Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

After installing new spyware program, pc runs slow

Started by Denisejm , Mar 09 2017 06:42 PM

Please log in to reply

#1
Denisejm

Posted 09 March 2017 - 06:42 PM

Member

Member
782 posts

Hi,

I use Windows XP x64. About a month ago, I bought and installed a new anti-spyware program. It found some pups and other malware, no trojans, nothing serious. I had the program delete them. I found that my pc was running a lot slower on line tho so I uninstalled the program using Revo Uninstaller but it still runs slow on line. I have to wait about 20-25 seconds for each page to open when they used to open in just 2 or 3 seconds. I use Firefox. I'm not sure if the program left something in my pc or if there's a different reason for its slow speed.

I ran FRST64 and attached the files. I'm hoping someone can help. Thanks in advance.

Denise

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017

Ran by Administrator (administrator) on KINGKONG (09-03-2017 19:29:49)

Running from C:\Documents and Settings\Administrator\Desktop

Loaded Profiles: Administrator (Available Profiles: Administrator)

Platform: Microsoft Windows XP Service Pack 2 (X64) Language: English (United States)

Internet Explorer Version 8 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe

Failed to access process -> csrss.exe

Failed to access process -> winlogon.exe

Failed to access process -> services.exe

Failed to access process -> lsass.exe

Failed to access process -> svchost.exe

Failed to access process -> spoolsv.exe

Failed to access process -> sched.exe

Failed to access process -> svchost.exe

Failed to access process -> avguard.exe

Failed to access process -> svchost.exe

Failed to access process -> explorer.exe

Failed to access process -> GoogleCrashHandler.exe

Failed to access process -> RTHDCPL.EXE

Failed to access process -> ctfmon.exe

Failed to access process -> Webshots.scr

Failed to access process -> ctfmon.exe

Failed to access process -> avgnt.exe

Failed to access process -> BrStMonW.exe

Failed to access process -> BrotherHelp.exe

Failed to access process -> BrCtrlCntr.exe

Failed to access process -> BrCcUxSys.exe

Failed to access process -> jqs.exe

Failed to access process -> sol.exe

Failed to access process -> psia.exe

Failed to access process -> svchost.exe

Failed to access process -> wdfmgr.exe

Failed to access process -> MOM.exe

Failed to access process -> CCC.exe

Failed to access process -> wmiprvse.exe

Failed to access process -> avshadow.exe

Failed to access process -> BrYNSvc.exe

Failed to access process -> alg.exe

Failed to access process -> firefox.exe

Failed to access process -> sua.exe

Failed to access process -> WINWORD.EXE

Failed to access process -> splwow64.exe

Failed to access process -> JavaJRE_8u121_32-bit_PSIonlySPS.exe

Failed to access process -> wmiprvse.exe

Failed to access process -> FRST64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-11-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-11-03] (RealTek Semicoductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-11-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-22] (DivX, LLC)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-10-25] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)

Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)

Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)

Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)

Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)

Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)

Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\EFS: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2007-02-18] (Microsoft Corporation)

Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)

HKLM\...\Command Processor: <======= ATTENTION

HKLM-x32\...\Command Processor: <======= ATTENTION

HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Xvid] => C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpyBotS&D\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [GridinSoft Anti-Malware (64-bit)] => "C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -startupusbscan

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\RunOnce: [Adobe Speed Launcher] => 1489105410

HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com)

HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)

SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)

SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)

ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)

Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk [2017-03-03]

ShortcutTarget: Webshots.lnk -> D:\Webshots\Launcher.exe (Webshots.com)

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicyScripts: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog9 01 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)

Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:

==================

HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> {C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} URL =

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-01-29] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-01-29] (Oracle Corporation)

Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2007-02-18] (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)

DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1423973039265

Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)

Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)

Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)

Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)

Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)

Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)

Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2012-06-08] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: plpchrbo.default

FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default [2017-03-09]

FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default -> www.Google.com

FF Extension: (Blank Private Browsing Page) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]

FF Extension: (Favicon Restorer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]

FF Extension: (YouTube™ Enhancer Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-12-21]

FF Extension: (Form History Control) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]

FF Extension: (Webmail Ad Blocker) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-11-16]

FF Extension: (NO Google Analytics) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]

FF Extension: (AdBlocker for YouTube™) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-12-06]

FF Extension: (JSONView) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-01-26]

FF Extension: (YouTube Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-06]

FF Extension: (Private Tab) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-17]

FF Extension: (Restart My Fox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-06-03]

FF Extension: (SaveAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]

FF Extension: (Saved Password Editor) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-11-29]

FF Extension: (Google Translator for Firefox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-02]

FF Extension: (ReloadAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-03]

FF Extension: (Screengrab (fix version)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-12-09]

FF Extension: (Map With Google) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi [2016-05-01]

FF Extension: (YouTube High Definition) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-02-14]

FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-01-26]

FF Extension: (YouTube Video Download and Convert) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi [2017-02-14]

FF Extension: (RealDonaldContext) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e965eb3c-1419-4448-893c-d13aee5862f7}.xpi [2017-01-23]

FF Extension: (YouTube Flash Video Player) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-03-09]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC)

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-01-29] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-01-29] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc.exe [970632 2016-10-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-10-25] (Avira Operations GmbH & Co. KG)

S4 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [892928 2009-03-16] (ATI Technologies Inc.)

R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)

R2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2012-09-12] (Microsoft Corporation)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)

S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)

S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)

R2 dmserver; C:\WINDOWS\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)

R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation)

R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)

R2 Eventlog; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)

R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)

S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)

R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)

R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)

S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)

R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2017-01-29] (Oracle Corporation)

R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)

S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)

S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)

S3 NetDDE; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)

S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)

S3 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)

S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)

R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)

R3 Nla; C:\WINDOWS\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)

R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)

S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)

S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)

R2 PlugPlay; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)

R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)

S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)

R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)

S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)

R2 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)

S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)

S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)

R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)

S3 SDScannerService; C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

S3 SDUpdateService; C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

S4 SDWSCService; C:\Program Files (x86)\SpyBotS&D\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R2 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)

R3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)

R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)

R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)

R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)

S2 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)

S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)

S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)

R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)

R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)

R2 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)

S3 UPS; C:\WINDOWS\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)

S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)

R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)

S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)

S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)

S3 Wmi; C:\WINDOWS\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)

S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)

R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)

R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)

R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)

S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)

S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)

R3 WinHttpAutoProxySvc; winhttp.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; no ImagePath

S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)

S4 adpu160m; no ImagePath

S4 adpu320; no ImagePath

S3 aec; C:\WINDOWS\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)

S4 aic78u2; no ImagePath

S4 aic78xx; no ImagePath

S4 AliIde; no ImagePath

S3 Ambfilt64; C:\WINDOWS\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)

S4 AmdIde; no ImagePath

S4 arc; no ImagePath

S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)

S4 Atdisk; no ImagePath

R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [5020160 2009-03-16] (ATI Technologies Inc.)

S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)

R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [162992 2016-10-25] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137224 2016-10-25] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [28600 2016-07-18] (Avira Operations GmbH & Co. KG)

R2 CdaC15BA; C:\WINDOWS\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

R2 CdaD10BA; C:\WINDOWS\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

S1 Changer; no ImagePath

S4 CmdIde; no ImagePath

S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)

R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)

R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)

S4 dpti2o; no ImagePath

R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)

R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)

R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)

R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)

S1 i2omgmt; no ImagePath

S4 iirsp; no ImagePath

R1 imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)

R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTKHDA64.SYS [7458520 2013-12-10] (Realtek Semiconductor Corp.)

S4 IntelIde; no ImagePath

S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)

R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)

S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-07] (Malwarebytes)

R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)

S3 Monfilt64; C:\WINDOWS\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)

S4 mraid35x; no ImagePath

S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)

S3 PDCOMP; no ImagePath

S3 PDFRAME; no ImagePath

S3 PDRELI; no ImagePath

S3 PDRFRAME; no ImagePath

R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)

R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)

R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)

R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)

R0 rr232x; C:\WINDOWS\System32\drivers\rr232x.sys [139552 2015-02-01] (HighPoint Technologies, Inc.)

S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)

R3 RTLE8023x64; C:\WINDOWS\System32\DRIVERS\Rtenic64.sys [549080 2014-12-04] (Realtek Semiconductor Corporation )

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)

S4 Simbad; no ImagePath

S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)

R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)

S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)

S4 symc8xx; no ImagePath

S4 symmpi; no ImagePath

S4 sym_hi; no ImagePath

S4 sym_u3; no ImagePath

R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)

S4 TosIde; no ImagePath

S4 ultra; no ImagePath

U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)

S4 ViaIde; no ImagePath

S3 WDICA; no ImagePath

R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)

NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)

NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File

NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)

NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File

NETSVCx32: Iprip -> no filepath.

NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File

NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File

NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)

NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)

NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)

NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)

NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File

NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 19:29 - 2017-03-09 19:30 - 00035921 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt

2017-03-09 19:28 - 2017-03-09 19:28 - 02423808 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe

2017-03-09 19:11 - 2017-03-09 19:12 - 00000000 ____D C:\Program Files (x86)\HijackThis

2017-03-07 22:46 - 2015-03-25 08:55 - 00450626 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170307-224616.backup

2017-02-21 20:48 - 2017-03-09 19:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2017-02-21 20:48 - 2017-02-21 20:48 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-02-21 20:48 - 2017-02-21 20:48 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 19:30 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp

2017-03-09 19:29 - 2015-11-28 10:37 - 00000000 ____D C:\FRST

2017-03-09 19:23 - 2017-01-30 22:53 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2017-03-09 19:23 - 2015-12-07 13:51 - 00000338 _____ C:\WINDOWS\Tasks\ByteFence.job

2017-03-09 19:23 - 2015-03-12 09:01 - 00000522 _____ C:\WINDOWS\Tasks\NSManager_1426198789.job

2017-03-09 19:23 - 2015-02-01 19:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-03-09 19:23 - 2009-03-16 15:56 - 00173776 _____ C:\WINDOWS\system32\ativvaxx.cap

2017-03-09 19:21 - 2015-02-01 20:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt

2017-03-09 19:21 - 2015-02-01 19:12 - 00032404 _____ C:\WINDOWS\Tasks\SchedLgU.Txt

2017-03-09 19:21 - 2015-02-01 19:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

2017-03-09 19:21 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator

2017-03-09 19:13 - 2015-02-01 19:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents

2017-03-09 19:08 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\- Purchases 010217

2017-03-09 19:04 - 2017-01-30 22:53 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2017-03-09 18:45 - 2017-01-16 05:45 - 00000320 _____ C:\WINDOWS\Tasks\DivXUpdate.job

2017-03-09 10:48 - 2015-04-13 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-03-09 02:09 - 2016-08-27 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-03-08 14:59 - 2007-02-18 07:00 - 00013074 _____ C:\WINDOWS\system32\wpa.dbl

2017-03-07 22:08 - 2015-04-01 15:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-03-07 16:20 - 2016-11-10 11:22 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Calender 2017

2017-03-06 20:40 - 2015-07-27 15:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\- Twitter _JustTooMuch_

2017-03-05 18:00 - 2016-11-02 11:51 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI

2017-03-05 02:51 - 2015-12-07 13:51 - 00000344 _____ C:\WINDOWS\Tasks\ByteFence Scan.job

2017-03-02 11:06 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Files

2017-03-01 17:49 - 2015-02-01 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971737$

2017-03-01 16:58 - 2015-06-29 11:20 - 00000000 ____D C:\Program Files (x86)\SpyBotS&D

2017-02-21 20:48 - 2015-02-01 19:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-02-16 21:13 - 2015-02-01 13:33 - 00000000 ____D C:\WINDOWS\Help

2017-02-07 18:50 - 2015-02-11 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$

2017-02-07 18:05 - 2017-02-01 06:37 - 00000000 ____D C:\Program Files\Enigma Software Group

2017-02-07 10:48 - 2017-02-01 08:10 - 00000410 _____ C:\WINDOWS\Tasks\SpyHunter4.job

==================== Files in the root of some directories =======

2016-01-09 00:16 - 2016-01-09 00:16 - 0000548 _____ () C:\Documents and Settings\Administrator\Application Data\AutoGK.ini

2015-03-16 10:16 - 2015-03-16 10:16 - 0000618 _____ () C:\Documents and Settings\Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log

2015-03-31 12:31 - 2015-03-31 12:31 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323

Some files in TEMP:

====================

2017-02-01 07:46 - 2017-02-01 07:46 - 0000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION

C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

ATTENTION: ==> Could not access BCD.

==================== End of FRST.txt ============================

Attached Files

Addition.txt 33.54KB 188 downloads
FRST.txt 40.94KB 142 downloads

#2
RKinner

Posted 13 March 2017 - 05:39 AM

Malware Expert

Expert
24,624 posts

Looks like Spybot S&D did a number on your PC.

Let's see if Windows Repair all in one

can help enough to let us use FRST.

http://www.tweaking....all_in_one.html

Download it and save it then run it.

You can skip to step 4 or 5 where it gives you the same picture as in the above link.

By default a bunch of options are checked. Just run it with the defaults.

Reboot when done and run a FRST scan again with Addition.txt checked and post both logs.

#3
Denisejm

Posted 13 March 2017 - 10:35 AM

Member

Topic Starter
Member
782 posts

Hi Expert,

I went into SafeMode and ran tweaking.com and the following are the log files. I put my Windows disk in but a diskchk didn't start when I clicked to "Do it."

Tweaking.com - Windows Repair v3.9.26
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 64-bit
OS Version: 5.2.3790
OS Service Pack: Service Pack 2
Computer Name: KINGKONG
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Documents and Settings\Administrator
Current Profile SID: S-1-5-21-2049699319-3081317485-938346843-500
Current Profile Classes: S-1-5-21-2049699319-3081317485-938346843-500_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Administrator\Local Settings\Application Data
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:12:48

Process Count: 17
Commit Total: 213.70 MB
Commit Limit: 5.75 GB
Commit Peak: 249.73 MB
Handle Count: 3768
Kernel Total: 78.02 MB
Kernel Paged: 44.36 MB
Kernel Non Paged: 33.66 MB
System Cache: 814.23 MB
Thread Count: 216
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 605.46 MB(14.7891%)
Memory Avail.: 3.41 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 435.20 MB(10.6301%)
Memory Avail.: 3.57 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (3/13/2017 12:21:13 PM)

The current repair has failed to start for over 30 sec.
Trying Again....

The current repair has failed to start for over 30 sec.
Trying Again....

The current repair has failed to start for over 30 sec.
Trying Again....

   Done, but failed, at (3/13/2017 12:23:15 PM)
   Total Repair Time: 00:02:06

The current repair has failed to start 4 times.
Something is keeping the repair from running.

Try running the repairs in Windows Safe Mode. (This will keep 3rd party programs from getting in the way of the repairs)
If the repairs still fail then please post in the Tweaking.com forums for support.

Denise

#4
RKinner

Posted 13 March 2017 - 10:52 AM

Malware Expert

Expert
24,624 posts

OK Let's run check disk the correct way:

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)

2. Click the "Configuration" link on the main screen. This opens the configuration panel.

3. Check the "Expert mode" option.

4. Click on General > Security.

5. *Uncheck* the option titled "Protect files and registry entries from manipulation".

