 12:15:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2017/05/18 12:15:39 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2017/05/18 12:15:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2017/05/18 12:15:39 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2017/05/18 12:15:39 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2017/05/18 12:15:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2017/05/18 12:15:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2017/05/18 12:15:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2017/05/18 12:15:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2017/05/18 12:15:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2017/05/18 12:15:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2017/05/18 12:15:38 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2017/05/18 12:15:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2017/05/18 12:15:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2017/05/18 12:15:38 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2017/05/18 12:15:38 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2017/05/18 12:15:38 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2017/05/18 12:15:33 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2017/05/18 12:15:33 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2017/05/18 12:15:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2017/05/18 12:15:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2017/05/18 12:15:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2017/05/18 12:15:33 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2017/05/18 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2017/05/18 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2017/05/18 12:15:32 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2017/05/18 12:15:32 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2017/05/18 12:15:32 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2017/05/18 12:15:32 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2017/05/18 12:15:32 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2017/05/18 12:15:32 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2017/05/18 12:15:32 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2017/05/18 12:15:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2017/05/18 12:15:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2017/05/18 12:15:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2017/05/18 12:15:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2017/05/18 12:15:31 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2017/05/18 12:15:31 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2017/05/18 12:15:31 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2017/05/18 12:15:31 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2017/05/18 12:15:31 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2017/05/18 12:15:31 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2017/05/18 12:15:31 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2017/05/18 12:15:31 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2017/05/18 12:15:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2017/05/18 12:15:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2017/05/18 12:15:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2017/05/18 12:15:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2017/05/18 12:15:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2017/05/18 12:15:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2017/05/18 12:15:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2017/05/18 12:15:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2017/05/18 12:15:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2017/05/18 12:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2017/05/18 12:15:30 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2017/05/18 12:15:30 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2017/05/18 12:15:30 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2017/05/18 12:15:30 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2017/05/18 12:15:30 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2017/05/18 12:15:30 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2017/05/18 12:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2017/05/18 12:15:29 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2017/05/18 12:15:29 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2017/05/18 12:15:29 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2017/05/18 12:15:29 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2017/05/18 12:15:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2017/05/18 12:15:29 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2017/05/18 12:15:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2017/05/18 12:15:29 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2017/05/18 12:15:29 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2017/05/18 12:15:29 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2017/05/18 12:15:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2017/05/18 12:15:29 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2017/05/18 12:15:29 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2017/05/18 12:15:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2017/05/18 12:15:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2017/05/18 12:15:28 | 001,358,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2017/05/18 12:15:28 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2017/05/18 12:15:28 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2017/05/18 12:15:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2017/05/18 12:15:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2017/05/18 12:15:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2017/05/18 12:15:21 | 000,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpdr.sys
[2017/05/18 12:15:21 | 000,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termdd.sys
[2017/05/18 12:15:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2017/05/18 12:14:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2017/05/17 13:30:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\audstub.sys
[2017/05/17 13:29:44 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2017/05/17 13:29:33 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\n100325.sys
[2017/05/17 13:29:33 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2017/05/17 13:29:13 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2017/05/17 13:29:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2017/05/17 13:29:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2017/05/17 13:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2017/05/17 13:28:14 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2017/05/17 13:28:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2017/05/17 13:28:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2017/05/17 13:28:13 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2017/05/17 13:28:13 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2017/05/17 13:28:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2017/05/17 13:28:13 | 000,000,000 | R--D | C] -- C:\Program Files
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2017/05/17 13:28:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2017/05/17 13:28:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2017/05/17 13:28:11 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2017/05/17 13:28:11 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2017/05/17 13:28:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2017/05/17 13:28:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2017/05/17 13:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2017/05/17 13:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2017/05/17 13:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2017/05/17 13:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2017/05/17 13:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2017/05/17 13:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2017/05/17 13:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2017/05/17 13:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2017/05/17 13:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2017/05/17 13:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2017/05/17 13:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2017/05/17 13:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2017/05/17 13:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2017/05/17 13:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2017/05/17 13:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2017/05/17 13:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2017/05/17 13:28:09 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2017/05/17 13:28:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2017/05/17 13:28:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2017/05/17 13:28:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2017/05/17 13:28:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2017/05/17 13:28:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2017/05/17 13:28:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2017/05/17 13:28:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2017/05/17 13:28:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2017/05/17 13:28:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2017/05/17 13:28:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2017/05/17 13:28:08 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2017/05/17 13:28:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2017/05/17 13:28:08 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2017/05/17 13:28:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2017/05/17 13:28:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2017/05/17 13:28:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2017/05/17 13:28:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2017/05/17 13:28:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2017/05/17 13:28:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2017/05/17 13:28:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2017/05/17 13:28:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2017/05/17 13:28:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2017/05/17 13:28:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2017/05/17 13:28:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2017/05/17 13:28:07 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2017/05/17 13:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2017/05/17 13:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2017/05/17 13:28:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2017/05/17 13:28:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2017/05/17 13:28:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2017/05/17 13:28:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2017/05/17 13:28:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2017/05/17 13:28:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2017/05/17 13:28:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2017/05/17 13:28:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2017/05/17 13:28:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2017/05/17 13:28:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2017/05/17 13:28:06 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2017/05/17 13:28:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2017/05/17 13:28:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2017/05/17 13:28:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2017/05/17 13:28:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2017/05/17 13:28:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2017/05/17 13:28:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2017/05/17 13:28:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2017/05/17 13:28:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2017/05/17 13:28:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2017/05/17 13:28:04 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2017/05/17 13:28:04 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2017/05/17 13:28:04 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2017/05/17 13:28:04 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2017/05/17 13:28:04 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2017/05/17 13:28:04 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2017/05/17 13:28:04 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2017/05/17 13:28:04 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2017/05/17 13:28:04 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2017/05/17 13:28:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2017/05/17 13:28:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2017/05/17 13:28:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2017/05/17 13:28:04 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2017/05/17 13:28:04 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2017/05/17 13:28:03 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2017/05/17 13:28:03 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2017/05/17 13:28:03 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2017/05/17 13:28:03 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2017/05/17 13:28:03 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2017/05/17 13:28:03 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2017/05/17 13:28:03 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2017/05/17 13:28:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2017/05/17 13:28:03 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2017/05/17 13:28:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2017/05/17 13:28:03 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2017/05/17 13:28:03 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2017/05/17 13:28:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2017/05/17 13:28:03 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2017/05/17 13:28:03 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2017/05/17 13:28:03 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2017/05/17 13:28:03 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2017/05/17 13:28:03 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2017/05/17 13:28:03 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2017/05/17 13:28:02 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2017/05/17 13:28:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2017/05/17 13:28:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\storprop.dll
[2017/05/17 13:28:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2017/05/17 13:28:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2017/05/17 13:28:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2017/05/17 13:28:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2017/05/17 13:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Templates
[2017/05/17 13:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2017/05/17 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2017/05/17 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2017/05/17 13:27:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2017/05/17 13:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Application Data
[2017/05/17 13:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2017/05/17 13:23:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2017/05/17 13:23:30 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2017/05/17 13:23:30 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/11 17:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/07/11 16:24:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/11 16:22:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 15:03:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/11 14:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/07/11 13:54:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/11 13:52:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/07/11 13:52:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/07/11 09:33:08 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/07/06 12:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/06 12:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/06 12:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/07/06 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/06 09:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/07/05 16:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/07/05 16:44:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/07/05 16:44:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/07/05 10:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