6. Click the "OK" button.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

Once it finishes try running Windows All in One again.

Then regardless, run FRST again, check Addition.txt and hit Enter.

#5
Denisejm

Posted 13 March 2017 - 03:14 PM

Member

Topic Starter
Member
782 posts

2. Click the "Configuration" link on the main screen. This opens the configuration panel.

There's no Configuration icon on the main panel. I looked under the 2 available options: System Scanner and Real Time Protection. There were Configuration icons but there were no choices for Expert anywhere.

I clicked on the configuration icons for System Scanner and Real Time Protection but Expert wasn't there either.

I will start Check disk now and I'll post the results.

Denise

Attached Thumbnails

Edited by Denisejm, 13 March 2017 - 03:23 PM.

#6
Denisejm

Posted 13 March 2017 - 05:54 PM

Member

Topic Starter
Member
782 posts

I tried to do Check File System using Tweaking.com in regular mode, not safe mode and it worked. I tried again in safe mode but again nothing happened. Then I did it in regular mode again and then tried Repairs. Chkdsk Log:

Microsoft Windows [Version 5.2.3790]
© Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator\Desktop>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
10113824113824
113824 file records processed.

File verification completed.
10 percent complete. (1 of 546 large file records processed)
10546546
546 large file records processed.

1000
0 bad file records processed.

1000
0 EA records processed.

1077
7 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
33 percent complete. (347123 of 347594 index entries processed)
33347594347594
347594 index entries processed.

Index verification completed.
3355
5 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
35 percent complete. (111722 of 113824 descriptors processed)
35113824113824
113824 security descriptors processed.

Security descriptor verification completed.
3593799379
9379 data files processed.

CHKDSK is verifying Usn Journal...
99 percent complete. (40894464 of 40929640 USN bytes processed)
100 percent complete. (40927232 of 40929640 USN bytes processed)
1004092964040929640
40929640 USN bytes processed.

Usn Journal verification completed.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

35840983 KB total disk space.
24309780 KB in 61354 files.
     27588 KB in 9380 indexes.
         0 KB in bad sectors.
    222671 KB in use by the system.
     65536 KB occupied by the log file.
11280944 KB available on disk.

      4096 bytes in each allocation unit.
   8960245 total allocation units on disk.
   2820236 allocation units available on disk.

C:\>

Repair Log:

Log:
Tweaking.com - Windows Repair v3.9.26
────────────────────────────────────────────────────────────────────────────────

System Variables
────────────────────────────────────────────────────────────────────────────────
OS: Microsoft Windows XP
OS Architecture: 64-bit
OS Version: 5.2.3790
OS Service Pack: Service Pack 2
Computer Name: KINGKONG
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Documents and Settings\Administrator
Current Profile SID: S-1-5-21-2049699319-3081317485-938346843-500
Current Profile Classes: S-1-5-21-2049699319-3081317485-938346843-500_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Administrator\Local Settings\Application Data
────────────────────────────────────────────────────────────────────────────────

System Information
────────────────────────────────────────────────────────────────────────────────
System Up Time: 0 Days 00:47:45

Process Count: 42
Commit Total: 1,006.00 MB
Commit Limit: 5.75 GB
Commit Peak: 1.31 GB
Handle Count: 11011
Kernel Total: 194.66 MB
Kernel Paged: 132.26 MB
Kernel Non Paged: 62.41 MB
System Cache: 3.26 GB
Thread Count: 567
────────────────────────────────────────────────────────────────────────────────

Memory Before Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 4.00 GB
Memory Used: 986.93 MB(24.1067%)
Memory Avail.: 3.03 GB
────────────────────────────────────────────────────────────────────────────────

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 4.00 GB
Memory Used: 688.19 MB(16.8097%)
Memory Avail.: 3.33 GB
────────────────────────────────────────────────────────────────────────────────

Starting Repairs...
   Started at (3/13/2017 7:28:18 PM)

The current repair has failed to start for over 30 sec.
Trying Again....

The current repair has failed to start for over 30 sec.
Trying Again....

The current repair has failed to start for over 30 sec.
Trying Again....

   Done, but failed, at (3/13/2017 7:30:21 PM)
   Total Repair Time: 00:02:04

The current repair has failed to start 4 times.
Something is keeping the repair from running.

Try running the repairs in Windows Safe Mode. (This will keep 3rd party programs from getting in the way of the repairs)
If the repairs still fail then please post in the Tweaking.com forums for support.