========== Files - Modified Within 30 Days ==========

[2017/05/18 12:23:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2017/05/18 12:22:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2017/05/18 12:21:33 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2017/05/18 12:19:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2017/05/18 12:19:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2017/05/18 12:19:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2017/05/18 12:19:00 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2017/05/18 12:16:31 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/12 09:50:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/12 09:42:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/12 09:27:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/07/11 16:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/11 13:52:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/07/11 13:52:25 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/07/11 09:09:15 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/08 14:20:45 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/08 14:20:45 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/05 12:53:25 | 000,011,078 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/05 09:07:31 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/01 16:48:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/27 17:29:38 | 000,000,229 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2017/05/18 12:32:51 | 000,063,876 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2017/05/18 12:32:51 | 000,061,799 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2017/05/18 12:32:51 | 000,061,701 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2017/05/18 12:32:51 | 000,061,144 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2017/05/18 12:32:51 | 000,060,785 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2017/05/18 12:32:51 | 000,060,209 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2017/05/18 12:32:51 | 000,059,816 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2017/05/18 12:32:51 | 000,058,834 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2017/05/18 12:32:51 | 000,058,223 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2017/05/18 12:32:51 | 000,057,049 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2017/05/18 12:23:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2017/05/18 12:23:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2017/05/18 12:22:54 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2017/05/18 12:22:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2017/05/18 12:22:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2017/05/18 12:21:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2017/05/18 12:20:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2017/05/18 12:20:35 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2017/05/18 12:20:28 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2017/05/18 12:20:27 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2017/05/18 12:20:26 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2017/05/18 12:20:17 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2017/05/18 12:20:12 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2017/05/18 12:19:58 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2017/05/18 12:19:13 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2017/05/18 12:19:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2017/05/18 12:19:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2017/05/18 12:19:11 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2017/05/18 12:19:11 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2017/05/18 12:19:11 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2017/05/18 12:17:51 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2017/05/18 12:17:26 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2017/05/18 12:17:25 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2017/05/18 12:17:25 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2017/05/18 12:17:20 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2017/05/18 12:16:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2017/05/18 12:15:47 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2017/05/18 12:15:47 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2017/05/18 12:15:46 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2017/05/18 12:15:38 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2017/05/17 13:28:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2017/05/17 13:28:14 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2017/05/17 13:28:14 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2017/05/17 13:28:13 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2017/05/17 13:28:13 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2017/05/17 13:28:02 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2017/05/17 13:27:53 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2017/05/17 13:27:53 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2017/05/17 13:27:53 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2017/05/17 13:27:53 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2017/05/17 13:27:53 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2017/05/17 13:27:53 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2017/05/17 13:27:53 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2017/05/17 13:27:53 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2017/05/17 13:27:53 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2017/05/17 13:27:53 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2017/05/17 13:27:53 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2017/05/17 13:27:53 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2017/05/17 13:27:53 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2017/05/17 13:27:19 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2017/05/17 13:26:32 | 000,000,281 | RHS- | C] () -- C:\boot.ini
[2017/05/17 13:26:29 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/05 16:38:40 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
[2011/07/05 09:54:53 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/05 09:54:52 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/07/05 09:54:51 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/01 16:31:25 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/07 11:27:09 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2011/06/07 11:26:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SDConfig.dll
[2011/04/21 14:55:21 | 000,052,068 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/28 11:39:26 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\clspskey.dll
[2010/09/23 16:46:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/16 15:06:06 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WENCRNT4.sys
[2010/05/27 15:11:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/26 11:14:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/06/12 15:50:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/12 15:50:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/12 15:50:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/08/18 14:59:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/25 18:09:14 | 000,001,018 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/07/03 15:21:37 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2008/06/05 12:06:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/04 19:28:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/04 15:01:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/05/18 12:54:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 10:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 10:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


ASWMBR:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-12 10:22:43
-----------------------------
10:22:43.437 OS Version: Windows 5.1.2600 Service Pack 3
10:22:43.437 Number of processors: 1 586 0x209
10:22:43.437 ComputerName: ERIC-PC UserName:
10:22:44.000 Initialize success
10:22:57.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:22:57.046 Disk 0 Vendor: ST340014A 3.16 Size: 38146MB BusType: 3
10:22:59.078 Disk 0 MBR read successfully
10:22:59.078 Disk 0 MBR scan
10:22:59.078 Disk 0 Windows XP default MBR code found via API
10:22:59.078 Disk 0 unknown MBR code
10:22:59.078 Disk 0 MBR hidden
10:23:01.078 Disk 0 scanning sectors +78108030
10:23:01.109 Disk 0 malicious Win32:MBRoot code @ sector 78108033 !
10:23:01.109 Disk 0 PE file @ sector 78108055 !
10:23:01.109 Disk 0 MBR [Win32:MBRoot] **ROOTKIT**
10:23:01.109 Disk 0 trace - called modules:
10:23:01.109 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x898bdf16]<<
10:23:01.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89917ab8]
10:23:01.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89903d98]
10:23:01.453 \Driver\atapi[0x89913b30] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x898bdf16
10:23:01.453 Scan finished successfully
10:23:12.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
10:23:12.500 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 12 July 2011 - 10:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets kill two birds with one stone here - once done can you let me know what problems you are having

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..keyword.URL: "http://search.moment...10101074100&s="
    FF - user.js..keyword.URL: "http://search.moment...10101074100&s="
    [2011/01/26 12:32:34 | 000,002,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button
Posted Image

Reboot and re-run aswMBR
Save the log as before and post in your next reply
  • 0

#5
jamie829
Posted 12 July 2011 - 12:30 PM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi Essex,
followed your directions and did the OTL step with no problems. When I got to ASWMPR, it scanned, but when it finished it did not give me the option to FixMBR, only to Fix. So I did neither and just saved the log and attached it here along with the latest OTL log. Still getting the redirects. Thanks.

OTL:

OTL logfile created on: 7/12/2011 2:13:35 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.43% Memory free
2.11 Gb Paging File | 1.59 Gb Available in Paging File | 75.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 18.29 Gb Free Space | 49.16% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wentxp.exe (WinEncrypt)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (wencrservice) -- C:\WINDOWS\System32\wentxp.exe (WinEncrypt)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110712.002\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110712.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WENCRNT4) -- C:\WINDOWS\system32\drivers\WENCRNT4.sys ()
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (N100) -- C:\WINDOWS\system32\drivers\n100325.sys (Compaq Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Documents and Settings\Eric\My Documents\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Documents and Settings\Eric\My Documents\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 09:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:55:27 | 000,000,000 | ---D | M]

[2009/06/24 09:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/11 14:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qo7b9gu.default\extensions
[2011/02/02 11:49:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qo7b9gu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/12 10:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/26 09:07:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/04 16:31:32 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/07/12 14:05:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244477265281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1244477256875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8125.2855324074 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = __________.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2017/05/18 12:19:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2017/05/18 12:51:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData
[2017/05/18 12:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2017/05/18 12:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2017/05/18 12:41:32 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2017/05/18 12:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2017/05/18 12:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2017/05/18 12:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2017/05/18 12:32:28 | 000,000,000 | ---D | C] -- C:\dell
[2017/05/18 12:30:58 | 000,446,464 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
[2017/05/18 12:30:57 | 000,328,480 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
[2017/05/18 12:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2017/05/18 12:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2017/05/18 12:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2017/05/18 12:24:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2017/05/18 12:23:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2017/05/18 12:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2017/05/18 12:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2017/05/18 12:22:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2017/05/18 12:22:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2017/05/18 12:22:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2017/05/18 12:22:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2017/05/18 12:22:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2017/05/18 12:22:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2017/05/18 12:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2017/05/18 12:22:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2017/05/18 12:22:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2017/05/18 12:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2017/05/18 12:22:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2017/05/18 12:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2017/05/18 12:21:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2017/05/18 12:21:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2017/05/18 12:19:56 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2017/05/18 12:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2017/05/18 12:18:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2017/05/18 12:18:10 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2017/05/18 12:18:10 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2017/05/18 12:17:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2017/05/18 12:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2017/05/18 12:17:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2017/05/18 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2017/05/18 12:17:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2017/05/18 12:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2017/05/18 12:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2017/05/18 12:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2017/05/18 12:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2017/05/18 12:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2017/05/18 12:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2017/05/18 12:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2017/05/18 12:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2017/05/18 12:16:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2017/05/18 12:16:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2017/05/18 12:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2017/05/18 12:16:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2017/05/18 12:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2017/05/18 12:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2017/05/18 12:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2017/05/18 12:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2017/05/18 12:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2017/05/18 12:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2017/05/18 12:15:58 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2017/05/18 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2017/05/18 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2017/05/18 12:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2017/05/18 12:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2017/05/18 12:15:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2017/05/18 12:14:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2017/05/17 13:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2017/05/17 13:28:13 | 000,000,000 | R--D | C] -- C:\Program Files
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2017/05/17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2017/05/17 13:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2017/05/17 13:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Templates
[2017/05/17 13:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2017/05/17 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2017/05/17 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2017/05/17 13:27:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2017/05/17 13:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Application Data
[2017/05/17 13:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2017/05/17 13:23:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2017/05/17 13:23:30 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2017/05/17 13:23:30 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2017/05/17 13:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/12 10:20:44 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/07/11 17:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/07/11 16:24:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/11 16:22:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 15:03:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/11 14:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/07/11 13:54:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/11 13:52:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/07/11 13:52:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/07/11 09:33:08 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/07/06 12:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/06 12:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/06 12:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/07/06 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/06 09:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/07/05 16:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/07/05 16:44:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/07/05 16:44:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/07/05 10:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