Then I ran FRST64:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by Administrator (administrator) on KINGKONG (13-03-2017 19:48:39)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> avguard.exe
Failed to access process -> svchost.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> explorer.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe
Failed to access process -> Webshots.scr
Failed to access process -> avgnt.exe
Failed to access process -> BrCtrlCntr.exe
Failed to access process -> BrCcUxSys.exe
Failed to access process -> BrStMonW.exe
Failed to access process -> BrotherHelp.exe
Failed to access process -> jqs.exe
Failed to access process -> psia.exe
Failed to access process -> svchost.exe
Failed to access process -> wdfmgr.exe
Failed to access process -> MOM.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> CCC.exe
Failed to access process -> avshadow.exe
Failed to access process -> BrYNSvc.exe
Failed to access process -> alg.exe
Failed to access process -> sua.exe
Failed to access process -> WR_Tray_Icon.exe
Failed to access process -> firefox.exe
Failed to access process -> FRST64.exe
Failed to access process -> FRST64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-11-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-11-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-11-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-22] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-10-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Xvid] => C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpyBotS&D\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [GridinSoft Anti-Malware (64-bit)] => "C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -startupusbscan
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\RunOnce: [Adobe Speed Launcher] => 1489444919
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\MountPoints2: B - B:\setup.exe
HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk [2017-03-03]
ShortcutTarget: Webshots.lnk -> D:\Webshots\Launcher.exe (Webshots.com)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> {C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-01-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-01-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2007-02-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1423973039265
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2012-06-08] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: plpchrbo.default
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default [2017-03-13]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default -> www.Google.com
FF Extension: (Blank Private Browsing Page) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (Favicon Restorer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (YouTube™ Enhancer Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-12-21]
FF Extension: (Form History Control) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (Webmail Ad Blocker) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-11-16]
FF Extension: (NO Google Analytics) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (AdBlocker for YouTube™) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-12-06]
FF Extension: (JSONView) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-01-26]
FF Extension: (YouTube Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-06]
FF Extension: (Private Tab) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-17]
FF Extension: (Restart My Fox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-06-03]
FF Extension: (SaveAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (Saved Password Editor) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-11-29]
FF Extension: (Google Translator for Firefox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-02]
FF Extension: (ReloadAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-03]
FF Extension: (Screengrab (fix version)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-12-09]
FF Extension: (Map With Google) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi [2016-05-01]
FF Extension: (YouTube High Definition) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-02-14]
FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-01-26]
FF Extension: (YouTube Video Download and Convert) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi [2017-02-14]
FF Extension: (RealDonaldContext) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e965eb3c-1419-4448-893c-d13aee5862f7}.xpi [2017-01-23]
FF Extension: (YouTube Flash Video Player) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-03-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc.exe [970632 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-10-25] (Avira Operations GmbH & Co. KG)
S4 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [892928 2009-03-16] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2012-09-12] (Microsoft Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2017-01-29] (Oracle Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 SDScannerService; C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\SpyBotS&D\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\WINDOWS\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
S4 Atdisk; no ImagePath
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [5020160 2009-03-16] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [162992 2016-10-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137224 2016-10-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [28600 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\WINDOWS\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\WINDOWS\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTKHDA64.SYS [7458520 2013-12-10] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-07] (Malwarebytes)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 Monfilt64; C:\WINDOWS\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R0 rr232x; C:\WINDOWS\System32\drivers\rr232x.sys [139552 2015-02-01] (HighPoint Technologies, Inc.)
S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\WINDOWS\System32\DRIVERS\Rtenic64.sys [549080 2014-12-04] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 19:37 - 2017-03-13 19:48 - 00035865 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2017-03-13 19:36 - 2017-03-13 19:37 - 00003886 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2017-03-13 19:33 - 2017-03-13 19:33 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2017-03-13 19:27 - 2007-02-18 08:00 - 00028288 ____C C:\Windows\System32\dllcache\OLDC1A.tmp
2017-03-13 19:27 - 2007-02-18 08:00 - 00028288 ____C C:\Windows\System32\dllcache\OLDC17.tmp
2017-03-13 19:27 - 2005-03-24 17:35 - 00232448 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLDC1E.tmp
2017-03-13 19:27 - 2005-03-24 17:35 - 00214272 ____C (Microsoft) C:\Windows\System32\dllcache\OLDC22.tmp
2017-03-13 19:27 - 2005-03-24 17:35 - 00055808 ____C (S2io Inc.) C:\Windows\System32\dllcache\OLDC14.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00214528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBFE.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00214528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBF8.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00214528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBF2.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00154624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDC01.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00154624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBFB.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00154624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBF5.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00118784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBE0.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00105984 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBE6.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00097280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBEC.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00079360 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBE3.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00073216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBE9.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00066048 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBEF.tmp
2017-03-13 19:26 - 2007-02-18 08:00 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDC0C.tmp
2017-03-13 19:26 - 2007-02-17 01:05 - 00024192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDC10.tmp
2017-03-13 19:26 - 2005-03-24 17:35 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDC05.tmp
2017-03-13 19:26 - 2005-03-24 17:35 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDC09.tmp
2017-03-13 19:25 - 2013-07-22 01:27 - 00027008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB5A.tmp
2017-03-13 19:25 - 2013-02-12 14:34 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB4F.tmp
2017-03-13 19:25 - 2007-02-18 12:05 - 00349696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB8D.tmp
2017-03-13 19:25 - 2007-02-18 12:05 - 00092672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBA5.tmp
2017-03-13 19:25 - 2007-02-18 12:05 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB99.tmp
2017-03-13 19:25 - 2007-02-18 12:05 - 00015360 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB4C.tmp
2017-03-13 19:25 - 2007-02-18 12:05 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB87.tmp
2017-03-13 19:25 - 2007-02-18 12:05 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBB7.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00083456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBA8.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00080384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBC6.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00073728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB61.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00062464 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBAB.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00057856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB9C.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00055808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBC9.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00054272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB6C.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB9F.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00029184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB7B.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00028160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB7E.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBBA.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBBD.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB81.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00016384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBAE.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBB1.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBC0.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB90.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBC3.tmp
2017-03-13 19:25 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB93.tmp
2017-03-13 19:25 - 2007-02-17 02:01 - 00543232 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB8A.tmp
2017-03-13 19:25 - 2007-02-17 02:01 - 00148480 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBA2.tmp
2017-03-13 19:25 - 2007-02-17 02:01 - 00031232 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB96.tmp
2017-03-13 19:25 - 2007-02-17 02:01 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB84.tmp
2017-03-13 19:25 - 2007-02-17 02:01 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBB4.tmp
2017-03-13 19:25 - 2007-02-17 02:00 - 00021504 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB49.tmp
2017-03-13 19:25 - 2007-02-17 01:02 - 00119552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBCD.tmp
2017-03-13 19:25 - 2007-02-17 01:02 - 00080896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBDD.tmp
2017-03-13 19:25 - 2007-02-17 01:01 - 00081920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB69.tmp
2017-03-13 19:25 - 2007-02-17 01:01 - 00044032 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB78.tmp
2017-03-13 19:25 - 2007-02-17 01:00 - 00216320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB65.tmp
2017-03-13 19:25 - 2007-02-17 01:00 - 00102912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB53.tmp
2017-03-13 19:25 - 2007-02-17 01:00 - 00042496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB57.tmp
2017-03-13 19:25 - 2005-03-24 17:34 - 00128000 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBD9.tmp
2017-03-13 19:25 - 2005-03-24 17:34 - 00114816 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\OLDBD5.tmp
2017-03-13 19:25 - 2005-03-24 17:34 - 00042496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB5E.tmp
2017-03-13 19:25 - 2005-03-24 17:34 - 00036608 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\OLDB74.tmp
2017-03-13 19:25 - 2005-03-24 17:34 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBD1.tmp
2017-03-13 19:25 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB70.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 01413398 ____C C:\Windows\System32\dllcache\OLDB0E.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00921600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB08.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00574464 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB0B.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00455272 ____C C:\Windows\System32\dllcache\OLDB05.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00455168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB1A.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00432128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB17.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00196608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB2B.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00187392 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAFF.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00171484 ____C C:\Windows\System32\dllcache\OLDB02.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00118272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB43.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00114176 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB2E.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00096768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB3D.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00076800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB46.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00070656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB11.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00065536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB40.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00046592 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB14.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00026624 ____C (Symbios Logic Inc.) C:\Windows\System32\dllcache\OLDAED.tmp
2017-03-13 19:24 - 2007-02-18 08:00 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB1D.tmp
2017-03-13 19:24 - 2007-02-17 02:00 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB24.tmp
2017-03-13 19:24 - 2007-02-17 01:59 - 00200704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAFC.tmp
2017-03-13 19:24 - 2007-02-17 01:00 - 00061440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB36.tmp
2017-03-13 19:24 - 2007-02-17 01:00 - 00058880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB28.tmp
2017-03-13 19:24 - 2005-03-24 17:34 - 00084992 ____C (LSI Logic) C:\Windows\System32\dllcache\OLDAF5.tmp
2017-03-13 19:24 - 2005-03-24 17:34 - 00041984 ____C (LSI Logic) C:\Windows\System32\dllcache\OLDAF1.tmp
2017-03-13 19:24 - 2005-03-24 17:34 - 00038912 ____C (Promise Technology, Inc.) C:\Windows\System32\dllcache\OLDB3A.tmp
2017-03-13 19:24 - 2005-03-24 17:34 - 00034432 ____C (ULi Electronics Inc.) C:\Windows\System32\dllcache\OLDB32.tmp
2017-03-13 19:24 - 2005-03-24 17:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAF9.tmp
2017-03-13 19:24 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB21.tmp
2017-03-13 19:24 - 2005-03-24 17:25 - 00039936 ____C (LSI Logic) C:\Windows\System32\dllcache\OLDAEA.tmp
2017-03-13 19:24 - 2005-03-24 17:25 - 00037376 ____C (LSI Logic) C:\Windows\System32\dllcache\OLDAE6.tmp
2017-03-13 19:23 - 2007-02-18 12:05 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAB6.tmp
2017-03-13 19:23 - 2007-02-18 08:00 - 00064512 ____C (Stallion Technologies) C:\Windows\System32\dllcache\OLDADB.tmp
2017-03-13 19:23 - 2007-02-18 08:00 - 00064512 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAC0.tmp
2017-03-13 19:23 - 2007-02-18 08:00 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAE2.tmp
2017-03-13 19:23 - 2007-02-18 08:00 - 00035328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAD1.tmp
2017-03-13 19:23 - 2007-02-18 08:00 - 00033280 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\OLDACB.tmp
2017-03-13 19:23 - 2007-02-18 08:00 - 00024660 ____C (Perle Systems Ltd.) C:\Windows\System32\dllcache\OLDACE.tmp
2017-03-13 19:23 - 2007-02-18 08:00 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAD4.tmp
2017-03-13 19:23 - 2007-02-17 01:35 - 00094720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDABD.tmp
2017-03-13 19:23 - 2007-02-17 00:55 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAC4.tmp
2017-03-13 19:23 - 2005-03-24 17:25 - 00028160 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\OLDAD8.tmp
2017-03-13 19:23 - 2005-03-24 17:25 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDADF.tmp
2017-03-13 19:23 - 2005-03-24 17:24 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAC8.tmp
2017-03-13 19:23 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDABA.tmp
2017-03-13 19:23 - 2005-03-24 17:24 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAB3.tmp
2017-03-13 19:20 - 2007-02-18 12:05 - 00040960 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA97.tmp
2017-03-13 19:20 - 2007-02-18 12:05 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA8E.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00623104 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA9D.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00544256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA9A.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00373760 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAA3.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAA9.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00011264 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAAC.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAAF.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAA6.tmp
2017-03-13 19:20 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAA0.tmp
2017-03-13 19:20 - 2007-02-17 01:55 - 00668672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA91.tmp
2017-03-13 19:20 - 2007-02-17 01:55 - 00060928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA94.tmp
2017-03-13 19:20 - 2005-03-24 17:24 - 00016384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA8B.tmp
2017-03-13 19:16 - 2007-02-18 12:05 - 00240640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA78.tmp
2017-03-13 19:16 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA5E.tmp
2017-03-13 19:16 - 2007-02-18 08:00 - 00016384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA7B.tmp
2017-03-13 19:16 - 2007-02-18 08:00 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA84.tmp
2017-03-13 19:16 - 2007-02-18 08:00 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA87.tmp
2017-03-13 19:16 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA81.tmp
2017-03-13 19:16 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA7E.tmp
2017-03-13 19:16 - 2007-02-17 01:55 - 00472576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA75.tmp
2017-03-13 19:16 - 2007-02-17 00:55 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA6E.tmp
2017-03-13 19:16 - 2005-03-24 17:24 - 00068608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA72.tmp
2017-03-13 19:16 - 2005-03-24 17:24 - 00046080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA6A.tmp
2017-03-13 19:16 - 2005-03-24 17:24 - 00043008 ____C (SiS Corporation) C:\Windows\System32\dllcache\OLDA62.tmp
2017-03-13 19:16 - 2005-03-24 17:24 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA66.tmp
2017-03-13 19:15 - 2007-02-18 08:00 - 00026624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA5B.tmp
2017-03-13 19:15 - 2005-03-24 17:24 - 00036864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA50.tmp
2017-03-13 19:15 - 2005-03-24 17:24 - 00030720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA54.tmp
2017-03-13 19:15 - 2005-03-24 17:24 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA58.tmp
2017-03-13 19:12 - 2007-02-18 08:00 - 00387584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA49.tmp
2017-03-13 19:12 - 2007-02-18 08:00 - 00219136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA4C.tmp
2017-03-13 19:12 - 2007-02-18 08:00 - 00016896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA23.tmp
2017-03-13 19:12 - 2007-02-18 08:00 - 00010240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA26.tmp
2017-03-13 19:12 - 2007-02-17 00:54 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA42.tmp
2017-03-13 19:12 - 2007-02-17 00:53 - 00073728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA2A.tmp
2017-03-13 19:12 - 2007-02-17 00:53 - 00040576 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\OLDA32.tmp
2017-03-13 19:12 - 2005-03-24 17:24 - 00059904 ____C (Realtek Semiconductor Corporation) C:\Windows\System32\dllcache\OLDA1C.tmp
2017-03-13 19:12 - 2005-03-24 17:24 - 00044032 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\OLDA2E.tmp
2017-03-13 19:12 - 2005-03-24 17:24 - 00037888 ____C (Realtek Semiconductor Corporation ) C:\Windows\System32\dllcache\OLDA20.tmp
2017-03-13 19:12 - 2005-03-24 17:24 - 00032256 ____C (SCM Microsystems) C:\Windows\System32\dllcache\OLDA3A.tmp
2017-03-13 19:12 - 2005-03-24 17:24 - 00031232 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA36.tmp
2017-03-13 19:12 - 2005-03-24 17:24 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA3E.tmp
2017-03-13 19:12 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA46.tmp
2017-03-13 19:11 - 2007-02-18 08:00 - 00036864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA0B.tmp
2017-03-13 19:11 - 2007-02-18 08:00 - 00026624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA0E.tmp
2017-03-13 19:11 - 2007-02-18 08:00 - 00004608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA11.tmp
2017-03-13 19:11 - 2007-02-18 08:00 - 00004096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA14.tmp
2017-03-13 19:11 - 2007-02-17 00:51 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA08.tmp
2017-03-13 19:11 - 2005-03-24 17:24 - 00094208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA04.tmp
2017-03-13 19:11 - 2005-03-24 17:24 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA00.tmp
2017-03-13 19:11 - 2005-03-24 17:24 - 00010240 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLDA18.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00198656 ____C C:\Windows\System32\dllcache\OLD9D3.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00135680 ____C C:\Windows\System32\dllcache\OLD9DA.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00116736 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9EB.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00083748 ____C C:\Windows\System32\dllcache\OLD9C8.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00083748 ____C C:\Windows\System32\dllcache\OLD9C5.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00083748 ____C C:\Windows\System32\dllcache\OLD9C2.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00083748 ____C C:\Windows\System32\dllcache\OLD9BF.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00078336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9EE.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00048640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9B8.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00026112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9F1.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9F4.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9E5.tmp
2017-03-13 19:04 - 2007-02-18 08:00 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9E8.tmp
2017-03-13 19:04 - 2007-02-17 00:51 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9FC.tmp
2017-03-13 19:04 - 2007-02-17 00:51 - 00032256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9F8.tmp
2017-03-13 19:04 - 2007-02-17 00:50 - 00316928 ____C C:\Windows\System32\dllcache\OLD9D0.tmp
2017-03-13 19:04 - 2007-02-17 00:50 - 00271872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9DE.tmp
2017-03-13 19:04 - 2007-02-17 00:50 - 00025344 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\OLD9CC.tmp
2017-03-13 19:04 - 2007-02-17 00:50 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9E2.tmp
2017-03-13 19:04 - 2007-02-17 00:44 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9BC.tmp
2017-03-13 19:04 - 2005-03-24 17:23 - 00057344 ____C C:\Windows\System32\dllcache\OLD9D7.tmp
2017-03-13 19:04 - 2005-03-24 17:22 - 00077824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9B5.tmp
2017-03-13 19:04 - 2005-03-24 17:22 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9B1.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 10011497 ____C C:\Windows\System32\dllcache\OLD9A7.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 01004904 ____C C:\Windows\System32\dllcache\OLD998.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00948656 ____C C:\Windows\System32\dllcache\OLD995.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00888832 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD99E.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00867242 ____C C:\Windows\System32\dllcache\OLD992.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00825038 ____C C:\Windows\System32\dllcache\OLD98F.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00733292 ____C C:\Windows\System32\dllcache\OLD9A4.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00535040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9A1.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00487472 ____C C:\Windows\System32\dllcache\OLD989.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00487472 ____C C:\Windows\System32\dllcache\OLD986.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00302080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD944.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00208744 ____C C:\Windows\System32\dllcache\OLD99B.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00194048 ____C C:\Windows\System32\dllcache\OLD974.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00188140 ____C C:\Windows\System32\dllcache\OLD98C.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00174803 ____C C:\Windows\System32\dllcache\OLD97D.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00174803 ____C C:\Windows\System32\dllcache\OLD97A.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00118784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD96E.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00117248 ____C C:\Windows\System32\dllcache\OLD977.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00116736 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD939.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00115712 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9AA.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00088576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD94B.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00079360 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD971.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00075776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9AD.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00059392 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD980.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD983.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00022016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD958.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD964.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00018432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD952.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD95B.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00016896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD967.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00016896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD95E.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD955.tmp
2017-03-13 19:03 - 2007-02-18 08:00 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD961.tmp
2017-03-13 19:03 - 2007-02-17 01:41 - 00057344 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD922.tmp
2017-03-13 19:03 - 2007-02-17 00:44 - 00944640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD94F.tmp
2017-03-13 19:03 - 2007-02-17 00:44 - 00505856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD941.tmp
2017-03-13 19:03 - 2007-02-17 00:44 - 00161024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD96B.tmp
2017-03-13 19:03 - 2007-02-17 00:41 - 00124416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD92E.tmp
2017-03-13 19:03 - 2005-03-24 17:22 - 00186880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD936.tmp
2017-03-13 19:03 - 2005-03-24 17:22 - 00135680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD948.tmp
2017-03-13 19:03 - 2005-03-24 17:22 - 00132608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD93D.tmp
2017-03-13 19:03 - 2005-03-24 17:21 - 05172480 ____C (NVIDIA Corporation) C:\Windows\System32\dllcache\OLD926.tmp
2017-03-13 19:03 - 2005-03-24 17:21 - 03801984 ____C (NVIDIA Corporation) C:\Windows\System32\dllcache\OLD92A.tmp
2017-03-13 19:03 - 2005-03-24 17:21 - 00185344 ____C (NVIDIA Corporation) C:\Windows\System32\dllcache\OLD932.tmp
2017-03-13 19:03 - 2005-03-24 17:21 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD91F.tmp
2017-03-13 19:02 - 2007-02-18 12:05 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD917.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 01875968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8DD.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 01875968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8DA.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00136192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8D4.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00106496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD90E.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00094208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8D7.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00061440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD911.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00058368 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8E4.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00038400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8E7.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00022016 ____C (Moxa Technologies Co., Ltd) C:\Windows\System32\dllcache\OLD8FC.tmp
2017-03-13 19:02 - 2007-02-18 08:00 - 00013824 ____C (Moxa Technologies Co., Ltd) C:\Windows\System32\dllcache\OLD8FF.tmp
2017-03-13 19:02 - 2007-02-17 01:40 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD914.tmp
2017-03-13 19:02 - 2007-02-17 01:39 - 00206848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8F6.tmp
2017-03-13 19:02 - 2007-02-17 01:39 - 00132096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8F9.tmp
2017-03-13 19:02 - 2007-02-17 00:39 - 00103680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD903.tmp
2017-03-13 19:02 - 2007-02-17 00:39 - 00062976 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8EF.tmp
2017-03-13 19:02 - 2007-02-17 00:39 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8E1.tmp
2017-03-13 19:02 - 2007-02-17 00:39 - 00008064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8F3.tmp
2017-03-13 19:02 - 2005-03-24 17:21 - 00042240 ____C (National Semiconductor Corporation) C:\Windows\System32\dllcache\OLD91B.tmp
2017-03-13 19:02 - 2005-03-24 17:21 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD90B.tmp
2017-03-13 19:02 - 2005-03-24 17:21 - 00017408 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD907.tmp
2017-03-13 19:02 - 2005-03-24 17:21 - 00005120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8EB.tmp
2017-03-13 19:01 - 2007-02-18 08:00 - 00431104 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8D1.tmp
2017-03-13 19:01 - 2007-02-18 08:00 - 00057856 ____C C:\Windows\System32\dllcache\OLD8CE.tmp
2017-03-13 19:01 - 2007-02-17 01:36 - 00350208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8B0.tmp
2017-03-13 19:01 - 2007-02-17 01:36 - 00009216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8B3.tmp
2017-03-13 19:01 - 2007-02-17 00:38 - 00094720 ____C C:\Windows\System32\dllcache\OLD8CB.tmp
2017-03-13 19:01 - 2007-02-17 00:38 - 00071680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8C7.tmp
2017-03-13 19:01 - 2005-03-24 17:21 - 00036352 ____C (LSI Logic Corporation) C:\Windows\System32\dllcache\OLD8C3.tmp
2017-03-13 19:01 - 2005-03-24 17:21 - 00028672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8BB.tmp
2017-03-13 19:01 - 2005-03-24 17:21 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8BF.tmp
2017-03-13 19:01 - 2005-03-24 17:21 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8B7.tmp
2017-03-13 19:00 - 2007-02-18 12:05 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD898.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 01158818 ____C C:\Windows\System32\dllcache\OLD85D.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 01158818 ____C C:\Windows\System32\dllcache\OLD85A.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00116756 ____C C:\Windows\System32\dllcache\OLD863.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00116756 ____C C:\Windows\System32\dllcache\OLD860.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00090624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD871.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00072704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD854.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD86A.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00052224 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD87F.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00050688 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD857.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00043008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD878.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD882.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00031744 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD885.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00029696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD89B.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD888.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD89E.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD88B.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD88E.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00010240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD804.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD807.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD80A.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD80D.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7FE.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD801.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD84E.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD848.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD83A.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD838.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD832.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD830.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD82A.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD828.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD822.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD820.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD81A.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD818.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD812.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD810.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD84B.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD842.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD840.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD83D.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD835.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD81D.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD851.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD845.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD82D.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD825.tmp
2017-03-13 19:00 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD815.tmp
2017-03-13 19:00 - 2007-02-17 01:36 - 00113664 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8A9.tmp
2017-03-13 19:00 - 2007-02-17 01:35 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD895.tmp
2017-03-13 19:00 - 2007-02-17 00:36 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8A6.tmp
2017-03-13 19:00 - 2007-02-17 00:35 - 00138752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD86E.tmp
2017-03-13 19:00 - 2007-02-17 00:35 - 00088064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD867.tmp
2017-03-13 19:00 - 2007-02-17 00:35 - 00026112 ____C (Litronic Industries) C:\Windows\System32\dllcache\OLD87C.tmp
2017-03-13 19:00 - 2005-03-24 17:20 - 00569344 ____C (Agere Systems) C:\Windows\System32\dllcache\OLD8A2.tmp
2017-03-13 19:00 - 2005-03-24 17:20 - 00074752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD875.tmp
2017-03-13 19:00 - 2005-03-24 17:20 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8AD.tmp
2017-03-13 19:00 - 2005-03-24 17:20 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD892.tmp
2017-03-13 18:59 - 2007-02-18 12:05 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7E8.tmp
2017-03-13 18:59 - 2007-02-18 12:05 - 00010240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7EF.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00034304 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6F9.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00028160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD716.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD719.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00016384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6F6.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00010240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD710.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7F8.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7F2.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD79E.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD772.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD748.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD713.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7C6.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7C4.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7A6.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7A4.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7A1.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD760.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD75E.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD720.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7FB.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7F5.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7DE.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7DC.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7CE.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7CC.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7BE.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7BC.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7B6.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7B4.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7AE.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7AC.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD782.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD780.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD77A.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD778.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD775.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD758.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD756.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD750.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD74E.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD74B.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD745.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD737.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD730.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD729.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD726.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7D6.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7D4.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7D1.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7C9.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7C1.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7B9.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7A9.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD798.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD796.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD78A.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD788.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD785.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD76C.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD766.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD763.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD75B.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD73E.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD723.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7E1.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7D9.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7B1.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD79B.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD790.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD78D.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD77D.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD76F.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD769.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD753.tmp
2017-03-13 18:59 - 2007-02-18 08:00 - 00005632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD793.tmp
2017-03-13 18:59 - 2007-02-17 00:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7E5.tmp
2017-03-13 18:59 - 2007-02-17 00:34 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7EC.tmp
2017-03-13 18:59 - 2007-02-17 00:31 - 00237056 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD701.tmp
2017-03-13 18:59 - 2007-02-17 00:31 - 00152576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6FD.tmp
2017-03-13 18:59 - 2007-02-17 00:31 - 00043008 ____C (SigmaTel, Inc.) C:\Windows\System32\dllcache\OLD70D.tmp
2017-03-13 18:59 - 2007-02-17 00:31 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD709.tmp
2017-03-13 18:59 - 2005-03-24 17:20 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD742.tmp
2017-03-13 18:59 - 2005-03-24 17:20 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD734.tmp
2017-03-13 18:59 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD73B.tmp
2017-03-13 18:59 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD72D.tmp
2017-03-13 18:59 - 2005-03-24 17:19 - 00070784 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD71D.tmp
2017-03-13 18:59 - 2005-03-24 17:19 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6F3.tmp
2017-03-13 18:59 - 2005-03-24 17:19 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD705.tmp
2017-03-13 18:58 - 2007-02-18 12:05 - 00216576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD62B.tmp
2017-03-13 18:58 - 2007-02-18 12:05 - 00167936 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD622.tmp
2017-03-13 18:58 - 2007-02-18 12:05 - 00068608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD61C.tmp
2017-03-13 18:58 - 2007-02-18 12:05 - 00029184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD60D.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 14694768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6A9.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 10660216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD69D.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 09206120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6C1.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00993672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD694.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00854376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6AC.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00815104 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD68B.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00695808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD65B.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00647168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD670.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00400384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6D0.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00394240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6D3.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00342016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD66A.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00331264 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD655.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00276992 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6D6.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00234496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6BE.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00210944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD64F.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00198144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD682.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00195584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6D9.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00179712 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6B8.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00141312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD685.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00137584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6A6.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00134339 ____C C:\Windows\System32\dllcache\OLD634.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00123392 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD610.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00122880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD613.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00113152 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6A3.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00112128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD601.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00109056 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD640.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00107520 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD69A.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00105984 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD65E.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00105984 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5F2.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00100864 ____C C:\Windows\System32\dllcache\OLD6CD.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00100864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6C4.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00096768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD63A.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00094208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD661.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00078336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD688.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00076288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD604.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00069120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD643.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00060121 ____C C:\Windows\System32\dllcache\OLD5FB.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00055704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD664.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD691.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00052093 ____C C:\Windows\System32\dllcache\OLD5F5.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00050900 ____C C:\Windows\System32\dllcache\OLD62E.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00047104 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6EC.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00035328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6EF.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00035328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD646.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00035074 ____C C:\Windows\System32\dllcache\OLD5EC.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00034604 ____C C:\Windows\System32\dllcache\OLD625.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00034518 ____C C:\Windows\System32\dllcache\OLD5F8.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00032887 ____C C:\Windows\System32\dllcache\OLD5FE.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00020992 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD67C.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00020480 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD649.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6C7.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00013877 ____C C:\Windows\System32\dllcache\OLD5E9.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00010240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6E2.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD673.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00009216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6CA.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6E5.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD676.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6AF.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00005120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6B2.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00003584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD607.tmp
2017-03-13 18:58 - 2007-02-18 08:00 - 00003072 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD60A.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 01106944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD658.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00732160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD66D.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00581120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD652.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00576000 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD667.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00327168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6BB.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00324608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD67F.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00323072 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD64C.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00274944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6B5.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00174592 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6A0.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00167424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD697.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00153600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD63D.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00139264 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD637.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00079872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD68E.tmp
2017-03-13 18:58 - 2007-02-17 01:35 - 00032256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD679.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 01298432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5EF.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00346624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD631.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00338944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6DF.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00336896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD61F.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00312832 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD628.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00100864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD619.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00039103 ____C C:\Windows\System32\dllcache\OLD616.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00030208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5E6.tmp
2017-03-13 18:58 - 2007-02-17 01:30 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6DC.tmp
2017-03-13 18:58 - 2005-03-24 17:19 - 00009216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6E9.tmp
2017-03-13 18:57 - 2007-02-18 12:05 - 00241664 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5AD.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00372824 ____C (Xircom) C:\Windows\System32\dllcache\OLD5D9.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00096256 ____C C:\Windows\System32\dllcache\OLD5DC.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00082432 ____C C:\Windows\System32\dllcache\OLD5DF.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00066560 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5B6.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00059904 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD588.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00048640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5B9.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00037888 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5BF.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00027136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5B0.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00022016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD585.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00018944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5B3.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5BC.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00009759 ____C (Conexant) C:\Windows\System32\dllcache\OLD59B.tmp
2017-03-13 18:57 - 2007-02-18 08:00 - 00009216 ____C (IBM Corporation) C:\Windows\System32\dllcache\OLD5D6.tmp
2017-03-13 18:57 - 2007-02-17 01:28 - 00492032 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5AA.tmp
2017-03-13 18:57 - 2007-02-17 00:28 - 00385024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD58C.tmp
2017-03-13 18:57 - 2007-02-17 00:28 - 00035840 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD576.tmp
2017-03-13 18:57 - 2005-03-24 17:19 - 00048128 ____C (Intel Corp./ICP vortex GmbH) C:\Windows\System32\dllcache\OLD5E3.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 01080832 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\OLD598.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 01038048 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD5CF.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00885760 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD5C3.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00804352 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\OLD5A7.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00244992 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD5C7.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00241664 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\OLD56E.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00236032 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\OLD59F.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00136704 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD5CB.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00080896 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\OLD56A.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00055296 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD5D3.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00043008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD57A.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00037402 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\OLD5A3.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00033280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD590.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD582.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD57E.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD594.tmp
2017-03-13 18:57 - 2005-03-24 17:18 - 00006144 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\OLD572.tmp
2017-03-13 18:56 - 2007-02-18 12:05 - 00467456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4FE.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00737792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD52B.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00737280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD52E.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00573952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD537.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00419328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD510.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00398336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD549.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00305664 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD53D.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00286720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD513.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00162816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4C7.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00129024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD507.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00095232 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD50A.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00072704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD531.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00072704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD50D.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00047616 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD51C.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00038400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD534.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00035840 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD55C.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00034304 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD522.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00034304 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4C4.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00027648 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD519.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD55F.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4E1.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD51F.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00022016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4CE.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00018944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4D4.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4D1.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD525.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00009216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4EF.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD528.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4F5.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4F2.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4D7.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD562.tmp
2017-03-13 18:56 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4EC.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00528384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4FB.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00469504 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD53A.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00414208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD540.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00282112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD516.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00260096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD504.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00177664 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4F8.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00137728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD543.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00132608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD546.tmp
2017-03-13 18:56 - 2007-02-17 01:22 - 00063488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD501.tmp
2017-03-13 18:56 - 2007-02-17 01:20 - 00116224 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4C1.tmp
2017-03-13 18:56 - 2007-02-17 01:20 - 00077824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4DA.tmp
2017-03-13 18:56 - 2007-02-17 00:22 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD54D.tmp
2017-03-13 18:56 - 2005-03-24 17:18 - 00063872 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\OLD551.tmp
2017-03-13 18:56 - 2005-03-24 17:18 - 00044544 ____C (Gemplus) C:\Windows\System32\dllcache\OLD559.tmp
2017-03-13 18:56 - 2005-03-24 17:18 - 00030720 ____C (Gemplus) C:\Windows\System32\dllcache\OLD555.tmp
2017-03-13 18:56 - 2005-03-24 17:18 - 00028672 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\OLD566.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00652288 ____C (AVM Berlin) C:\Windows\System32\dllcache\OLD4E5.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00643072 ____C (AVM Berlin) C:\Windows\System32\dllcache\OLD4E9.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00103936 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\OLD4B2.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\OLD4BE.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\OLD4BA.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00076800 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\OLD4B6.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00062848 ____C (VIA Technologies, Inc. ) C:\Windows\System32\dllcache\OLD4DE.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4AE.tmp
2017-03-13 18:56 - 2005-03-24 17:17 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4CB.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00514587 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4A6.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00212992 ____C (Digi International Inc.) C:\Windows\System32\dllcache\OLD45F.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00118272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD455.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00102400 ____C (Digi International Inc.) C:\Windows\System32\dllcache\OLD469.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00098304 ____C (Digi International Inc.) C:\Windows\System32\dllcache\OLD46C.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00079360 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD458.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00045056 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD449.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00031744 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD426.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00030720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD443.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00029696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD438.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00029696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD431.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00027136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD44C.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD446.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00020992 ____C (Digi International Inc.) C:\Windows\System32\dllcache\OLD462.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD44F.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00006686 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD477.tmp
2017-03-13 18:55 - 2007-02-18 08:00 - 00006656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD452.tmp
2017-03-13 18:55 - 2007-02-17 00:17 - 00182784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD48F.tmp
2017-03-13 18:55 - 2005-03-24 17:17 - 00232960 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD4A3.tmp
2017-03-13 18:55 - 2005-03-24 17:17 - 00191744 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD4AA.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00491520 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD487.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00462336 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD470.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00404480 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD483.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00310784 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD466.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00045056 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD47F.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00038400 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD47B.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00035328 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\OLD49F.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00032768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD49B.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD493.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD497.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD48B.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD45C.tmp
2017-03-13 18:55 - 2005-03-24 17:16 - 00006144 ____C (Eicon Networks) C:\Windows\System32\dllcache\OLD474.tmp
2017-03-13 18:55 - 2005-03-24 17:15 - 00096768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD43C.tmp
2017-03-13 18:55 - 2005-03-24 17:15 - 00094720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD42A.tmp
2017-03-13 18:55 - 2005-03-24 17:15 - 00036864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD435.tmp
2017-03-13 18:55 - 2005-03-24 17:15 - 00035328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD440.tmp
2017-03-13 18:55 - 2005-03-24 17:15 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD42E.tmp
2017-03-13 18:54 - 2007-02-18 12:05 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD407.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 01701888 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3A4.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 01682432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3A7.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00850944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3AA.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00841728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3AD.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00543708 ____C C:\Windows\System32\dllcache\OLD3C8.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00535552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3E6.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00480256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3E9.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00462929 ____C C:\Windows\System32\dllcache\OLD3B3.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00462929 ____C C:\Windows\System32\dllcache\OLD3B0.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00427138 ____C C:\Windows\System32\dllcache\OLD3CE.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00409168 ____C C:\Windows\System32\dllcache\OLD3E0.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00362496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3C2.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00279894 ____C C:\Windows\System32\dllcache\OLD3CB.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00249856 ____C C:\Windows\System32\dllcache\OLD3BC.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00199680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3C5.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00173568 ____C C:\Windows\System32\dllcache\OLD3BF.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00139264 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD37F.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00117760 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD385.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00102304 ____C C:\Windows\System32\dllcache\OLD3E3.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00102304 ____C C:\Windows\System32\dllcache\OLD3DD.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00082432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD382.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00078848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD388.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00063488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3B6.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3B9.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00029696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD413.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00026624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD410.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00026112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD39B.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3D4.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00024080 ____C C:\Windows\System32\dllcache\OLD3D1.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD39E.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD395.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00021504 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3D7.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3A1.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD398.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD38B.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD38E.tmp
2017-03-13 18:54 - 2007-02-18 08:00 - 00001380 ____C C:\Windows\System32\dllcache\OLD3DA.tmp
2017-03-13 18:54 - 2007-02-17 01:35 - 00040448 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD40D.tmp
2017-03-13 18:54 - 2007-02-17 01:09 - 00088576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD40A.tmp
2017-03-13 18:54 - 2007-02-17 01:09 - 00053248 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD404.tmp
2017-03-13 18:54 - 2007-02-17 00:09 - 00260096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD417.tmp
2017-03-13 18:54 - 2007-02-17 00:09 - 00031360 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\OLD3F9.tmp
2017-03-13 18:54 - 2007-02-17 00:09 - 00021120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3F5.tmp
2017-03-13 18:54 - 2007-02-17 00:09 - 00015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD401.tmp
2017-03-13 18:54 - 2007-02-17 00:05 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD37C.tmp
2017-03-13 18:54 - 2005-03-24 17:19 - 00001849 ____C C:\Windows\System32\dllcache\OLD3ED.tmp
2017-03-13 18:54 - 2005-03-24 17:19 - 00001844 ____C C:\Windows\System32\dllcache\OLD3F1.tmp
2017-03-13 18:54 - 2005-03-24 17:16 - 00023552 ____C (Eicon Networks Corporation) C:\Windows\System32\dllcache\OLD378.tmp
2017-03-13 18:54 - 2005-03-24 17:15 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD423.tmp
2017-03-13 18:54 - 2005-03-24 17:15 - 00027136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD41B.tmp
2017-03-13 18:54 - 2005-03-24 17:15 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD41F.tmp
2017-03-13 18:54 - 2005-03-24 17:15 - 00013824 ____C (CMD Technology, Inc.) C:\Windows\System32\dllcache\OLD3FD.tmp
2017-03-13 18:54 - 2005-03-24 17:14 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD392.tmp
2017-03-13 18:54 - 2005-03-24 17:12 - 00018432 ____C (AVM GmbH) C:\Windows\System32\dllcache\OLD374.tmp
2017-03-13 18:53 - 2007-02-18 12:05 - 00047104 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1D7.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00221184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD36A.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00195618 ____C C:\Windows\System32\dllcache\OLD217.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00195618 ____C C:\Windows\System32\dllcache\OLD214.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00189986 ____C C:\Windows\System32\dllcache\OLD27D.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00189986 ____C C:\Windows\System32\dllcache\OLD27A.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00187938 ____C C:\Windows\System32\dllcache\OLD2A1.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00187938 ____C C:\Windows\System32\dllcache\OLD29E.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00186402 ____C C:\Windows\System32\dllcache\OLD289.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00186402 ____C C:\Windows\System32\dllcache\OLD286.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00185378 ____C C:\Windows\System32\dllcache\OLD295.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00185378 ____C C:\Windows\System32\dllcache\OLD292.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00180770 ____C C:\Windows\System32\dllcache\OLD325.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00180770 ____C C:\Windows\System32\dllcache\OLD322.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00180258 ____C C:\Windows\System32\dllcache\OLD29B.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00180258 ____C C:\Windows\System32\dllcache\OLD298.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00180258 ____C C:\Windows\System32\dllcache\OLD283.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00180258 ____C C:\Windows\System32\dllcache\OLD280.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00177698 ____C C:\Windows\System32\dllcache\OLD331.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00177698 ____C C:\Windows\System32\dllcache\OLD32E.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00177698 ____C C:\Windows\System32\dllcache\OLD21D.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00177698 ____C C:\Windows\System32\dllcache\OLD21A.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00173602 ____C C:\Windows\System32\dllcache\OLD32B.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00173602 ____C C:\Windows\System32\dllcache\OLD328.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00173602 ____C C:\Windows\System32\dllcache\OLD28F.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00173602 ____C C:\Windows\System32\dllcache\OLD28C.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00173602 ____C C:\Windows\System32\dllcache\OLD22F.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00173602 ____C C:\Windows\System32\dllcache\OLD22C.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00162850 ____C C:\Windows\System32\dllcache\OLD211.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00162850 ____C C:\Windows\System32\dllcache\OLD20E.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD361.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD35E.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD35B.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD358.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD355.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD352.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD34F.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066594 ____C C:\Windows\System32\dllcache\OLD34C.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD367.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD364.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD349.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD346.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD343.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD340.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD33D.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD33A.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD337.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD334.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD31F.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD31C.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD319.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD316.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD313.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD310.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD30D.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD30A.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD307.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD304.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD301.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2FE.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2FB.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2F8.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2F5.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2F2.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2EF.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2EC.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2E9.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2E6.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2E3.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2E0.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2DD.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2DA.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2D7.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2D4.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2D1.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2CE.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2CB.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2C8.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2C5.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2C2.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2BF.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2BC.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2B9.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2B6.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2B3.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2B0.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2AD.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2AA.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2A7.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD2A4.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD277.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD274.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD271.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD26E.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD26B.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD268.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD265.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD262.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD25F.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD25C.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD259.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD256.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD253.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD250.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD24D.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD24A.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD247.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD244.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD241.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD23E.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD23B.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD238.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD235.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD232.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD229.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD226.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD223.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00066082 ____C C:\Windows\System32\dllcache\OLD220.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD370.tmp
2017-03-13 18:53 - 2007-02-18 08:00 - 00010240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD36D.tmp
2017-03-13 18:53 - 2007-02-17 01:05 - 00075776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1D4.tmp
2017-03-13 18:53 - 2007-02-17 00:05 - 00196608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1FF.tmp
2017-03-13 18:53 - 2007-02-17 00:05 - 00065536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1FB.tmp
2017-03-13 18:53 - 2007-02-17 00:05 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD203.tmp
2017-03-13 18:53 - 2007-02-17 00:05 - 00027648 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1F7.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00068608 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1D1.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00059904 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\OLD1EB.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00041984 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\OLD1DF.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD207.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD20B.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00019968 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\OLD1EF.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\OLD1F3.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00015360 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1E7.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries,Ltd.) C:\Windows\System32\dllcache\OLD1E3.tmp
2017-03-13 18:53 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\OLD1DB.tmp
2017-03-13 18:52 - 2007-02-18 12:05 - 00388096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD11A.tmp
2017-03-13 18:52 - 2007-02-18 12:05 - 00021504 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD120.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00126976 ____C (Sierra Wireless Inc.) C:\Windows\System32\dllcache\OLDF9.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00087552 ____C (AVM GmbH) C:\Windows\System32\dllcache\OLD173.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00082172 ____C C:\Windows\System32\dllcache\OLD1A5.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00082172 ____C C:\Windows\System32\dllcache\OLD1A2.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00066728 ____C C:\Windows\System32\dllcache\OLD19F.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00066728 ____C C:\Windows\System32\dllcache\OLD19C.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDEE.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDEB.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDE8.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDE5.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDE2.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDDF.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDDC.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDD9.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDD6.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDD3.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDD0.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDCD.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00018432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD195.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD186.tmp
2017-03-13 18:52 - 2007-02-18 08:00 - 00004096 ____C (Agere Systems) C:\Windows\System32\dllcache\OLDC2.tmp
2017-03-13 18:52 - 2007-02-17 01:03 - 00773120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD110.tmp
2017-03-13 18:52 - 2007-02-17 01:03 - 00621056 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD117.tmp
2017-03-13 18:52 - 2007-02-17 01:03 - 00027136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD11D.tmp
2017-03-13 18:52 - 2007-02-17 00:03 - 00067968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD164.tmp
2017-03-13 18:52 - 2007-02-17 00:03 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBF.tmp
2017-03-13 18:52 - 2007-02-17 00:03 - 00026112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD192.tmp
2017-03-13 18:52 - 2007-02-17 00:03 - 00020864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD199.tmp
2017-03-13 18:52 - 2007-02-17 00:03 - 00018816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD18A.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00480256 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\OLD18E.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00147456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1C5.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00082944 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1C9.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00063488 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1CD.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00037376 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1B1.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00036352 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1C1.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00035840 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1A9.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00022016 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1B9.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\OLD1AD.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00008192 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\OLD1BD.tmp
2017-03-13 18:52 - 2005-03-24 17:14 - 00006656 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\OLD1B5.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00264704 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD130.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00192768 ____C (AVM GmbH) C:\Windows\System32\dllcache\OLD17F.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00191488 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\OLD183.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00188416 ____C (AVM GmbH) C:\Windows\System32\dllcache\OLD170.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00168960 ____C (AVM GmbH) C:\Windows\System32\dllcache\OLD177.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00104960 ____C (AVM GmbH) C:\Windows\System32\dllcache\OLD16C.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00101888 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD128.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00084992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD13C.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00080896 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD124.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00073728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD12C.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00040960 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD148.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00036864 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD140.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00036352 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD160.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00033280 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD15C.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00031744 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD158.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00030720 ____C (AVM GmbH) C:\Windows\System32\dllcache\OLD17B.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00023552 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD154.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00022144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD168.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00020992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD138.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00020480 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD134.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00018944 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD144.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00013824 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD150.tmp
2017-03-13 18:52 - 2005-03-24 17:12 - 00009728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\OLD14C.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 01127424 ____C (Agere Systems) C:\Windows\System32\dllcache\OLDCA.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00120832 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDF6.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00117248 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDF2.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00062464 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\OLD114.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00059392 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD10D.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00053248 ____C (AMD) C:\Windows\System32\dllcache\OLD105.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00031744 ____C (Advanced Micro Devices (AMD), Inc.) C:\Windows\System32\dllcache\OLD101.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00009216 ____C (Acer Laboratories Inc.) C:\Windows\System32\dllcache\OLDFD.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD109.tmp
2017-03-13 18:52 - 2005-03-24 17:11 - 00004608 ____C (Agere Systems) C:\Windows\System32\dllcache\OLDC6.tmp
2017-03-13 18:51 - 2005-03-24 17:11 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDBB.tmp
2017-03-13 18:50 - 2007-02-18 12:05 - 00058880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB7.tmp
2017-03-13 18:50 - 2007-02-17 01:03 - 00107520 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDB4.tmp
2017-03-13 18:50 - 2007-02-17 00:02 - 00078080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD95.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00246784 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\OLDB1.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00182272 ____C (Intel Corporation) C:\Windows\System32\dllcache\OLD99.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00160256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDAD.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00108032 ____C (Color Flatbed Scanner) C:\Windows\System32\dllcache\OLDA1.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00093696 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\OLD9D.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00059392 ____C (Adaptec, Inc ) C:\Windows\System32\dllcache\OLDA9.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00018432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD91.tmp
2017-03-13 18:50 - 2005-03-24 17:11 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDA5.tmp
2017-03-13 18:49 - 2013-03-08 17:26 - 04523520 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD75.tmp
2017-03-13 18:49 - 2007-02-18 12:05 - 02663424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD72.tmp
2017-03-13 18:49 - 2007-02-18 12:05 - 02086400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD81.tmp
2017-03-13 18:49 - 2007-02-18 12:05 - 01058304 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD54.tmp
2017-03-13 18:49 - 2007-02-18 12:05 - 00217088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4E.tmp
2017-03-13 18:49 - 2007-02-18 12:05 - 00179200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7B.tmp
2017-03-13 18:49 - 2007-02-18 12:05 - 00082944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD2D.tmp
2017-03-13 18:49 - 2007-02-18 12:05 - 00059904 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD33.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00292864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6C.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00230400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD45.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00141824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD48.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00102400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD66.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00072192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD63.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00067584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD69.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00040448 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD42.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00022016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD57.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00022016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD36.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5A.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00017408 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD5D.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD39.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD60.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD84.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8A.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD87.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD8D.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3C.tmp
2017-03-13 18:49 - 2007-02-18 08:00 - 00005632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD3F.tmp
2017-03-13 18:49 - 2007-02-17 01:55 - 02295808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD7E.tmp
2017-03-13 18:49 - 2007-02-17 01:55 - 00292352 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD78.tmp
2017-03-13 18:49 - 2007-02-17 01:40 - 02898944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD6F.tmp
2017-03-13 18:49 - 2007-02-17 01:30 - 01675776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD51.tmp
2017-03-13 18:49 - 2007-02-17 01:30 - 00389120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD4B.tmp
2017-03-13 18:49 - 2007-02-17 01:30 - 00131072 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD2A.tmp
2017-03-13 18:49 - 2007-02-17 01:30 - 00099328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD30.tmp
2017-03-13 18:48 - 2017-03-13 19:27 - 00000000 ____D C:\WINDOWS\LastGood
2017-03-13 18:48 - 2007-02-18 12:05 - 00297984 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1E.tmp
2017-03-13 18:48 - 2007-02-18 12:05 - 00291328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD12.tmp
2017-03-13 18:48 - 2007-02-18 12:05 - 00102400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD18.tmp
2017-03-13 18:48 - 2007-02-18 12:05 - 00077824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD24.tmp
2017-03-13 18:48 - 2007-02-18 12:05 - 00048128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDC.tmp
2017-03-13 18:48 - 2007-02-17 01:09 - 00116736 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD21.tmp
2017-03-13 18:48 - 2007-02-17 01:09 - 00102912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD27.tmp
2017-03-13 18:48 - 2007-02-17 01:06 - 00454656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD1B.tmp
2017-03-13 18:48 - 2007-02-17 01:05 - 00169984 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD15.tmp
2017-03-13 18:48 - 2007-02-17 01:03 - 00391168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLDF.tmp
2017-03-13 18:48 - 2007-02-17 01:02 - 00067584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\OLD9.tmp
2017-03-13 17:48 - 2017-03-13 17:48 - 00002734 _____ C:\Documents and Settings\Administrator\Desktop\sfc_Windows_Repair_Log.txt
2017-03-13 17:28 - 2017-03-13 17:28 - 00001854 _____ C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
2017-03-13 17:28 - 2017-03-13 17:28 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-03-13 17:28 - 2017-03-13 17:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2017-03-13 17:27 - 2017-03-13 17:28 - 00190983 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-03-13 17:18 - 2017-03-13 17:18 - 06220854 _____ C:\Documents and Settings\Administrator\My Documents\Avira.bmp
2017-03-13 17:09 - 2017-03-13 17:09 - 00102208 _____ C:\Documents and Settings\Administrator\My Documents\Avira SCAN-20170313-142922-40AEE07D.txt
2017-03-13 12:24 - 2017-03-13 12:23 - 00002713 _____ C:\Documents and Settings\Administrator\Desktop\_Windows_Repair_Log.txt
2017-03-13 12:12 - 2017-03-13 12:12 - 00006096 _____ C:\Documents and Settings\Administrator\Desktop\chkdsk_log.txt
2017-03-13 11:35 - 2017-03-13 12:28 - 00000000 ____D C:\Program Files (x86)\Windows Repair (All in One)
2017-03-13 11:32 - 2017-03-13 11:32 - 32823032 _____ (Tweaking.com) C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
2017-03-10 10:57 - 2017-03-10 10:57 - 00000751 _____ C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
2017-03-09 20:28 - 2017-03-13 19:33 - 02424832 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2017-03-09 20:11 - 2017-03-09 20:12 - 00000000 ____D C:\Program Files (x86)\HijackThis
2017-03-07 23:46 - 2015-03-25 09:55 - 00450626 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170307-224616.backup
2017-02-21 21:48 - 2017-03-13 19:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-21 21:48 - 2017-02-21 21:48 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-21 21:48 - 2017-02-21 21:48 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 19:48 - 2015-11-28 11:37 - 00000000 ____D C:\FRST
2017-03-13 19:48 - 2015-02-01 20:12 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2017-03-13 19:45 - 2017-01-16 06:45 - 00000320 _____ C:\WINDOWS\Tasks\DivXUpdate.job
2017-03-13 19:27 - 2015-02-01 14:33 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-03-13 19:04 - 2017-01-30 23:53 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-13 18:46 - 2015-02-01 14:40 - 00617880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-13 18:41 - 2017-01-30 23:53 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-13 18:41 - 2015-12-07 14:51 - 00000338 _____ C:\WINDOWS\Tasks\ByteFence.job
2017-03-13 18:41 - 2015-03-12 10:01 - 00000522 _____ C:\WINDOWS\Tasks\NSManager_1426198789.job
2017-03-13 18:41 - 2015-02-01 20:12 - 00032504 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2017-03-13 18:41 - 2015-02-01 20:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-13 18:41 - 2009-03-16 16:56 - 00173776 _____ C:\WINDOWS\system32\ativvaxx.cap
2017-03-13 18:39 - 2015-02-01 20:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-03-13 18:36 - 2016-11-02 12:47 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2017-03-13 18:36 - 2016-01-08 15:15 - 00000000 ____D C:\Program Files (x86)\FairUse Wizard 2
2017-03-13 18:36 - 2015-04-21 08:39 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2017-03-13 18:36 - 2015-02-06 12:08 - 00000000 ____D C:\Program Files (x86)\DivX
2017-03-13 18:36 - 2015-02-03 00:24 - 00000000 ____D C:\Program Files (x86)\Advanced WindowsCare V2
2017-03-13 18:28 - 2015-02-01 14:37 - 00000230 ___SH C:\boot.ini
2017-03-13 18:21 - 2015-02-01 21:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-03-13 18:20 - 2015-02-01 20:12 - 00000000 ____D C:\Documents and Settings\Administrator
2017-03-13 17:19 - 2015-02-01 20:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2017-03-13 02:41 - 2015-02-01 21:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\- Purchases 010217
2017-03-12 17:42 - 2015-02-01 21:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Files
2017-03-12 16:24 - 2007-02-18 08:00 - 00013074 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-11 13:49 - 2015-02-01 14:33 - 00000000 ___HD C:\WINDOWS\inf
2017-03-10 03:51 - 2015-12-07 14:51 - 00000344 _____ C:\WINDOWS\Tasks\ByteFence Scan.job
2017-03-09 11:48 - 2015-04-13 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 03:09 - 2016-08-27 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 23:08 - 2015-04-01 16:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-07 17:20 - 2016-11-10 12:22 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Calender 2017
2017-03-06 21:40 - 2015-07-27 16:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\- Twitter _JustTooMuch_
2017-03-05 19:00 - 2016-11-02 12:51 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
2017-03-01 18:49 - 2015-02-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971737$
2017-03-01 17:58 - 2015-06-29 12:20 - 00000000 ____D C:\Program Files (x86)\SpyBotS&D
2017-02-21 21:48 - 2015-02-01 20:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 22:13 - 2015-02-01 14:33 - 00000000 ____D C:\WINDOWS\Help

==================== Files in the root of some directories =======

2016-01-09 01:16 - 2016-01-09 01:16 - 0000548 _____ () C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
2015-03-16 11:16 - 2015-03-16 11:16 - 0000618 _____ () C:\Documents and Settings\Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-03-31 13:31 - 2015-03-31 13:31 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323

Some files in TEMP:
====================
2017-02-01 08:46 - 2017-02-01 08:46 - 0000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

ATTENTION: ==> Could not access BCD.

==================== End of FRST.txt ============================

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 4094 MB
Available physical RAM: 3150.92 MB
Total Virtual: 5883.25 MB
Available Virtual: 4597.43 MB

==================== Drives ================================

Drive b: (CRMPXOEM_EN) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive c: () (Fixed) (Total:34.18 GB) (Free:8.66 GB) NTFS
Drive d: (M 20-89, WS) (Fixed) (Total:897.33 GB) (Free:230.56 GB) NTFS
Drive e: (M 90-07, TOONS, ANIMS, COM) (Fixed) (Total:1863.01 GB) (Free:580.21 GB) NTFS
Drive f: (M 08-PR, MIX, DOCS U-Z) (Fixed) (Total:1863.01 GB) (Free:1071.1 GB) NTFS
Drive g: (HD MOVIES, MINI-SERIES) (Fixed) (Total:1863.01 GB) (Free:339.95 GB) NTFS
Drive h: (DOCUMENTARIES A-T) (Fixed) (Total:931.51 GB) (Free:89.94 GB) NTFS
Drive i: (BKS DOG HOL MU P&F SF&TE) (Fixed) (Total:931.51 GB) (Free:478.64 GB) NTFS
Drive j: (TV 1-D, New Format Prgms) (Fixed) (Total:931.51 GB) (Free:199.61 GB) NTFS
Drive k: (TV E-I, NATGEO 100) (Fixed) (Total:1863.01 GB) (Free:294.94 GB) NTFS
Drive l: (TV J-M, BIBLICAL) (Fixed) (Total:931.51 GB) (Free:352.96 GB) NTFS
Drive m: (TV N-SO) (Fixed) (Total:931.51 GB) (Free:380.81 GB) NTFS
Drive n: (TV SU-Z, PR, CL, SVS, H&F) (Fixed) (Total:1863.01 GB) (Free:710.21 GB) NTFS
Drive z: (new tv episodes) (Fixed) (Total:931.51 GB) (Free:241.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 20643CEF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9374)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9375)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3C1E3C1E)
Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=897.3 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: CC3A108A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A2FC6F33)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 02AD02AC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B6370A21)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3DC003A1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 9 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C76BC76B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 10 (Size: 1863 GB) (Disk ID: BAB1BAB2)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 11 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9FFEDC44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#7
RKinner

Posted 13 March 2017 - 08:35 PM

Malware Expert

Expert
24,624 posts

Get Get DelDomain.inf from:

http://www.mvps.org/.../DelDomains.inf

(this is a direct download so the page won't change)

and then right click on it and Install. Nothing obvious will happen.

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

If and only if you have trouble getting back on line after the reboot:

Start, All Programs, Accessories, Command Prompt then type:
netsh  winsock  reset  catalog
and hit Enter and reboot.

After the reboot:

See if you can get Combofix to run:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:

http://download.blee...Bs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

#8
Denisejm

Posted 14 March 2017 - 09:38 AM

Member

Topic Starter
Member
782 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by Administrator (14-03-2017 10:51:52) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpyBotS&D\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [GridinSoft Anti-Malware (64-bit)] => "C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -startupusbscan
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\MountPoints2: B - B:\setup.exe
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> {C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 SDScannerService; C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\SpyBotS&D\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S4 Abiosdsk; no ImagePath
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dpti2o; no ImagePath
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
S4 IntelIde; no ImagePath
S4 mraid35x; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
S4 Simbad; no ImagePath
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
U1 WS2IFSL; no ImagePath
NETSVCx32: Iprip -> no filepath.
CMD: del /a /q C:\Windows\System32\dllcache\OLD*.tmp
2017-03-13 18:41 - 2015-12-07 14:51 - 00000338 _____ C:\WINDOWS\Tasks\ByteFence.job
2017-03-13 18:41 - 2015-03-12 10:01 - 00000522 _____ C:\WINDOWS\Tasks\NSManager_1426198789.job
2017-03-10 03:51 - 2015-12-07 14:51 - 00000344 _____ C:\WINDOWS\Tasks\ByteFence Scan.job
2017-03-01 17:58 - 2015-06-29 12:20 - 00000000 ____D C:\Program Files (x86)\SpyBotS&D
Task: C:\WINDOWS\Tasks\ByteFence Scan.job => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ByteFence.job => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\NSManager_1426198789.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\NSManager\manager.exe
Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Hosts:
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
reboot:

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\Software\Microsoft\Command Processor\\AutoRun => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Command Processor\\AutoRun => value removed successfully
HKU\S-1-5-21-2049699319-3081317485-938346843-500\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
HKU\S-1-5-21-2049699319-3081317485-938346843-500\Software\Microsoft\Windows\CurrentVersion\Run\\Spybot-S&D Cleaning => value removed successfully
HKU\S-1-5-21-2049699319-3081317485-938346843-500\Software\Microsoft\Windows\CurrentVersion\Run\\GridinSoft Anti-Malware (64-bit) => value removed successfully
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\B => key removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} => key removed successfully
HKCR\CLSID\{C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} => key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\SDScannerService => key removed successfully
SDScannerService => service removed successfully
HKLM\System\CurrentControlSet\Services\SDUpdateService => key removed successfully
SDUpdateService => service removed successfully
HKLM\System\CurrentControlSet\Services\SDWSCService => key removed successfully
SDWSCService => service removed successfully
HKLM\System\CurrentControlSet\Services\WinHttpAutoProxySvc => key removed successfully
WinHttpAutoProxySvc => service removed successfully
HKLM\System\CurrentControlSet\Services\Abiosdsk => key removed successfully
Abiosdsk => service removed successfully
HKLM\System\CurrentControlSet\Services\adpu160m => key removed successfully
adpu160m => service removed successfully
HKLM\System\CurrentControlSet\Services\adpu320 => key removed successfully
adpu320 => service removed successfully
HKLM\System\CurrentControlSet\Services\aic78u2 => key removed successfully
aic78u2 => service removed successfully
HKLM\System\CurrentControlSet\Services\aic78xx => key removed successfully
aic78xx => service removed successfully
HKLM\System\CurrentControlSet\Services\AliIde => key removed successfully
AliIde => service removed successfully
HKLM\System\CurrentControlSet\Services\AmdIde => key removed successfully
AmdIde => service removed successfully
HKLM\System\CurrentControlSet\Services\arc => key removed successfully
arc => service removed successfully
HKLM\System\CurrentControlSet\Services\Atdisk => key removed successfully
Atdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\Changer => key removed successfully
Changer => service removed successfully
HKLM\System\CurrentControlSet\Services\CmdIde => key removed successfully
CmdIde => service removed successfully
HKLM\System\CurrentControlSet\Services\dpti2o => key removed successfully
dpti2o => service removed successfully
HKLM\System\CurrentControlSet\Services\i2omgmt => key removed successfully
i2omgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\iirsp => key removed successfully
iirsp => service removed successfully
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully
IntelIde => service removed successfully
HKLM\System\CurrentControlSet\Services\mraid35x => key removed successfully
mraid35x => service removed successfully
HKLM\System\CurrentControlSet\Services\PDCOMP => key removed successfully
PDCOMP => service removed successfully
HKLM\System\CurrentControlSet\Services\PDFRAME => key removed successfully
PDFRAME => service removed successfully
HKLM\System\CurrentControlSet\Services\PDRELI => key removed successfully
PDRELI => service removed successfully
HKLM\System\CurrentControlSet\Services\PDRFRAME => key removed successfully
PDRFRAME => service removed successfully
HKLM\System\CurrentControlSet\Services\Simbad => key removed successfully
Simbad => service removed successfully
HKLM\System\CurrentControlSet\Services\symc8xx => key removed successfully
symc8xx => service removed successfully
HKLM\System\CurrentControlSet\Services\symmpi => key removed successfully
symmpi => service removed successfully
HKLM\System\CurrentControlSet\Services\sym_hi => key removed successfully
sym_hi => service removed successfully
HKLM\System\CurrentControlSet\Services\sym_u3 => key removed successfully
sym_u3 => service removed successfully
HKLM\System\CurrentControlSet\Services\TosIde => key removed successfully
TosIde => service removed successfully
HKLM\System\CurrentControlSet\Services\ultra => key removed successfully
ultra => service removed successfully
HKLM\System\CurrentControlSet\Services\ViaIde => key removed successfully
ViaIde => service removed successfully
HKLM\System\CurrentControlSet\Services\WDICA => key removed successfully
WDICA => service removed successfully
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully
WS2IFSL => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Iprip => removed successfully

========= del /a /q C:\Windows\System32\dllcache\OLD*.tmp =========

Could Not Find C:\Windows\System32\dllcache\OLD*.tmp

========= End of CMD: =========

C:\WINDOWS\Tasks\ByteFence.job => moved successfully
C:\WINDOWS\Tasks\NSManager_1426198789.job => moved successfully
C:\WINDOWS\Tasks\ByteFence Scan.job => moved successfully
C:\Program Files (x86)\SpyBotS&D => moved successfully
C:\WINDOWS\Tasks\ByteFence Scan.job => not found.
C:\WINDOWS\Tasks\ByteFence.job => not found.
C:\WINDOWS\Tasks\NSManager_1426198789.job => not found.
C:\WINDOWS\Tasks\SpyHunter4.job => moved successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

========= End of CMD: =========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-03-2017 10:54:42)

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 10:54:42 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by Administrator (administrator) on KINGKONG (14-03-2017 11:32:48)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> avguard.exe
Failed to access process -> svchost.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> explorer.exe
Failed to access process -> avshadow.exe
Failed to access process -> jqs.exe
Failed to access process -> psia.exe
Failed to access process -> svchost.exe
Failed to access process -> wdfmgr.exe
Failed to access process -> alg.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> sua.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe
Failed to access process -> Webshots.scr
Failed to access process -> CLIStart.exe
Failed to access process -> avgnt.exe
Failed to access process -> BrCtrlCntr.exe
Failed to access process -> BrStMonW.exe
Failed to access process -> BrotherHelp.exe
Failed to access process -> BrYNSvc.exe
Failed to access process -> BrCcUxSys.exe
Failed to access process -> FRST64.exe
Failed to access process -> reader_sl.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-11-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-11-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-11-03] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-22] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-10-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Xvid] => C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\RunOnce: [Adobe Speed Launcher] => 1489505545
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk [2017-03-03]
ShortcutTarget: Webshots.lnk -> D:\Webshots\Launcher.exe (Webshots.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 %SystemRoot%\system32\NLAapi.dll => No File
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog5-x64 03 %SystemRoot%\system32\NLAapi.dll => No File
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-01-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-01-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2007-02-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1423973039265
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2012-06-08] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: plpchrbo.default
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default [2017-03-14]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default -> www.Google.com
FF Extension: (Blank Private Browsing Page) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (Favicon Restorer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (YouTube™ Enhancer Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-12-21]
FF Extension: (Form History Control) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (Webmail Ad Blocker) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-11-16]
FF Extension: (NO Google Analytics) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (AdBlocker for YouTube™) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-12-06]
FF Extension: (JSONView) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-01-26]
FF Extension: (YouTube Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-06]
FF Extension: (Private Tab) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-17]
FF Extension: (Restart My Fox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-06-03]
FF Extension: (SaveAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-05-01]
FF Extension: (Saved Password Editor) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2016-11-29]
FF Extension: (Google Translator for Firefox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-02]
FF Extension: (ReloadAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\[email protected] [2017-02-03]
FF Extension: (Screengrab (fix version)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-12-09]
FF Extension: (Map With Google) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi [2016-05-01]
FF Extension: (YouTube High Definition) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-02-14]
FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-01-26]
FF Extension: (YouTube Video Download and Convert) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi [2017-02-14]
FF Extension: (RealDonaldContext) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e965eb3c-1419-4448-893c-d13aee5862f7}.xpi [2017-01-23]
FF Extension: (YouTube Flash Video Player) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-03-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc.exe [970632 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-10-25] (Avira Operations GmbH & Co. KG)
S4 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [892928 2009-03-16] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2012-09-12] (Microsoft Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2017-01-29] (Oracle Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S3 Ambfilt64; C:\WINDOWS\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [5020160 2009-03-16] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [162992 2016-10-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137224 2016-10-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [28600 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\WINDOWS\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\WINDOWS\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
R1 imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTKHDA64.SYS [7458520 2013-12-10] (Realtek Semiconductor Corp.)
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-07] (Malwarebytes)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 Monfilt64; C:\WINDOWS\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R0 rr232x; C:\WINDOWS\System32\drivers\rr232x.sys [139552 2015-02-01] (HighPoint Technologies, Inc.)
S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\WINDOWS\System32\DRIVERS\Rtenic64.sys [549080 2014-12-04] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 10:51 - 2017-03-14 10:54 - 00012747 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2017-03-14 10:50 - 2017-03-14 11:33 - 00032528 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2017-03-13 23:10 - 2017-03-13 23:10 - 00000209 _____ C:\Documents and Settings\Administrator\Desktop\If haveing trouble getting back on line.txt
2017-03-13 19:33 - 2017-03-13 19:33 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2017-03-13 17:28 - 2017-03-13 17:28 - 00001854 _____ C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
2017-03-13 17:28 - 2017-03-13 17:28 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-03-13 17:28 - 2017-03-13 17:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2017-03-13 17:18 - 2017-03-13 17:18 - 06220854 _____ C:\Documents and Settings\Administrator\My Documents\Avira.bmp
2017-03-13 17:09 - 2017-03-13 17:09 - 00102208 _____ C:\Documents and Settings\Administrator\My Documents\Avira SCAN-20170313-142922-40AEE07D.txt
2017-03-13 11:35 - 2017-03-13 12:28 - 00000000 ____D C:\Program Files (x86)\Windows Repair (All in One)
2017-03-13 11:32 - 2017-03-13 11:32 - 32823032 _____ (Tweaking.com) C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
2017-03-10 10:57 - 2017-03-10 10:57 - 00000751 _____ C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
2017-03-09 20:28 - 2017-03-13 19:33 - 02424832 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2017-03-09 20:11 - 2017-03-09 20:12 - 00000000 ____D C:\Program Files (x86)\HijackThis
2017-03-07 23:46 - 2015-03-25 09:55 - 00450626 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170307-224616.backup
2017-02-21 21:48 - 2017-03-14 11:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-21 21:48 - 2017-02-21 21:48 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-21 21:48 - 2017-02-21 21:48 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 11:33 - 2015-02-01 20:12 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2017-03-14 11:32 - 2015-11-28 11:37 - 00000000 ____D C:\FRST
2017-03-14 11:04 - 2017-01-30 23:53 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-14 10:59 - 2015-02-01 14:40 - 00617880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-14 10:55 - 2015-02-10 22:46 - 00000008 __RSH C:\Documents and Settings\Administrator\ntuser.pol
2017-03-14 10:55 - 2015-02-01 20:12 - 00000000 ____D C:\Documents and Settings\Administrator
2017-03-14 10:55 - 2015-02-01 14:38 - 00000000 ____D C:\Documents and Settings\All Users
2017-03-14 10:54 - 2017-01-30 23:53 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-14 10:54 - 2015-02-01 20:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-14 10:54 - 2009-03-16 16:56 - 00173776 _____ C:\WINDOWS\system32\ativvaxx.cap
2017-03-14 10:52 - 2015-02-01 21:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-03-14 10:52 - 2015-02-01 20:12 - 00032504 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2017-03-14 10:52 - 2015-02-01 20:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-03-14 10:51 - 2015-02-07 14:27 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-14 10:45 - 2017-01-16 06:45 - 00000320 _____ C:\WINDOWS\Tasks\DivXUpdate.job
2017-03-14 10:15 - 2015-02-01 14:33 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-03-13 18:36 - 2016-11-02 12:47 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2017-03-13 18:36 - 2016-01-08 15:15 - 00000000 ____D C:\Program Files (x86)\FairUse Wizard 2
2017-03-13 18:36 - 2015-04-21 08:39 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2017-03-13 18:36 - 2015-02-06 12:08 - 00000000 ____D C:\Program Files (x86)\DivX
2017-03-13 18:36 - 2015-02-03 00:24 - 00000000 ____D C:\Program Files (x86)\Advanced WindowsCare V2
2017-03-13 18:28 - 2015-02-01 14:37 - 00000230 ___SH C:\boot.ini
2017-03-13 17:19 - 2015-02-01 20:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2017-03-13 02:41 - 2015-02-01 21:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\- Purchases 010217
2017-03-12 17:42 - 2015-02-01 21:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Files
2017-03-12 16:24 - 2007-02-18 08:00 - 00013074 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-11 13:49 - 2015-02-01 14:33 - 00000000 ___HD C:\WINDOWS\inf
2017-03-09 11:48 - 2015-04-13 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 03:09 - 2016-08-27 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 23:08 - 2015-04-01 16:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-07 17:20 - 2016-11-10 12:22 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Calender 2017
2017-03-06 21:40 - 2015-07-27 16:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\- Twitter _JustTooMuch_
2017-03-05 19:00 - 2016-11-02 12:51 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
2017-03-01 18:49 - 2015-02-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971737$
2017-02-21 21:48 - 2015-02-01 20:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 22:13 - 2015-02-01 14:33 - 00000000 ____D C:\WINDOWS\Help

==================== Files in the root of some directories =======

2016-01-09 01:16 - 2016-01-09 01:16 - 0000548 _____ () C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
2015-03-16 11:16 - 2015-03-16 11:16 - 0000618 _____ () C:\Documents and Settings\Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-03-31 13:31 - 2015-03-31 13:31 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323

Some files in TEMP:
====================
2017-02-01 08:46 - 2017-02-01 08:46 - 0000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

ATTENTION: ==> Could not access BCD.

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by Administrator (14-03-2017 11:33:51)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 2 (X64) (2015-02-02 00:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2049699319-3081317485-938346843-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2049699319-3081317485-938346843-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2049699319-3081317485-938346843-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2049699319-3081317485-938346843-1001 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\{559A2FA4-4858-46E7-BD02-68C15A31DF98}) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\{68E93C1A-9585-4C06-B294-1123FD7929BE}) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AiO_Scan (x32 Version: 50.0.206.000 - Hewlett-Packard) Hidden
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM-x32\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0317.2130 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.60-090316a1-079188C-Asus - )
Auto Gordian Knot 2.45 (HKLM-x32\...\AutoGK) (Version: 2.45 - len0x)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Brother MFL-Pro Suite MFC-J450DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
ccc-core-preinstall (x32 Version: 2009.0317.2131.36802 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0317.2131.36802 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Corel WordPerfect Suite 8 (HKLM-x32\...\Corel WordPerfect Suite 8) (Version: - )
DirectX 9.0c Extra Files (x86) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Beta Printer Drivers for Windows XP x64 (5.64.0.17) (HKLM\...\{25E0F2BA-399C-4cf8-A654-53797016CB77}) (Version: 5.64.0.10 - HP)
HPProductAssistant (x32 Version: 53.0.13.000 - Hewlett-Packard) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
MediaInfo 0.7.7.4 (HKLM-x32\...\MediaInfo) (Version: 0.7.7.4 - )
MGI PhotoSuite 4 (Remove Only) (HKLM-x32\...\MGI_PRISM_V4_0) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 52.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 ESR (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6271 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E1B33EF1-258C-4EC0-A340-D031100FE50D}) (Version: 6.20.2016.0 - Microsoft Corporation)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM-x32\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
RealWorld Icon Editor (HKLM-x32\...\{4D9F6AAE-CDA4-44B6-AC20-E59B3E8CB108}) (Version: 10.1.0 - RealWorld Graphics)
Revo Uninstaller 1.80 (HKLM-x32\...\Revo Uninstaller) (Version: 1.80 - VS Revo Group)
Scan (x32 Version: 6.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Skins (x32 Version: 2009.0317.2131.36802 - ATI) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.26 - Tweaking.com)
Unlocker 1.8.5 (HKLM-x32\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690-v2) (HKLM\...\KB2641690-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 5 - Microsoft Corporation)
Update for Windows XP (KB932596) (HKLM\...\KB932596) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140744 - Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows x64 Service Pack) (Version: - )
WinMX (HKLM-x32\...\WinMX) (Version: - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip 16.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.4 - X Codec Pack team)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DivXUpdate.job => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-02 12:46 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7931 more sites.

IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\12-26.net -> user1.12-26.net

There are 8704 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-02-18 08:00 - 2017-03-14 10:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^StartUp^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\SpyBotS&D\SDTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe] => Enabled:Ultra virus killer
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\WinMX\WinMX.exe] => Enabled:WinMX Application
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files (x86)\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

09-03-2017 20:17:43 Revo Uninstaller's restore point - HijackThis 2.0.2
10-03-2017 20:19:21 System Checkpoint
11-03-2017 20:42:02 System Checkpoint
12-03-2017 20:59:19 System Checkpoint
13-03-2017 19:27:50 Tweaking.com - Windows Repair

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller #3
Description: Realtek PCIe GBE Family Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter #2
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2017 06:29:54 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The Volume Shadow Copy infrastructure cannot be used during Safe Mode.

Error: (03/13/2017 06:23:07 PM) (Source: VSS) (EventID: 8211) (User: )
Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode.

Error: (03/13/2017 04:49:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avcenter.exe, version 15.0.19.163, faulting module ccwkrlib.dll, version 15.0.19.163, fault address 0x00024220.
Processing media-specific event for [avcenter.exe!ws!]

Error: (03/13/2017 02:40:31 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (03/13/2017 02:40:31 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (03/13/2017 02:40:31 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (03/13/2017 02:32:49 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (03/13/2017 02:32:49 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (03/13/2017 02:32:49 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (03/13/2017 12:10:27 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The Volume Shadow Copy infrastructure cannot be used during Safe Mode.

System errors:
=============
Error: (03/14/2017 10:55:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/14/2017 10:55:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

Error: (03/14/2017 10:54:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/14/2017 10:54:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/14/2017 10:54:41 AM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (03/14/2017 10:54:39 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/14/2017 10:54:39 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/14/2017 10:54:39 AM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (03/14/2017 10:16:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/14/2017 10:16:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 21%
Total physical RAM: 4094 MB
Available physical RAM: 3198.83 MB
Total Virtual: 5883.25 MB
Available Virtual: 4756.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.18 GB) (Free:10.4 GB) NTFS
Drive d: (M 20-89, WS) (Fixed) (Total:897.33 GB) (Free:230.56 GB) NTFS
Drive e: (M 90-07, TOONS, ANIMS, COM) (Fixed) (Total:1863.01 GB) (Free:580.21 GB) NTFS
Drive f: (M 08-PR, MIX, DOCS U-Z) (Fixed) (Total:1863.01 GB) (Free:1071.1 GB) NTFS
Drive g: (HD MOVIES, MINI-SERIES) (Fixed) (Total:1863.01 GB) (Free:339.95 GB) NTFS
Drive h: (DOCUMENTARIES A-T) (Fixed) (Total:931.51 GB) (Free:89.94 GB) NTFS
Drive i: (BKS DOG HOL MU P&F SF&TE) (Fixed) (Total:931.51 GB) (Free:478.64 GB) NTFS
Drive j: (TV 1-D, New Format Prgms) (Fixed) (Total:931.51 GB) (Free:199.61 GB) NTFS
Drive k: (TV E-I, NATGEO 100) (Fixed) (Total:1863.01 GB) (Free:294.94 GB) NTFS
Drive l: (TV J-M, BIBLICAL) (Fixed) (Total:931.51 GB) (Free:352.96 GB) NTFS
Drive m: (TV N-SO) (Fixed) (Total:931.51 GB) (Free:380.81 GB) NTFS
Drive n: (TV SU-Z, PR, CL, SVS, H&F) (Fixed) (Total:1863.01 GB) (Free:710.21 GB) NTFS
Drive z: (new tv episodes) (Fixed) (Total:931.51 GB) (Free:241.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 20643CEF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9374)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9375)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3C1E3C1E)
Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=897.3 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: CC3A108A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A2FC6F33)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 02AD02AC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B6370A21)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3DC003A1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 9 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C76BC76B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 10 (Size: 1863 GB) (Disk ID: BAB1BAB2)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 11 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9FFEDC44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#9
Denisejm

Posted 14 March 2017 - 11:09 AM

Member

Topic Starter
Member
782 posts

I went into Services and stopped and disabled all Avira options. I downloaded ComboFix but it wouldn't run. It said that it was only for XP x32 and other os but not for XP x64.

#10
RKinner

Posted 14 March 2017 - 12:31 PM

Malware Expert

Expert
24,624 posts

OK. Too bad. You are also still on SP2 which will make it harder to find tools to work with it.

Let's see if we can find any of the missing files.

Copy the next line:

wininit.exe;Bootcat.cache;dmserver.dll;hidserv.dll;wkssvc.dll;msgsvc.dll;wscsvc.dll;ipinip.sys;smss.exe;csrss.exe;winlogon.exe;services.exe;NLAapi.dll;bfe.dll;FirewallAPI.dll

Run FRST and click in the Searc: box and then Ctrl + v and the copied line should appear.

Hit Search Files

When it finishes you will get a Search.txt. Please copy and paste it into a reply.

#11
Denisejm

Posted 15 March 2017 - 07:00 AM

Member

Topic Starter
Member
782 posts

When I open FRST, the Search box isn't an option to use.

Denise

Attached Thumbnails

#12
RKinner

Posted 15 March 2017 - 07:11 AM

Malware Expert

Expert
24,624 posts

OK. Probably because it's SP2.

Let's try OTL:

http://oldtimer.geekstogo.com/OTL.exe

Click on the green Download button. Download and Save and run it. (If your login does not have administrative rights on this PC then right click and Run As Administrator).

Hit Run Scan.

If this is the first time you have run OTL it should give you two logs. Post them both.

#13
Denisejm

Posted 15 March 2017 - 08:10 AM

Member

Topic Starter
Member
782 posts

OTL logfile created on: 3/15/2017 10:05:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 79.19% Memory free
5.75 Gb Paging File | 4.88 Gb Available in Paging File | 84.95% Paging File free
Paging file location(s): c:\pagefile.sys 2050 4100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 10.22 Gb Free Space | 29.90% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 230.56 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 580.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1071.10 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 339.95 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 89.94 Gb Free Space | 9.66% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 478.64 Gb Free Space | 51.38% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 199.61 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 294.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 352.96 Gb Free Space | 37.89% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 380.81 Gb Free Space | 40.88% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 710.21 Gb Free Space | 38.12% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 241.47 Gb Free Space | 25.92% Space Free | Partition Type: NTFS

Computer Name: KINGKONG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2017/03/15 10:04:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2017/01/30 23:59:22 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
PRC - [2017/01/29 15:19:29 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2016/10/25 13:20:55 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe
PRC - [2016/10/25 13:20:46 | 000,831,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
PRC - [2016/10/25 13:20:46 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe
PRC - [2016/02/03 16:43:08 | 000,602,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2016/02/03 16:39:54 | 001,550,848 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2016/02/02 08:45:52 | 001,570,520 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2016/02/02 08:45:52 | 000,837,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2014/05/22 14:50:04 | 004,513,792 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2013/09/25 16:35:06 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2013/01/18 11:01:12 | 002,009,088 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
PRC - [2008/08/15 10:39:04 | 003,343,688 | ---- | M] (Webshots.com) -- D:\Webshots\Webshots.scr

========== Modules (No Company Name) ==========

MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Services (SafeList) ==========

SRV - [2017/03/09 03:09:07 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/02/21 21:48:54 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/01/29 15:19:29 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2016/10/25 13:20:55 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/10/25 13:20:49 | 001,253,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\avwebgrd.exe -- (AntiVirWebService)
SRV - [2016/10/25 13:20:47 | 000,970,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\avmailc.exe -- (AntiVirMailService)
SRV - [2016/10/25 13:20:46 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe -- (AntiVirService)
SRV - [2016/02/02 08:45:52 | 001,570,520 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2016/02/02 08:45:52 | 000,837,848 | ---- | M] (Secunia) [On_Demand | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2014/12/11 12:03:12 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/09/25 16:35:06 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 08:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)

========== Driver Services (SafeList) ==========

DRV - [2015/02/01 21:51:35 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/02/18 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "www.Google.com"
FF - prefs.js..extensions.enabledAddons: saveall%40ns.ba:0.5.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: formhistory%40yahoo.com:1.4.0.6
FF - prefs.js..extensions.enabledAddons: faviconrestorer%40masserog.it:1.4.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: blankprivatebrowsingpage%40ipotable.github.com:1.0
FF - prefs.js..extensions.enabledAddons: Restart-My-Fox%408pecxstudios.com:1.1.5
FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.10.3
FF - prefs.js..extensions.enabledAddons: %7B02450914-cdd9-410f-b1da-db004e18c671%7D:0.99.07c
FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:4.1.4
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.5.3
FF - prefs.js..extensions.enabledAddons: unitedronaldo%40yahoo.com:0.9.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.3: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0 ESR\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0 ESR\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2017/01/17 15:58:38 | 000,000,000 | ---D | M]

[2015/02/07 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2016/12/06 12:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data
[2016/11/16 12:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\[email protected]
[2016/12/06 12:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\jid1-q4sG8pYhq8KGHs@jetpack
[2016/09/01 21:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\[email protected]
[2017/02/01 08:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extension-data
[2017/03/09 16:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions
[2016/05/01 11:08:53 | 000,000,000 | ---D | M] (Favicon Restorer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 11:08:53 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 11:08:48 | 000,000,000 | ---D | M] (SaveAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 12:44:08 | 000,006,979 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/21 14:20:09 | 000,647,418 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/11/16 12:38:06 | 000,385,969 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 09:27:54 | 000,015,898 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/06 12:20:16 | 000,035,248 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/01/26 13:18:37 | 000,037,250 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/06 18:47:31 | 000,079,847 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/17 20:02:56 | 000,090,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/06/03 12:03:25 | 000,078,096 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/11/29 13:15:07 | 000,269,732 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/02 11:49:40 | 000,076,870 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/03 17:20:00 | 000,046,099 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/09 19:13:28 | 000,161,730 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
[2016/05/01 10:42:59 | 000,021,150 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi
[2017/02/14 20:21:51 | 000,138,342 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
[2017/01/26 13:18:38 | 000,011,509 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi
[2017/02/14 20:22:15 | 000,060,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi
[2017/01/23 12:55:21 | 000,056,772 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{e965eb3c-1419-4448-893c-d13aee5862f7}.xpi
[2017/03/09 16:07:58 | 000,103,407 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2017/02/07 20:02:39 | 000,005,527 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\features\{0f40b2c0-9e2f-428e-b6b4-b6b758d4762c}\[email protected]
[2017/03/09 03:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

Hosts file not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1489580556 File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk = D:\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\system32\NLAapi.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\system32\NLAapi.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://update.micro...b?1423973039265(MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/01 20:06:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2017/03/15 10:03:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2017/03/15 00:18:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2017/03/13 19:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
[2017/03/13 17:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2017/03/13 17:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2017/03/13 11:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Repair (All in One)
[2017/03/13 11:32:23 | 032,823,032 | ---- | C] (Tweaking.com) -- C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2017/03/09 20:28:45 | 002,424,832 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FRST64.exe
[2017/03/09 20:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2017/02/21 21:48:53 | 000,802,904 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/02/21 21:48:53 | 000,144,472 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017/03/15 10:04:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2017/03/15 10:04:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2017/03/15 09:45:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\DivXUpdate.job
[2017/03/15 09:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2017/03/15 08:55:48 | 002,424,832 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FRST64.exe
[2017/03/15 08:22:30 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2017/03/15 08:22:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/03/14 13:04:32 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk
[2017/03/14 10:55:22 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2017/03/14 10:55:21 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2017/03/14 10:49:10 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2017/03/13 18:28:22 | 000,000,230 | -HS- | M] () -- C:\boot.ini
[2017/03/13 17:28:32 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
[2017/03/13 17:19:53 | 000,039,656 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Avirajpg.jpg
[2017/03/13 17:18:35 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Avira.bmp
[2017/03/13 11:32:52 | 032,823,032 | ---- | M] (Tweaking.com) -- C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2017/03/13 02:26:41 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MS Word 2007.lnk
[2017/03/10 10:57:54 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
[2017/03/05 19:00:28 | 000,007,891 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2017/03/03 14:33:59 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DRIVING DIRECTIONS - Doctors, Stores 010517.lnk
[2017/02/21 21:48:53 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/02/21 21:48:53 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2017/02/14 02:46:06 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PP.lnk
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017/03/14 10:49:08 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2017/03/13 17:28:32 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
[2017/03/13 17:19:52 | 000,039,656 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Avirajpg.jpg
[2017/03/13 17:18:35 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Avira.bmp
[2017/03/10 10:57:54 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
[2017/03/03 14:33:59 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DRIVING DIRECTIONS - Doctors, Stores 010517.lnk
[2017/02/21 21:48:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2017/01/29 15:21:03 | 001,198,045 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2017/01/29 15:21:03 | 000,003,003 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2017/01/29 15:20:54 | 000,107,520 | ---- | C] () -- C:\WINDOWS\SysWow64\zlib1.dll
[2017/01/29 15:20:51 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\libpng13.dll
[2017/01/29 15:20:51 | 000,138,752 | ---- | C] () -- C:\WINDOWS\SysWow64\libpng15.dll
[2017/01/29 15:20:49 | 001,198,049 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2017/01/29 15:20:49 | 000,010,840 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2016/12/01 01:12:36 | 000,283,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2016/11/02 12:51:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2016/11/02 12:51:56 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2016/11/02 12:51:27 | 000,007,891 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2016/11/02 12:51:27 | 000,007,819 | ---- | C] () -- C:\WINDOWS\BROMJ450DW.INI
[2016/11/02 12:48:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2016/11/02 12:48:14 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2016/11/02 12:47:25 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2016/02/15 16:06:21 | 000,129,024 | ---- | C] () -- C:\WINDOWS\SysWow64\AVERM.dll
[2016/02/15 16:06:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\AVEQT.dll
[2016/01/09 01:16:44 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2016/01/08 16:12:52 | 000,043,698 | ---- | C] () -- C:\WINDOWS\SysWow64\xvid-uninstall.exe
[2015/04/25 16:06:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2015/03/31 13:31:27 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
[2015/03/16 11:16:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2015/03/05 13:05:51 | 000,189,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2015/02/10 22:46:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol

========== ZeroAccess Check ==========

[2015/02/01 20:45:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 08:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 20:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 3/15/2017 10:05:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 79.19% Memory free
5.75 Gb Paging File | 4.88 Gb Available in Paging File | 84.95% Paging File free
Paging file location(s): c:\pagefile.sys 2050 4100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 10.22 Gb Free Space | 29.90% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 230.56 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 580.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1071.10 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 339.95 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 89.94 Gb Free Space | 9.66% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 478.64 Gb Free Space | 51.38% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 199.61 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 294.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 352.96 Gb Free Space | 37.89% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 380.81 Gb Free Space | 40.88% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 710.21 Gb Free Space | 38.12% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 241.47 Gb Free Space | 25.92% Space Free | Partition Type: NTFS

Computer Name: KINGKONG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = CryptoPreventCPL] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.pif [@ = CryptoPreventPIF] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.scr [@ = CryptoPreventSCR] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = CryptoPreventCPL] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.pif [@ = CryptoPreventPIF] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.scr [@ = CryptoPreventSCR] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC Media Player x64 v2.1.5\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" (FastStone Soft)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Directory [PlayWithVLC] -- "C:\Program Files\VLC Media Player x64 v2.1.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC Media Player x64 v2.1.5\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" (FastStone Soft)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Directory [PlayWithVLC] -- "C:\Program Files\VLC Media Player x64 v2.1.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
"C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe" = C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe:*:Enabled:Ultra virus killer
"C:\Program Files (x86)\SpyBotS&D\SDTray.exe" = C:\Program Files (x86)\SpyBotS&D\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access
"C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe" = C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\SpyBotS&D\SDUpdate.exe" = C:\Program Files (x86)\SpyBotS&D\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe" = C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\WinMX\WinMX.exe" = C:\Program Files (x86)\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files (x86)\Mozilla Firefox) -- (Mozilla Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe" = C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe:*:Enabled:Ultra virus killer
"C:\Program Files (x86)\SpyBotS&D\SDTray.exe" = C:\Program Files (x86)\SpyBotS&D\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access
"C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe" = C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\SpyBotS&D\SDUpdate.exe" = C:\Program Files (x86)\SpyBotS&D\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe" = C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\WinMX\WinMX.exe" = C:\Program Files (x86)\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files (x86)\Mozilla Firefox) -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{25E0F2BA-399C-4cf8-A654-53797016CB77}" = HP Beta Printer Drivers for Windows XP x64 (5.64.0.17)
"{3C415277-2974-1B73-F45E-355F5413EED5}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"ie8" = Windows Internet Explorer 8
"M928366" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Speccy" = Speccy
"VLC media player" = VLC media player
"WIC" = Windows Imaging Component
"Windows x64 Service Pack" = Windows XP Service Pack 2
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003863F0-53A2-A2D7-F2ED-8E5C15BEB1FC}" = CCC Help Hungarian
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19687AD5-7E54-4C5E-A796-125C95079C1D}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25650BDD-55B4-9D61-F481-622509D1E4F6}" = CCC Help Chinese Traditional
"{25A8FFA2-5EDA-6E69-CDCB-FC99A761B449}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{4597032E-FF4A-859A-ED8F-99C8B1B74C59}" = CCC Help Greek
"{46ED0BB2-7058-98EC-9AD8-2C354149BC8E}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9F6AAE-CDA4-44B6-AC20-E59B3E8CB108}" = RealWorld Icon Editor
"{559A2FA4-4858-46E7-BD02-68C15A31DF98}" = Adobe Flash Player 23 ActiveX
"{598B6911-FD59-06FE-B4B6-44A14FA7BD85}" = CCC Help Japanese
"{59A6AA57-FCCA-F597-03D9-347C5D474EEC}" = Catalyst Control Center Core Implementation
"{5C7BC4A8-4ED8-9A2C-59E9-794CC8555C1B}" = Catalyst Control Center Graphics Light
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6889E0ED-00FC-F3A1-B0EB-4DBC4AD750B1}" = CCC Help Czech
"{68E93C1A-9585-4C06-B294-1123FD7929BE}" = Adobe Flash Player 24 NPAPI
"{68FF1B48-E33B-A64B-D2CA-C9C73DD76774}" = CCC Help Spanish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E3C8115-F79E-5B3C-7AEC-3704485EEFC0}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}" = Brother MFL-Pro Suite MFC-J450DW
"{81330A59-FE28-C238-F827-408A96055E8B}" = ccc-core-static
"{818699A8-FF9E-DFE6-80B0-66EC5C70848F}" = CCC Help Thai
"{88DB3C3B-6053-012D-CF60-197D2B272506}" = CCC Help English
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94F20198-49A2-604A-667D-ABB801E1AFA4}" = CCC Help German
"{9604786F-E307-4843-197F-E2D0E9DF4D02}" = CCC Help Danish
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
"{A1FC2982-8327-3BBA-758E-2387723E6A93}" = Catalyst Control Center Graphics Full Existing
"{A3671B6F-8796-6C2A-5C35-574822FD2873}" = ccc-core-preinstall
"{A8C0E6AA-EADD-0763-C7E8-B498533298CB}" = CCC Help Italian
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B24B9C78-FC71-E03F-0AF3-9C11AF826615}" = CCC Help Russian
"{BB4CF994-7483-CDEA-3148-04902ED48D0B}" = CCC Help Swedish
"{C6411BC3-5A73-2114-2D88-2272480D170E}" = CCC Help Korean
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB6D4A98-5100-AC34-48E0-57992FB7A891}" = Catalyst Control Center Localization All
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{D2A7AF3A-9438-9FF7-FC9A-8641D674F032}" = Catalyst Control Center Graphics Full New
"{D7EBB916-85D1-E65C-B396-BB68863E16A5}" = CCC Help Dutch
"{D7F5B1B7-1FEA-DB5B-8ACA-89F07B1C4695}" = CCC Help Turkish
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7FFE625-EB05-220D-8C92-AB014A37742E}" = Skins
"{EEE4DA6C-E663-40B2-1C48-8236A5264BD7}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F64EF8A1-123B-BCB7-6B96-35DDD8B10681}" = CCC Help Chinese Standard
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB6FD318-DB51-FB77-A054-E4CBBBB1BC56}" = CCC Help French
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"All ATI Software" = ATI - Software Uninstall Utility
"AutoGK" = Auto Gordian Knot 2.45
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Avira Antivirus" = Avira Antivirus
"AviSynth" = AviSynth 2.5
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 5.3
"MediaInfo" = MediaInfo 0.7.7.4
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"Mozilla Firefox 52.0 ESR (x86 en-US)" = Mozilla Firefox 52.0 ESR (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.80
"Secunia PSI" = Secunia PSI (3.0.0.11005)
"Totalcmd" = Total Commander (Remove or Repair)
"Tweaking.com - Windows Repair" = Tweaking.com - Windows Repair
"Unlocker" = Unlocker 1.8.5
"VobSub" = VobSub v2.23 (Remove Only)
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid Video Codec 1.3.3" = Xvid Video Codec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/13/2017 12:10:27 PM | Computer Name = KINGKONG | Source = VSS | ID = 18
Description =

Error - 3/13/2017 2:32:49 PM | Computer Name = KINGKONG | Source = VSS | ID = 12302
Description =

Error - 3/13/2017 2:32:49 PM | Computer Name = KINGKONG | Source = VSS | ID = 12302
Description =

Error - 3/13/2017 2:32:49 PM | Computer Name = KINGKONG | Source = VSS | ID = 12302
Description =

Error - 3/13/2017 2:40:31 PM | Computer Name = KINGKONG | Source = VSS | ID = 12302
Description =

Error - 3/13/2017 2:40:31 PM | Computer Name = KINGKONG | Source = VSS | ID = 12302
Description =

Error - 3/13/2017 2:40:31 PM | Computer Name = KINGKONG | Source = VSS | ID = 12302
Description =

Error - 3/13/2017 4:49:56 PM | Computer Name = KINGKONG | Source = Application Error | ID = 1000
Description = Faulting application avcenter.exe, version 15.0.19.163, faulting module
ccwkrlib.dll, version 15.0.19.163, fault address 0x00024220.

Error - 3/13/2017 6:23:07 PM | Computer Name = KINGKONG | Source = VSS | ID = 8211
Description =

Error - 3/13/2017 6:29:54 PM | Computer Name = KINGKONG | Source = VSS | ID = 18
Description =

[ OSession Events ]
Error - 6/10/2016 10:38:20 AM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1535
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2016 8:29:51 AM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2016 1:03:26 PM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/2/2016 1:21:05 AM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/2/2016 1:06:21 PM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3186
seconds with 360 seconds of active time. This session ended with a crash.

Error - 11/4/2016 2:50:09 PM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/30/2016 5:08:47 PM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/3/2016 10:18:54 AM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/3/2016 10:26:29 AM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 64
seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/4/2017 3:51:39 PM | Computer Name = KINGKONG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/14/2017 11:04:00 PM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/14/2017 11:04:00 PM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/15/2017 8:22:28 AM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.

Error - 3/15/2017 8:22:28 AM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/15/2017 8:22:28 AM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/15/2017 8:22:30 AM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.

Error - 3/15/2017 8:22:30 AM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/15/2017 8:22:30 AM | Computer Name = KINGKONG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/15/2017 8:23:06 AM | Computer Name = KINGKONG | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/15/2017 8:23:06 AM | Computer Name = KINGKONG | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

< End of report >

#14
RKinner

Posted 15 March 2017 - 09:06 AM

Malware Expert

Expert
24,624 posts

Let's see if it's just a permission issue:

Please download GrantPerms.zip

http://download.blee.../GrantPerms.zip

and save it to your desktop.

Unzip the file and run GrantPerms.exe

Copy and paste the following in the edit box:

 
C:\Windows\system32\mswsock.dll
C:\Windows\system32\NLAapi.dll

Click Unlock. When it is done click "OK".

Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

#15
Denisejm

Posted 15 March 2017 - 09:58 AM

Member

Topic Starter
Member
782 posts

GrantPerms by Farbar
Ran by Administrator (administrator) at 2017-03-15 11:57:07

===============================================
\\?\C:\Windows\system32\mswsock.dll

   Owner: BUILTIN\Administrators

   DACL(NP)(AI):
            BUILTIN\Users   READ/EXECUTE   ALLOW   (I)
   BUILTIN\Power Users   change   ALLOW   (I)
   BUILTIN\Administrators   FULL   ALLOW   (I)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (I)

ERROR: Parsing the SD of <\\?\C:\Windows\system32\NLAapi.dll > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.