========== Files - Modified Within 30 Days ==========

[2017/05/18 12:23:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2017/05/18 12:22:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2017/05/18 12:21:33 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2017/05/18 12:19:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2017/05/18 12:19:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2017/05/18 12:19:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2017/05/18 12:19:00 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2017/05/18 12:16:31 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/12 14:07:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/12 14:05:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/12 10:23:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/07/12 10:21:46 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/07/12 09:27:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/07/11 16:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/11 13:52:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/07/11 13:52:25 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/07/11 09:09:15 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/08 14:20:45 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/08 14:20:45 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/05 12:53:25 | 000,011,078 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/05 09:07:31 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/01 16:48:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/27 17:29:38 | 000,000,229 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2017/05/18 12:32:51 | 000,063,876 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2017/05/18 12:32:51 | 000,061,799 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2017/05/18 12:32:51 | 000,061,701 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2017/05/18 12:32:51 | 000,061,144 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2017/05/18 12:32:51 | 000,060,785 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2017/05/18 12:32:51 | 000,060,209 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2017/05/18 12:32:51 | 000,059,816 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2017/05/18 12:32:51 | 000,058,834 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2017/05/18 12:32:51 | 000,058,223 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2017/05/18 12:32:51 | 000,057,049 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2017/05/18 12:23:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2017/05/18 12:23:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2017/05/18 12:22:54 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2017/05/18 12:22:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2017/05/18 12:22:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2017/05/18 12:21:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2017/05/18 12:20:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2017/05/18 12:20:35 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2017/05/18 12:20:28 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2017/05/18 12:20:27 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2017/05/18 12:20:26 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2017/05/18 12:20:17 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2017/05/18 12:20:12 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2017/05/18 12:19:58 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2017/05/18 12:19:13 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2017/05/18 12:19:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2017/05/18 12:19:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2017/05/18 12:19:13 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2017/05/18 12:19:11 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2017/05/18 12:19:11 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2017/05/18 12:19:11 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2017/05/18 12:17:51 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2017/05/18 12:17:26 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2017/05/18 12:17:25 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2017/05/18 12:17:25 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2017/05/18 12:17:20 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2017/05/18 12:16:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2017/05/18 12:15:47 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2017/05/18 12:15:47 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2017/05/18 12:15:46 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2017/05/18 12:15:38 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2017/05/17 13:28:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2017/05/17 13:28:14 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2017/05/17 13:28:14 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2017/05/17 13:28:13 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2017/05/17 13:28:13 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2017/05/17 13:28:02 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2017/05/17 13:27:53 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2017/05/17 13:27:53 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2017/05/17 13:27:53 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2017/05/17 13:27:53 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2017/05/17 13:27:53 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2017/05/17 13:27:53 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2017/05/17 13:27:53 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2017/05/17 13:27:53 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2017/05/17 13:27:53 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2017/05/17 13:27:53 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2017/05/17 13:27:53 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2017/05/17 13:27:53 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2017/05/17 13:27:53 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2017/05/17 13:27:19 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2017/05/17 13:26:32 | 000,000,281 | RHS- | C] () -- C:\boot.ini
[2017/05/17 13:26:29 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/12 10:23:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/07/05 16:38:40 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
[2011/07/05 09:54:53 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/05 09:54:52 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/07/05 09:54:51 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/01 16:31:25 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/07 11:27:09 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2011/06/07 11:26:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SDConfig.dll
[2011/04/21 14:55:21 | 000,052,068 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/28 11:39:26 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\clspskey.dll
[2010/09/23 16:46:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/16 15:06:06 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WENCRNT4.sys
[2010/05/27 15:11:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/26 11:14:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/06/12 15:50:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/12 15:50:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/12 15:50:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/08/18 14:59:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/25 18:09:14 | 000,001,018 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/07/03 15:21:37 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2008/06/05 12:06:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/04 19:28:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/04 15:01:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/05/18 12:54:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 10:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 10:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/02/01 13:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aCpEkEn15400
[2011/02/03 12:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gJjPeGp05200
[2010/04/02 14:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/06 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB

========== Purity Check ==========



< End of report >



ASWMBR:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-12 14:22:32
-----------------------------
14:22:32.250 OS Version: Windows 5.1.2600 Service Pack 3
14:22:32.250 Number of processors: 1 586 0x209
14:22:32.250 ComputerName: ERIC-PC UserName:
14:22:33.531 Initialize success
14:22:40.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:22:40.968 Disk 0 Vendor: ST340014A 3.16 Size: 38146MB BusType: 3
14:22:42.984 Disk 0 MBR read successfully
14:22:42.984 Disk 0 MBR scan
14:22:42.984 Disk 0 Windows XP default MBR code found via API
14:22:42.984 Disk 0 unknown MBR code
14:22:42.984 Disk 0 MBR hidden
14:22:44.984 Disk 0 scanning sectors +78108030
14:22:45.015 Disk 0 malicious Win32:MBRoot code @ sector 78108033 !
14:22:45.015 Disk 0 PE file @ sector 78108055 !
14:22:45.015 Disk 0 MBR [Win32:MBRoot] **ROOTKIT**
14:22:45.015 Disk 0 trace - called modules:
14:22:45.015 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x898bdf16]<<
14:22:45.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89917ab8]
14:22:45.406 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89903d98]
14:22:45.406 \Driver\atapi[0x89913b30] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x898bdf16
14:22:45.406 Scan finished successfully
14:23:09.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
14:23:09.140 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#6
Essexboy
Posted 12 July 2011 - 12:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it sounds like it is confused as only the fixmbr option should be available

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
jamie829
Posted 12 July 2011 - 12:53 PM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks Essex. Tdsskiller ran like a charm this time, must have been something blocking it all along.

2011/07/12 14:36:57.0421 3412 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 14:36:57.0718 3412 ================================================================================
2011/07/12 14:36:57.0718 3412 SystemInfo:
2011/07/12 14:36:57.0718 3412
2011/07/12 14:36:57.0718 3412 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/12 14:36:57.0718 3412 Product type: Workstation
2011/07/12 14:36:57.0718 3412 ComputerName: ERIC-PC
2011/07/12 14:36:57.0718 3412 UserName: Administrator
2011/07/12 14:36:57.0718 3412 Windows directory: C:\WINDOWS
2011/07/12 14:36:57.0718 3412 System windows directory: C:\WINDOWS
2011/07/12 14:36:57.0718 3412 Processor architecture: Intel x86
2011/07/12 14:36:57.0718 3412 Number of processors: 1
2011/07/12 14:36:57.0718 3412 Page size: 0x1000
2011/07/12 14:36:57.0718 3412 Boot type: Normal boot
2011/07/12 14:36:57.0718 3412 ================================================================================
2011/07/12 14:36:59.0000 3412 Initialize success
2011/07/12 14:37:03.0750 1340 ================================================================================
2011/07/12 14:37:03.0750 1340 Scan started
2011/07/12 14:37:03.0750 1340 Mode: Manual;
2011/07/12 14:37:03.0750 1340 ================================================================================
2011/07/12 14:37:05.0390 1340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/12 14:37:05.0515 1340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/12 14:37:05.0687 1340 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/12 14:37:05.0812 1340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/12 14:37:05.0937 1340 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 14:37:06.0484 1340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/12 14:37:06.0593 1340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/12 14:37:06.0750 1340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/12 14:37:06.0859 1340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/12 14:37:06.0984 1340 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/12 14:37:07.0093 1340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/12 14:37:07.0218 1340 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/07/12 14:37:07.0234 1340 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/07/12 14:37:07.0500 1340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/12 14:37:07.0640 1340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/12 14:37:07.0734 1340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 14:37:07.0859 1340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/12 14:37:08.0093 1340 COH_Mon (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/07/12 14:37:08.0406 1340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/12 14:37:08.0546 1340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/12 14:37:08.0687 1340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/12 14:37:08.0781 1340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/12 14:37:08.0890 1340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/12 14:37:09.0046 1340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/12 14:37:09.0218 1340 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/12 14:37:09.0375 1340 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/12 14:37:09.0515 1340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/12 14:37:09.0640 1340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/12 14:37:09.0765 1340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/12 14:37:09.0875 1340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/12 14:37:10.0046 1340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/12 14:37:10.0156 1340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/12 14:37:10.0281 1340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/12 14:37:10.0421 1340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/12 14:37:10.0562 1340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/12 14:37:10.0750 1340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/12 14:37:11.0046 1340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/12 14:37:11.0171 1340 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/12 14:37:11.0546 1340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/12 14:37:11.0796 1340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/12 14:37:11.0921 1340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/12 14:37:12.0031 1340 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/12 14:37:12.0140 1340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/12 14:37:12.0250 1340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/12 14:37:12.0375 1340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/12 14:37:12.0484 1340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/12 14:37:12.0609 1340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/12 14:37:12.0734 1340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/12 14:37:12.0843 1340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/12 14:37:12.0953 1340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/12 14:37:13.0078 1340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/12 14:37:13.0234 1340 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/12 14:37:13.0359 1340 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/12 14:37:13.0468 1340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/12 14:37:13.0578 1340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/12 14:37:13.0703 1340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/12 14:37:13.0796 1340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/12 14:37:13.0906 1340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/12 14:37:14.0062 1340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/12 14:37:14.0187 1340 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/12 14:37:14.0328 1340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/12 14:37:14.0453 1340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/12 14:37:14.0562 1340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/12 14:37:14.0671 1340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/12 14:37:14.0781 1340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/12 14:37:14.0937 1340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/12 14:37:15.0062 1340 N100 (c7eb926899ff4575b630087ea4c7af61) C:\WINDOWS\system32\DRIVERS\n100325.sys
2011/07/12 14:37:15.0234 1340 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110712.002\NAVENG.SYS
2011/07/12 14:37:15.0437 1340 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110712.002\NAVEX15.SYS
2011/07/12 14:37:15.0562 1340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/12 14:37:15.0671 1340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/12 14:37:15.0734 1340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/12 14:37:15.0828 1340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/12 14:37:15.0906 1340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/12 14:37:15.0984 1340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/12 14:37:16.0109 1340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 14:37:16.0265 1340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/12 14:37:16.0359 1340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/12 14:37:16.0500 1340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/12 14:37:16.0625 1340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/12 14:37:16.0734 1340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/12 14:37:16.0843 1340 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/12 14:37:16.0953 1340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/12 14:37:17.0062 1340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/12 14:37:17.0171 1340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/12 14:37:17.0250 1340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/12 14:37:17.0390 1340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/12 14:37:17.0500 1340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/12 14:37:17.0890 1340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/12 14:37:18.0000 1340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/12 14:37:18.0125 1340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/12 14:37:18.0250 1340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/12 14:37:18.0359 1340 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/12 14:37:18.0640 1340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/12 14:37:18.0765 1340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/12 14:37:18.0890 1340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/12 14:37:19.0015 1340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/12 14:37:19.0140 1340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/12 14:37:19.0250 1340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/12 14:37:19.0375 1340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/12 14:37:19.0500 1340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/12 14:37:19.0625 1340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/12 14:37:19.0750 1340 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/07/12 14:37:19.0859 1340 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/12 14:37:20.0000 1340 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/12 14:37:20.0250 1340 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/12 14:37:20.0281 1340 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/12 14:37:20.0406 1340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/12 14:37:20.0531 1340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/12 14:37:20.0640 1340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/12 14:37:20.0765 1340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/12 14:37:20.0953 1340 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/12 14:37:21.0250 1340 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/07/12 14:37:21.0375 1340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/12 14:37:21.0484 1340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/12 14:37:21.0625 1340 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/07/12 14:37:21.0750 1340 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/07/12 14:37:21.0859 1340 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/07/12 14:37:22.0000 1340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/12 14:37:22.0156 1340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/12 14:37:22.0234 1340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/12 14:37:22.0484 1340 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/07/12 14:37:22.0687 1340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/12 14:37:22.0828 1340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/12 14:37:22.0953 1340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/12 14:37:23.0093 1340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/12 14:37:23.0203 1340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/12 14:37:23.0359 1340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/12 14:37:23.0546 1340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/12 14:37:23.0703 1340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/12 14:37:23.0828 1340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/12 14:37:23.0937 1340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/12 14:37:24.0046 1340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/12 14:37:24.0156 1340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/12 14:37:24.0265 1340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/12 14:37:24.0375 1340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/12 14:37:24.0531 1340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/12 14:37:24.0671 1340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/12 14:37:24.0843 1340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/12 14:37:24.0953 1340 WENCRNT4 (523a206cbacc2678286eb69dcda1c613) C:\WINDOWS\system32\Drivers\WENCRNT4.SYS
2011/07/12 14:37:25.0140 1340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/12 14:37:25.0281 1340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/12 14:37:25.0390 1340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/12 14:37:25.0562 1340 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/12 14:37:25.0671 1340 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/12 14:37:25.0718 1340 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/12 14:37:25.0734 1340 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/12 14:37:25.0765 1340 Boot (0x1200) (3ce42b606819abcaf5217fe4195c9b1b) \Device\Harddisk0\DR0\Partition0
2011/07/12 14:37:25.0765 1340 ================================================================================
2011/07/12 14:37:25.0765 1340 Scan finished
2011/07/12 14:37:25.0765 1340 ================================================================================
2011/07/12 14:37:25.0796 1232 Detected object count: 1
2011/07/12 14:37:25.0796 1232 Actual detected object count: 1
2011/07/12 14:37:44.0593 1232 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/12 14:37:44.0640 1232 \Device\Harddisk0\DR0 - ok
2011/07/12 14:37:44.0640 1232 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/12 14:37:50.0703 2316 Deinitialize success
  • 0

#8
Essexboy
Posted 12 July 2011 - 02:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok how is it beahving on the redirect front ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
jamie829
Posted 14 July 2011 - 07:53 AM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Essex, no more redirects, browser running fine. Thank you.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7136

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/14/2011 9:37:19 AM
mbam-log-2011-07-14 (09-37-19).txt

Scan type: Quick scan
Objects scanned: 257743
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Essexboy
Posted 14 July 2011 - 10:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#11
Essexboy
Posted 17 July 2011 - 05:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP