Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Sluggish, Odd Restarts, CPU Load High on Odd Occasions


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. 
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Double click on ComboFix to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
 
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
 
 
Download TDSSKiller:
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.  
 
If TDSSKiller alerts you that the system needs to reboot, please consent.
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

  • 0

Advertisements


#17
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Combofix log -

 

 

ComboFix 17-07-07.01 - Peter Bahniuk 07/31/2017  17:39:34.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3296.2673 [GMT 12:00]
Running from: c:\documents and settings\Peter Bahniuk\Desktop\ComboFix_2.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Peter Bahniuk\Application Data\inst.exe
c:\documents and settings\Peter Bahniuk\My Documents\man.log
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$ipconfig_all.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$jcgriff2_log.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$msinfo32.nfo
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$msinfo32.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$set_environment_var.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$systeminfo.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$Tasklist_SVCHOST.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\$tracert.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\AppEvent.Evt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\AutoRuns.arn
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\driverq_fo.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\driverq_si.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\driverq_v.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\dxdiag_x86t.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\dxdiag_x86x.xml
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\HKCU_Soft_MS_Win_CV_Uninstall.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\HKLM_Soft_MS_A-S_Installed_Components.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\HKLM_Soft_MS_Win_CV_Uninstall.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\hosts.txt
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\Mini072717-01.dmp
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\Mini072717-02.dmp
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\Mini112416-01.dmp
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\Mini120116-01.dmp
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\Mini121316-01.dmp
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\Mini121316-02.dmp
c:\documents and settings\Peter Bahniuk\My Documents\Sys_XP_Support\SysEvent.Evt
c:\documents and settings\Peter Bahniuk\WINDOWS
c:\windows\system32\ati2cqag.dll.tmp
c:\windows\system32\ati2dvag.dll.tmp
c:\windows\system32\ati3duag.dll.tmp
c:\windows\system32\ativvaxx.dll.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2017-06-28 to 2017-07-31  )))))))))))))))))))))))))))))))
.
.
2017-07-30 00:07 . 2017-07-30 00:07 0 ----a-w- c:\windows\ativpsrm.bin
2017-07-29 22:12 . 2017-07-30 01:48 -------- d-----w- c:\program files\SpeedFan
2017-07-28 23:26 . 2017-07-28 23:26 -------- d-----w- c:\program files\Speccy
2017-07-28 09:06 . 2007-11-30 11:25 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
2017-07-28 09:06 . 2007-11-30 11:25 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2017-07-28 09:06 . 2007-11-30 11:25 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll
2017-07-28 09:06 . 2007-11-30 11:25 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2017-07-27 12:14 . 2017-07-27 12:14 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-27 12:13 . 2017-07-27 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2017-07-27 05:25 . 2017-07-27 05:25 189112 ----a-w- c:\windows\PAExec.exe
2017-07-27 05:10 . 2017-07-27 05:10 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2017-07-27 05:10 . 2017-07-27 05:10 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2017-07-27 05:10 . 2017-07-27 05:10 -------- d-----w- c:\documents and settings\Peter Bahniuk\Local Settings\Application Data\Zemana
2017-07-27 04:52 . 2017-07-31 05:45 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-27 04:52 . 2017-06-27 00:06 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-27 04:52 . 2017-07-27 04:52 -------- d-----w- c:\program files\Malwarebytes
2017-07-27 04:52 . 2017-07-27 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2017-07-26 22:22 . 2017-07-26 22:23 -------- d-----w- C:\FRST
2017-07-26 14:45 . 2017-07-26 14:47 -------- d-----w- C:\Tweaking.com - Windows Repair
2017-07-26 13:57 . 2017-07-26 13:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit Software
2017-07-26 12:56 . 2017-07-26 12:56 -------- d-----w- c:\documents and settings\All Users\Foxit Software
2017-07-26 12:56 . 2017-07-26 12:56 -------- d-----w- c:\documents and settings\Peter Bahniuk\Application Data\Foxit AgentInformation
2017-07-26 12:56 . 2017-07-26 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Foxit ContentPlatform
2017-07-26 12:56 . 2017-07-26 12:58 -------- d-----w- c:\documents and settings\Peter Bahniuk\Application Data\Foxit Software
2017-07-14 17:18 . 2017-07-14 17:13 142144 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-12-06 6825888]
"Compact Tray Meter"="c:\compact tray meter\Compact Tray Meter.exe" [2014-05-31 3081672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-07-14 4027504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2014-02-28 26112]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-07-31 3084288]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]
.
c:\documents and settings\Peter Bahniuk\Start Menu\Programs\Startup\
RimhillEx.lnk - c:\program files\RimhillEx\RimhillEx.exe [2016-11-7 659456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swprv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Vivaldi\\Application\\vivaldi.exe"=
"c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"=
.
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/27/2017 4:52 PM 221600]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [11/16/2016 10:16 PM 23840]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [7/15/2017 5:18 AM 142144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 4:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 9:55 AM 67664]
R1 ZAM;ZAM Helper Driver;c:\windows\system32\drivers\zam32.sys [7/27/2017 5:10 PM 181496]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\system32\drivers\zamguard32.sys [7/27/2017 5:10 PM 181496]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/23/2014 11:47 AM 142648]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [7/27/2017 4:52 PM 3398608]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [3/1/2014 2:51 AM 173336]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [3/1/2014 2:52 AM 1326360]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [3/1/2014 2:52 AM 75032]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [10/8/2016 6:51 PM 46848]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [10/8/2016 6:51 PM 68352]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/24/2016 9:04 PM 47360]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10/8/2016 11:49 PM 8192]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/9/2016 7:21 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [3/1/2014 2:51 AM 173336]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [3/1/2014 2:52 AM 1326360]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [3/1/2014 2:52 AM 75032]
S3 PAExec;PAExec;c:\windows\PAExec.exe -service --> c:\windows\PAExec.exe -service [?]
S4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/10/2016 10:51 AM 270336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C142C0C-124C-4467-B117-EBCC62801D7B}]
2016-11-30 04:14 12791416 ----a-w- c:\program files\Vivaldi\Application\1.0.435.46\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-31 c:\windows\Tasks\Opera scheduled Autoupdate 1478319800.job
- c:\program files\Opera\launcher.exe [2016-11-05 05:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{6A394987-A551-40AF-9ADD-BA74B9C7F236}: NameServer = 203.97.78.43 203.97.78.44
FF - ProfilePath - c:\documents and settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)
SafeBoot-MBAMSwissArmy
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-TweakingRemoveSafeBoot
SafeBoot-WSService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-31 17:45
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-606747145-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00057da7-6bfc-48c6-924c-2f04ffb9eaf3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000063
"Therad"=dword:00000016
"MData"=hex(0):4a,95,58,4c,a5,98,97,f5,bb,44,2b,81,f7,68,8b,9d,fc,cc,72,59,ef,
   35,97,bb,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):04,2d,5b,dd,ed,61,e7,5a,9d,8a,8e,20,a8,e3,cf,08,27,8d,aa,e0,fa,
   ad,d4,7c,67,25,bc,14,9f,f9,4b,64,2f,4e,41,c2,08,61,e0,9a,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(432)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3104)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\System32\dot3dlg.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2017-07-31  17:46:38 - machine was rebooted
ComboFix-quarantined-files.txt  2017-07-31 05:46
.
Pre-Run: 83,460,341,760 bytes free
Post-Run: 83,661,053,952 bytes free
.
- - End Of File - - 5E4BDAD9BCF9F400557D48848EC1F94D
8F558EB6672622401DA993E1E865C861
 
 
 
TDSSKiller log -
 
17:47:20.0734 0x08cc  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
17:47:27.0906 0x08cc  ============================================================
17:47:27.0906 0x08cc  Current date / time: 2017/07/31 17:47:27.0906
17:47:27.0906 0x08cc  SystemInfo:
17:47:27.0906 0x08cc  
17:47:27.0906 0x08cc  OS Version: 5.1.2600 ServicePack: 3.0
17:47:27.0906 0x08cc  Product type: Workstation
17:47:27.0906 0x08cc  ComputerName: MINE
17:47:27.0906 0x08cc  UserName: Peter Bahniuk
17:47:27.0906 0x08cc  Windows directory: C:\WINDOWS
17:47:27.0906 0x08cc  System windows directory: C:\WINDOWS
17:47:27.0906 0x08cc  Processor architecture: Intel x86
17:47:27.0906 0x08cc  Number of processors: 4
17:47:27.0906 0x08cc  Page size: 0x1000
17:47:27.0906 0x08cc  Boot type: Normal boot
17:47:27.0906 0x08cc  ============================================================
17:47:29.0796 0x08cc  KLMD registered as C:\WINDOWS\system32\drivers\02700555.sys
17:47:29.0796 0x08cc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 2600.3264, osProperties = 0x0
17:47:29.0843 0x08cc  System UUID: {A953FD73-CEBF-1E83-6352-5AAAEDF68B0C}
17:47:30.0093 0x08cc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:47:30.0109 0x08cc  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:47:30.0109 0x08cc  ============================================================
17:47:30.0109 0x08cc  \Device\Harddisk0\DR0:
17:47:30.0109 0x08cc  MBR partitions:
17:47:30.0109 0x08cc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEF77800
17:47:30.0125 0x08cc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFADA5B, BlocksNum 0x26C004D5
17:47:30.0125 0x08cc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35BADF30, BlocksNum 0x47D2E50
17:47:30.0125 0x08cc  \Device\Harddisk1\DR1:
17:47:30.0125 0x08cc  MBR partitions:
17:47:30.0125 0x08cc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC38611B
17:47:30.0125 0x08cc  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC386199, BlocksNum 0x2C203143
17:47:30.0156 0x08cc  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x3858931B, BlocksNum 0x1DFB926
17:47:30.0156 0x08cc  ============================================================
17:47:30.0203 0x08cc  D: <-> \Device\Harddisk0\DR0\Partition1
17:47:30.0234 0x08cc  E: <-> \Device\Harddisk1\DR1\Partition2
17:47:30.0265 0x08cc  F: <-> \Device\Harddisk1\DR1\Partition3
17:47:30.0421 0x08cc  G: <-> \Device\Harddisk0\DR0\Partition2
17:47:30.0437 0x08cc  H: <-> \Device\Harddisk0\DR0\Partition3
17:47:30.0453 0x08cc  C: <-> \Device\Harddisk1\DR1\Partition1
17:47:30.0453 0x08cc  ============================================================
17:47:30.0453 0x08cc  Initialize success
17:47:30.0453 0x08cc  ============================================================
17:47:46.0046 0x0904  ============================================================
17:47:46.0046 0x0904  Scan started
17:47:46.0046 0x0904  Mode: Manual; SigCheck; TDLFS; 
17:47:46.0046 0x0904  ============================================================
17:47:46.0046 0x0904  KSN ping started
17:47:46.0078 0x0904  KSN ping finished: false
17:47:46.0671 0x0904  ================ Scan system memory ========================
17:47:46.0671 0x0904  System memory - ok
17:47:46.0671 0x0904  ================ Scan services =============================
17:47:46.0734 0x0904  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:47:46.0765 0x0904  !SASCORE - ok
17:47:46.0859 0x0904  Abiosdsk - ok
17:47:46.0875 0x0904  abp480n5 - ok
17:47:46.0890 0x0904  [ 15634A4D4371423AD438B93EE0519CB8, 893528A0D192F5E006AF5FD95DE90D69D97A3023C779D1A299323FF3CD4EC614 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:47:46.0937 0x0904  ACPI - ok
17:47:46.0968 0x0904  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:47:47.0000 0x0904  ACPIEC - ok
17:47:47.0000 0x0904  adpu160m - ok
17:47:47.0031 0x0904  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:47:47.0062 0x0904  aec - ok
17:47:47.0093 0x0904  [ E5D9213212ED08DC5F985049F7C68C09, 760E1AE3E0A963BB69CC0D25D759F5671011A785633925BCE67000C76F3243D0 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:47:47.0125 0x0904  AFD - ok
17:47:47.0140 0x0904  [ 6416F9B6B220F0A890525C38235AFAD7, C2A643E1BA75CD00C1C7F62475A7122AA95530A835AE62CF0FD9EADFA07B7EBD ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
17:47:47.0156 0x0904  AgereModemAudio - ok
17:47:47.0187 0x0904  [ 75E3FEC5A4AAC46FFF76AC794C8340EA, 2D9AC9154DA5CC0FF43DB778D9D55CDA86B0894AE1F25B72711753D87A7A7CFA ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:47:47.0265 0x0904  AgereSoftModem - ok
17:47:47.0265 0x0904  Aha154x - ok
17:47:47.0265 0x0904  aic78u2 - ok
17:47:47.0265 0x0904  aic78xx - ok
17:47:47.0281 0x0904  [ EBE1CBD58B24F9385649F1D0304E9E3B, 33A952891D4E4DF74244A0498D826D4DC20962E458759F3893789480A4733E3F ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:47:47.0312 0x0904  Alerter - ok
17:47:47.0328 0x0904  [ 62C1E5937E60C8E8926E34389FFCF281, 8CE3347597C650847C72587CB52B51606D491DDC5210E2E0040942089A02C571 ] ALG             C:\WINDOWS\System32\alg.exe
17:47:47.0359 0x0904  ALG - ok
17:47:47.0359 0x0904  AliIde - ok
17:47:47.0359 0x0904  amsint - ok
17:47:47.0375 0x0904  [ 25AB105529BC14EB63013A0179823724, 2EEFCE946864165CF28DC425CBE0EAE7D73F65CF410FEF77E68A398E121CE101 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:47:47.0390 0x0904  AppMgmt - ok
17:47:47.0390 0x0904  asc - ok
17:47:47.0390 0x0904  asc3350p - ok
17:47:47.0390 0x0904  asc3550 - ok
17:47:47.0453 0x0904  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:47:47.0453 0x0904  aspnet_state - ok
17:47:47.0468 0x0904  [ 0D4681F78A20B50D691A4F3C9F75EB41, 1F579051C1526D39F81FB50A8145C1DE38340F584290A704DA8C2A388BCC63A2 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:47:47.0515 0x0904  AsyncMac - ok
17:47:47.0515 0x0904  [ 335BB30ED68CF3DC0EE2BDDB438B6A9B, 0133F44E17562E2D57D92E4E04BB7F9CA2B9467B85F45AA2573E1F186C9BD99B ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:47:47.0562 0x0904  atapi - ok
17:47:47.0562 0x0904  Atdisk - ok
17:47:47.0593 0x0904  [ BD421E6F0827CB66619B61631BD1713C, 181A5EB7E9F86624FCBAFC047E31A98647AB90D2E4017AB5AE704CA85A8227B6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:47:47.0609 0x0904  Ati HotKey Poller - detected UnsignedFile.Multi.Generic ( 1 )
17:47:47.0640 0x0904  Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
17:47:47.0781 0x0904  [ E7C0D369BFACEDA11F6491195DDC6615, 5A8199E1AFF6165793CE10B1307DA8CD0DBAC3D8E6E1EA6C1806AD9F3409347C ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:47:47.0937 0x0904  ati2mtag - detected UnsignedFile.Multi.Generic ( 1 )
17:47:47.0937 0x0904  ati2mtag ( UnsignedFile.Multi.Generic ) - warning
17:47:47.0937 0x0904  [ ECF89E5BD58E3A3CC2E7DB0F0D9F6C6C, 4980CC54F24CCD32BADDD050656EB2B131F4785608A41535D10CD3CE08ACE7D7 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:47:47.0984 0x0904  Atmarpc - ok
17:47:48.0000 0x0904  [ 1BB95E55B5A8B0D02156D77D95AD4ED8, 878A030B7507D4913240ACB6EEA581BB589403AE54044637FC63AA9FB9C305F3 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:47:48.0031 0x0904  AudioSrv - ok
17:47:48.0046 0x0904  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:47:48.0078 0x0904  audstub - ok
17:47:48.0093 0x0904  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:47:48.0140 0x0904  Beep - ok
17:47:48.0156 0x0904  [ 60EEA64022CE15CB3A81CE666D74913F, EFA54158B872E560A2C19725B4A5C32F03D31B5516FC1F6D2DF72A35BABB26DC ] BITS            C:\WINDOWS\system32\qmgr.dll
17:47:48.0203 0x0904  BITS - ok
17:47:48.0218 0x0904  [ 8CD6C9AE12D3EA8930AC1C9D7A5D985E, D9B92E4D4F1CB9EA84A94F08875447DC242BA2086B430D1DA9BF419EAB908CA8 ] Browser         C:\WINDOWS\System32\browser.dll
17:47:48.0250 0x0904  Browser - ok
17:47:48.0281 0x0904  [ 18C6186E04F25515C1F7DA31B08B5B2D, A46B16942C0CD8204AF760974980A6664C10A38B9FAEDE1FF6A66F6DDF3B4243 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
17:47:48.0281 0x0904  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
17:47:48.0281 0x0904  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
17:47:48.0281 0x0904  Force sending object to P2P due to detect: BrYNSvc
17:47:48.0281 0x0904  Object send P2P result: false
17:47:48.0281 0x0904  catchme - ok
17:47:48.0312 0x0904  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:47:48.0343 0x0904  cbidf2k - ok
17:47:48.0343 0x0904  cd20xrnt - ok
17:47:48.0359 0x0904  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:47:48.0406 0x0904  Cdaudio - ok
17:47:48.0406 0x0904  [ B7B2EFD695BB6E937EB3E5B5465B6F47, DE50889E8AD8F3BD026A85379936C61CFEF4388704627B696BD8C21C99D06C1F ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:47:48.0437 0x0904  Cdfs - ok
17:47:48.0437 0x0904  [ 1F29616B1FC4D66A988CF97531BCF729, 464F21B5A235136BC1D6FD68BC3813F256FCC95A820810837DBF29798CF055B5 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:47:48.0484 0x0904  Cdrom - ok
17:47:48.0484 0x0904  Changer - ok
17:47:48.0484 0x0904  [ CA9FC4595227ECAA22CF29911A218A5E, 7375549F49CCC806E826C6DC3CBB8B83CCB4EF79D302794E3F05E9F39FBDBE23 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:47:48.0531 0x0904  CiSvc - ok
17:47:48.0546 0x0904  [ B3D97F1D9725A949B9EB190D8A699D24, 3A5639B6889EB2890C85B5F896D1A930F3FCC9C5EC4DA15C94CA2543E4589594 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:47:48.0578 0x0904  ClipSrv - ok
17:47:48.0593 0x0904  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:47:48.0593 0x0904  clr_optimization_v2.0.50727_32 - ok
17:47:48.0593 0x0904  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:47:48.0609 0x0904  clr_optimization_v4.0.30319_32 - ok
17:47:48.0609 0x0904  CmdIde - ok
17:47:48.0609 0x0904  COMSysApp - ok
17:47:48.0609 0x0904  Cpqarray - ok
17:47:48.0625 0x0904  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:47:48.0625 0x0904  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
17:47:48.0625 0x0904  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:47:48.0640 0x0904  [ B81BA41FE68A70C0FC429BBEFC547739, 9ECF5A05E58560FC73AA1EB79DC438A06A699F289075B8A6C6DF912E86E7F114 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:47:48.0671 0x0904  CryptSvc - ok
17:47:48.0687 0x0904  [ 88AB0527D409987FA5A91031E60A6C63, A5E275FD8F73D5E742FB5F92EB51AC036AC0E9E348E3182BE0FCA669D36D576F ] CT20XUT         C:\WINDOWS\system32\drivers\CT20XUT.SYS
17:47:48.0703 0x0904  CT20XUT - ok
17:47:48.0703 0x0904  [ 88AB0527D409987FA5A91031E60A6C63, A5E275FD8F73D5E742FB5F92EB51AC036AC0E9E348E3182BE0FCA669D36D576F ] CT20XUT.SYS     C:\WINDOWS\System32\drivers\CT20XUT.SYS
17:47:48.0718 0x0904  CT20XUT.SYS - ok
17:47:48.0750 0x0904  [ 7D6D4029C9ECD07129756735B1540771, 91C3DFDD170C7820DF7E592DE4E24CD7E14FB26B88E4B60B126CDFD2AFCD0700 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
17:47:48.0765 0x0904  ctac32k - ok
17:47:48.0765 0x0904  [ BC068CD5A6B797587ACA9EDDDFDB92B5, C96C3D86C089C075F7EB326DA442DD22F17296DF16DC0407D14710FD9D2287A7 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
17:47:48.0781 0x0904  ctaud2k - ok
17:47:48.0796 0x0904  [ 5CE3D0E1D1B3832EE052CFC442EEE0FA, 6B9DB2C350140ED547C7A96DB0EAD812E8987176B312C79AF52FC9B23EEEB8C4 ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
17:47:48.0796 0x0904  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
17:47:48.0796 0x0904  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
17:47:48.0828 0x0904  [ 81B8EBABC5BF202911C675B2BD7C34C2, 201559E504869DC83586F7BEBE38534EEFA017DE554DA6E1FD417534583D1818 ] CTEXFIFX        C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
17:47:48.0843 0x0904  CTEXFIFX - ok
17:47:48.0875 0x0904  [ 81B8EBABC5BF202911C675B2BD7C34C2, 201559E504869DC83586F7BEBE38534EEFA017DE554DA6E1FD417534583D1818 ] CTEXFIFX.SYS    C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
17:47:48.0906 0x0904  CTEXFIFX.SYS - ok
17:47:48.0906 0x0904  [ 2A4985473F8AB62E7D655AFF6BFA72C2, 4DEC5896929E8A0485F066F8BBDA5D93E5FC8C548C1CD9AB5DE2AE589CCCB2CD ] CTHWIUT         C:\WINDOWS\system32\drivers\CTHWIUT.SYS
17:47:48.0906 0x0904  CTHWIUT - ok
17:47:48.0906 0x0904  [ 2A4985473F8AB62E7D655AFF6BFA72C2, 4DEC5896929E8A0485F066F8BBDA5D93E5FC8C548C1CD9AB5DE2AE589CCCB2CD ] CTHWIUT.SYS     C:\WINDOWS\System32\drivers\CTHWIUT.SYS
17:47:48.0906 0x0904  CTHWIUT.SYS - ok
17:47:48.0921 0x0904  [ 28394F3E7317119506EC82DF001FDBB5, F48133BC56BF3B387493CECBC456AD4C85E60CFE89A2F5484DD04689DFB9382C ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:47:48.0921 0x0904  ctprxy2k - ok
17:47:48.0937 0x0904  [ EB6DB96594E564781F54661B2AD08C9C, C7BADFF4A14DB9C3D7B27FF956A4C32A057CA504CE8196DB6E9FFD0A0DB67D15 ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:47:48.0937 0x0904  ctsfm2k - ok
17:47:48.0937 0x0904  dac2w2k - ok
17:47:48.0937 0x0904  dac960nt - ok
17:47:48.0953 0x0904  [ 70ABA737C26F576BD04F108E22FE8A8A, 9A182B9DE4ED3E3CD5F72E5F367D132959B42EDA9F4FE7D74FC9C1AD0C5D83C3 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:47:49.0000 0x0904  DcomLaunch - ok
17:47:49.0015 0x0904  [ 1CCE370E4208B753586C0A1D88DAC6B6, 6FCA98FE25F9F711C0AF09668CD14C5327FC737B796438C1AD96F638877DFCB3 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:47:49.0062 0x0904  Dhcp - ok
17:47:49.0062 0x0904  [ 023712144C69E60FCB662CDA2715BF16, 9DD953927B5A7144F56E757FBF307EDF9F947EB139F319F4518E45C12BED46BF ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:47:49.0093 0x0904  Disk - ok
17:47:49.0093 0x0904  dmadmin - ok
17:47:49.0109 0x0904  [ 1E5C89A65465F6D9674898EB4989CB86, 3D6C948B62F79A0D82E802D1B88E1CC862BC600A8CD4FDD0630EA13A2D000FFC ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:47:49.0171 0x0904  dmboot - ok
17:47:49.0171 0x0904  [ 6CF151F832EC417FFAF68F20ED7D39FB, E02D9E56414CFF0BBFB4E3AF12C2759705838A44EA97F1FD1A3766E7B8D55531 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:47:49.0203 0x0904  dmio - ok
17:47:49.0218 0x0904  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:47:49.0250 0x0904  dmload - ok
17:47:49.0250 0x0904  [ 8446808AA975A12F1D76B1C03A0B0F13, 66B5E69F0BDAF42662EA88FCEDCB689C9A51ADC830F1641D0E872B299769FCE8 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:47:49.0296 0x0904  dmserver - ok
17:47:49.0296 0x0904  [ C561840C22148F5AFFB659D547EFDBB0, 74E35EA5EFA1938BC6B1C1F764CE1491550EA0308254254939729C6901AA8481 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:47:49.0343 0x0904  DMusic - ok
17:47:49.0343 0x0904  [ F0AB10362C34E0FDC03FB8E029D07984, EE5C132F4568863508F8C31E41F8FAA145CF593C3141423A77F84D2178FA340C ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:47:49.0375 0x0904  Dnscache - ok
17:47:49.0390 0x0904  [ 2AFB6DA63E0DB5B0952E57DDD7832A0C, FC0F5ABAF79FA5C027CC216E672E1222470DC2AA80618349D595156B27CBFDC6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:47:49.0437 0x0904  Dot3svc - ok
17:47:49.0437 0x0904  dpti2o - ok
17:47:49.0453 0x0904  [ C13EE685AA1A8950146F7F968EB090BD, B51BF49E1B643343968FE3DF88B9B6265678886C831E0AF2F366715A867E4537 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:47:49.0484 0x0904  drmkaud - ok
17:47:49.0500 0x0904  [ EA946F418A8B152E068991A5ED68CF32, 25F58A94CE6C277159BE5B9936C46779C46F8CD23BCFB8CD8C7EA9F1F676B655 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:47:49.0546 0x0904  EapHost - ok
17:47:49.0562 0x0904  [ D9339B4C3EF3AE41D21C0DE4B8C378E3, EEB92A9AC2B3329DFFCD1F07DC76E1498A8C321366B9AF844620160CB7CAB07E ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
17:47:49.0562 0x0904  emupia - ok
17:47:49.0562 0x0904  [ D3C4835319F9E6E589F335BCFD261AF4, 5B551AA1854313893F422BB5426FB35BA41B8767E517A0C20A3FEBBB30B004AE ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:47:49.0593 0x0904  ERSvc - ok
17:47:49.0609 0x0904  [ EC1CC588030C22D8A9F7DE7E5AD2A6F7, F292EBABD66644D628E226141624B783E6D5704318D7CD1A521726C49F83BD69 ] EtronHub3       C:\WINDOWS\system32\Drivers\EtronHub3.sys
17:47:49.0609 0x0904  EtronHub3 - ok
17:47:49.0609 0x0904  [ 15DBC936B04847E7A85D9D134A00A472, 7388EC9C494F409D0E884E276D1CBA13151388540ED3AD6C77D4014ED8217904 ] EtronXHCI       C:\WINDOWS\system32\Drivers\EtronXHCI.sys
17:47:49.0625 0x0904  EtronXHCI - ok
17:47:49.0640 0x0904  [ 76727219614A50B2DB29BD0CDA4260D5, 7FDB76B4BD1A788FA023F5E9A0101147D4E7D901C549D42F9AB347CC874AB669 ] Eventlog        C:\WINDOWS\system32\services.exe
17:47:49.0671 0x0904  Eventlog - ok
17:47:49.0687 0x0904  [ 56F40DEC4F1A4595BE3B092E38B07C07, 2AB38DEEEBADA4C85FC00A3C9A1EB7A0B81B355FEBD98A0D8509FF3F48456DEB ] EventSystem     C:\WINDOWS\system32\es.dll
17:47:49.0718 0x0904  EventSystem - ok
17:47:49.0718 0x0904  [ F696CF49C72F50EA0C1038C2DAA98A00, C3F1E90F8904E1D25DAEEDCD1780AD887BAFA3600E1D6581A458A78F2B838927 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:47:49.0765 0x0904  Fastfat - ok
17:47:49.0796 0x0904  [ BB897A6E8434984742173BD13CD67CE5, E52F76DBE456A7E96F21AAB2634E5D45C1E577E4155CE987518093EE79545777 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:47:49.0828 0x0904  FastUserSwitchingCompatibility - ok
17:47:49.0843 0x0904  [ 650FA0D37498F9E2B201A09DBCA0B85B, 4ECCB6C1324E6945A76AE32DC9C53094B6CFBCF469C00C60A14EB263AAA49CBB ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
17:47:49.0875 0x0904  Fdc - ok
17:47:49.0875 0x0904  [ 74947FD2D6A9151C0BB9C72BDAF0E894, 75592EBDA5728929C5C64EAD38C2CEB7BA19CD4A0E11C6F4B5E4489294E35258 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:47:49.0921 0x0904  Fips - ok
17:47:49.0921 0x0904  [ 3B8607A2BF5AEC3DAB18CF3612C07C1D, 5365C5152E658FC6EDA7D8AC2C29125DFB5A1939C501EAC2E89B0FEBEC5FBFBB ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
17:47:49.0953 0x0904  Flpydisk - ok
17:47:49.0953 0x0904  [ 87EC219A7AE5553144E2086D2D7DAA8A, 65E88410E4D0E7A3EB1A2C94C51ABE608FD5FDE7D469402542AAF8EC2A08D93F ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:47:50.0000 0x0904  FltMgr - ok
17:47:50.0000 0x0904  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:47:50.0031 0x0904  Fs_Rec - ok
17:47:50.0031 0x0904  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:47:50.0078 0x0904  Ftdisk - ok
17:47:50.0093 0x0904  [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio          C:\WINDOWS\system32\giveio.sys
17:47:50.0093 0x0904  giveio - detected UnsignedFile.Multi.Generic ( 1 )
17:47:50.0093 0x0904  giveio ( UnsignedFile.Multi.Generic ) - warning
17:47:50.0109 0x0904  [ 9479C26A5691CCEA495E2438EF11C948, 65AA9E0782C45AD4B64122383AD06BAC75C8E32C261B6E9B7A19698928ED08C0 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:47:50.0140 0x0904  Gpc - ok
17:47:50.0171 0x0904  [ 0E893607708EFB65223638AB46BFD98F, 534B45FC8592A05E7B7C2D8BCC8F2A03B244B706DB1A336F1AE9E8B15234D495 ] ha20x2k         C:\WINDOWS\system32\drivers\ha20x2k.sys
17:47:50.0187 0x0904  ha20x2k - ok
17:47:50.0203 0x0904  [ 546BCC75CCBFEF49802C9DEF61DE981E, C685677E08DA996E623E8EF4418C5CB536936133F2ABE3604BC7D387EFC490D2 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:47:50.0234 0x0904  helpsvc - ok
17:47:50.0234 0x0904  HidServ - ok
17:47:50.0250 0x0904  [ 5F845228561E9545EDC6F9EBFA15D338, 10993AE5F6B1174AF1F6219F594AA4A511864A69ED7A0C3D0C39BDA4018B78CF ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:47:50.0296 0x0904  hidusb - ok
17:47:50.0312 0x0904  [ 2E417CA3C2693F7355492B5EDFD0F0AE, 6CE42484865C3F7FD5EDB480576F0B991B12251F0BC43C7C94FE6AC3739D7C20 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:47:50.0359 0x0904  hkmsvc - ok
17:47:50.0359 0x0904  hpn - ok
17:47:50.0359 0x0904  [ 681AFD0F5D6A12BE948181B11A7F80A6, B72BBD690CD9A178E80A179F24F720FF8E670C1BC66AE660D72CEDD03F4A26B7 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:47:50.0406 0x0904  HTTP - ok
17:47:50.0406 0x0904  [ 1E01E83A8B0FACE497DCA0D99624501B, 725F663792645DA82180B20557D4122BF7553BEEC0E98BB4CF686222D75CEE52 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:47:50.0437 0x0904  HTTPFilter - ok
17:47:50.0453 0x0904  [ 4004657E385E6C714825EB9031ED2062, 6AB3F3AE72B5939E5D551FBBAE1CDDA54CD63631685E311706FD2389B4F2BE56 ] HWiNFO32        C:\WINDOWS\system32\drivers\HWiNFO32.SYS
17:47:50.0468 0x0904  HWiNFO32 - ok
17:47:50.0468 0x0904  i2omgmt - ok
17:47:50.0468 0x0904  i2omp - ok
17:47:50.0484 0x0904  [ 30ABE7000DF369D8B1C4174429260AAD, EE15508EC3D3305C1015FD82227062EC92C3917A349FE4C5287D65295F29769B ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:47:50.0515 0x0904  i8042prt - ok
17:47:50.0531 0x0904  [ 28514CFA7211B9AEC7FD605C17F519F6, 643290F5C36FB8838B272DAB57956617180D6D6A49B495CC8899919178362C34 ] IDMTDI          C:\WINDOWS\system32\DRIVERS\idmtdi.sys
17:47:50.0546 0x0904  IDMTDI - ok
17:47:50.0546 0x0904  [ E32BF30D20B5C162775F9A3451E87B67, 3075E5C64BF4CD6C8E84B110C936DA05FBB1F9B06A90A99BDDE4906CD1CEC2CB ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:47:50.0578 0x0904  Imapi - ok
17:47:50.0609 0x0904  [ B6028C0C3102A132A7421102B6C2015E, 143FBAD8A55EE81F57ED00B2473B4F3DA56CBA29126E3ED4F3119727A6D430BC ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:47:50.0640 0x0904  ImapiService - ok
17:47:50.0656 0x0904  ini910u - ok
17:47:50.0656 0x0904  IntelIde - ok
17:47:50.0656 0x0904  [ B3731CA1BDB32F83C817263646C31C15, 42DCF4B8A1D0C1F4A7B705EAE17360D9377DB75D466F055AAA5588FEDC72B46D ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:47:50.0703 0x0904  intelppm - ok
17:47:50.0703 0x0904  [ EF9BB587E33C2C245B5B83E882501FF6, D0350A3AAB323EAC220CD5E24AE22BA6EE1629A89E5C9925D87B3AC8C5AC0C7A ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:47:50.0734 0x0904  Ip6Fw - ok
17:47:50.0765 0x0904  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:47:50.0796 0x0904  IpFilterDriver - ok
17:47:50.0796 0x0904  [ 30ABA7A3F81E4B76C963CD6CAA23CB49, DB4B9E3556165C01ABFE2DE7D2BA2865E5D50C730172A043966BF066E77CB5F2 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:47:50.0828 0x0904  IpInIp - ok
17:47:50.0843 0x0904  [ EEB5787BD1445C8DC592F40691781774, FBD5237B340BB9675C624DE617E6618B87D1256CB90757B2FDD49D724465EF33 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:47:50.0875 0x0904  IpNat - ok
17:47:50.0890 0x0904  [ BFEA19DAFF955239A16A80C3CDF64FBE, A52A8B3E42E39E43B97454C2E6312F297174A076E829BFC79C680DEEA32CBA45 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:47:50.0921 0x0904  IPSec - ok
17:47:50.0921 0x0904  [ 64E28D94089CFF1C3C77F02F99FFAC3F, E58292B70C54B683FC183E0A9F9BF9188011DDBFCB5580E92326BBB4597DD9D6 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:47:50.0937 0x0904  IRENUM - ok
17:47:50.0953 0x0904  [ 81A40A1118265DFC09C036F7776EBCC0, 1BDB0CFA2BD3DD488450607B0B4DBE0118C067BA47D28B3E425C6D7405BFB148 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:47:50.0984 0x0904  isapnp - ok
17:47:50.0984 0x0904  [ 4FF969B48F320F6CE0B07247069C4C22, 3922D09F51F72875ECC65EFCE5011EC49A6D5E96A843868C547099C24F5AA81E ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:47:51.0015 0x0904  Kbdclass - ok
17:47:51.0015 0x0904  [ 55E8D7039254728E9F071118184FF53B, F2C9DB5A765C7AD451ADF02A40BC382F6053E3A1BFCD2553366AAF16AC9E9C61 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:47:51.0062 0x0904  kmixer - ok
17:47:51.0078 0x0904  [ 4635935FC972C582632BF45C26BFCB0E, ABD4AFD71B3C2BD3F741BBE3CEC52C4FA63AC78D353101D2E7DC4DE2725D1CA1 ] KMService       C:\WINDOWS\system32\srvany.exe
17:47:51.0078 0x0904  KMService - detected UnsignedFile.Multi.Generic ( 1 )
17:47:51.0078 0x0904  KMService ( UnsignedFile.Multi.Generic ) - warning
17:47:51.0078 0x0904  Force sending object to P2P due to detect: KMService
17:47:51.0078 0x0904  Object send P2P result: false
17:47:51.0078 0x0904  [ 23EA4C1A4CA28FD766ED2D3A5BEAEE3F, 52A48679A06A2D7BE3994E97EEA35CDDA1C85CDB34CE5CF69B7CF5BAA6DB023E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:47:51.0125 0x0904  KSecDD - ok
17:47:51.0125 0x0904  [ D0546E97612635358B6428008A9C5A6E, 861786A94B60E61D552417F176056E6D003E3EA056DEA922B47AEF017F9687A5 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
17:47:51.0171 0x0904  LanmanServer - ok
17:47:51.0171 0x0904  [ 7FC4C7D670CA8B61F500F4A09E5A2EB1, F261D1F22DDABCDD531C3A41FBF0F5B2344394D44581EF5EBF5981BAAE04E887 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:47:51.0203 0x0904  lanmanworkstation - ok
17:47:51.0203 0x0904  lbrtfdc - ok
17:47:51.0218 0x0904  [ 8173854F8474C3DDAE5562113E99D14E, 43B4FFC4156A355C3C58A2D2F3D37A17E08C0AE8E76170EA96EA1D7EBE99242C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:47:51.0250 0x0904  LmHosts - ok
17:47:51.0359 0x0904  [ F168D9361CE59D0A2D11E173A5CC1B9F, E1FC717CF6621EC04640EF4B97C89A065900BC324F82A988580D66C5EC7CB49C ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
17:47:51.0437 0x0904  MBAMService - ok
17:47:51.0453 0x0904  [ B72EBB5C4727E67BAFDBC7FEA5A8D49F, 77C6153415B0ED94856BFA5B5EE8A410768FB15D46DED711BA380C553250976E ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
17:47:51.0453 0x0904  MBAMSwissArmy - ok
17:47:51.0468 0x0904  [ CDA1A5CAC8C9D090079B93B8A1EC3F2C, F53CEC1A6B29612BC18E987EE773A1F001AA572081E17C6BD1117FBD7FF996D1 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:47:51.0500 0x0904  Messenger - ok
17:47:51.0500 0x0904  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:47:51.0531 0x0904  mnmdd - ok
17:47:51.0546 0x0904  [ 9DA90C3AEA0D4467C2193A5FA7F2B111, F51D6DE719D6C0D16644A69B7898B04DC193C5807705B8AD8427968A3F92799B ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:47:51.0593 0x0904  mnmsrvc - ok
17:47:51.0593 0x0904  [ ADD0BB36498E4DA9B1B6A3E201B60A18, 4DF9D7C91D4612B7C542B5672A58A56E5846E9F46B4BF9033C7FDED8A7500191 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:47:51.0625 0x0904  Modem - ok
17:47:51.0625 0x0904  [ E70558B84CB0CB9C739CC48EAD2A4323, 11A299FB035FC7DC49C190393775C869B11C86D745CB73AC27F3F9E2EE3EAD26 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:47:51.0656 0x0904  Mouclass - ok
17:47:51.0671 0x0904  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:47:51.0703 0x0904  mouhid - ok
17:47:51.0703 0x0904  [ 07BE8CAFD246A7DFB7FD4A387E936E92, E6E32C9B0FB0E9FAF19F91E1A6627AAB007BE7F7CE98F3177274A2CFDEA829FF ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:47:51.0734 0x0904  MountMgr - ok
17:47:51.0734 0x0904  mraid35x - ok
17:47:51.0750 0x0904  [ AC816EFF53BCA79369F0B8643165368C, 62EB8F06CC37BBEE4655C265EA6732F86A0753BD3F093D585D057FCAA704B269 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:47:51.0781 0x0904  MRxDAV - ok
17:47:51.0828 0x0904  [ 73484C0377FEFA76A4DDD48112EC93A3, 0194B8FF3234B63D05B23B03AF0A700CE509C7368B3E9E940DB400FF55F7361F ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:47:51.0875 0x0904  MRxSmb - ok
17:47:51.0875 0x0904  [ 508CCBA132DE09156DAABD5DF141923E, ABAD628B47549CADAB0A3716EADFD25D2887BF6B75DAAD2CB05C7C6388E039F1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:47:51.0921 0x0904  MSDTC - ok
17:47:51.0921 0x0904  [ 4D563545581E72C477AB00741B119853, 9AB8FE78025FED4140FDD0AEEF195F989D7026A623794A2DE7E501E78D57F0BF ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:47:51.0953 0x0904  Msfs - ok
17:47:51.0953 0x0904  MSIServer - ok
17:47:51.0953 0x0904  [ B16206732E541C04C1860D84447EF5BF, EA8408B5032A0D580F85E7D253FB76131762B1A17D1159938381681F1E753578 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:47:51.0984 0x0904  MSKSSRV - ok
17:47:51.0984 0x0904  [ BD33CFA58C156CBD5419A87C3A4CD0B2, 69830AEEBF2DB7B9A4D351DC6602A6419534EBDE27F92A8A3EBB4BACCCA6ADA6 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:47:52.0031 0x0904  MSPCLOCK - ok
17:47:52.0031 0x0904  [ A7EC2F88FAE0F03252A60950660CC3E1, B0FDFA63EDF3C75E2E04477B59F9154209186777774B37E9744FDBB228D793CC ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:47:52.0062 0x0904  MSPQM - ok
17:47:52.0062 0x0904  [ F41814FD8811B2BA2A43A79AA8CCE82A, 77CB63B3162CDB45B35C005C00B71AD288DD5C82C7E736E3609F7B6AF3B3E189 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:47:52.0093 0x0904  mssmbios - ok
17:47:52.0093 0x0904  [ 2BB00D68CC9FBDA1EE3D9BAB9E4FD620, BD51726CD117B5B62C036DE99D0F854594AA6F94977EA24D1D9F418037683FD9 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:47:52.0140 0x0904  Mup - ok
17:47:52.0140 0x0904  [ 1CEC9008BC720274F6BCDD800D934642, 3AA997438417D7BBE9BE07E290030209CB4C69704012ADF00F2C73F68E43C46A ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:47:52.0187 0x0904  napagent - ok
17:47:52.0187 0x0904  [ D1B364F049EB84A883C8A45D3B92FF3B, 77E8E43E06BC0E62370003C9506B43159EB31B183F49F3F9FA8A1CED53607FB7 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:47:52.0218 0x0904  NDIS - ok
17:47:52.0218 0x0904  [ 7D0D0F2BF199C2DF0A9D1B01406168AC, A960054BE0343A60437C37BEC35E86306DED7B3BB72392C8931304B70F82193B ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:47:52.0265 0x0904  NdisTapi - ok
17:47:52.0265 0x0904  [ E8969046DC350ECD1E9209DFE341C170, 34D70241F4BC9345A1F358517242E03C3AD37650D150DF1C1E94C20C3A87ED06 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:47:52.0312 0x0904  Ndisuio - ok
17:47:52.0312 0x0904  [ 266FDED9836490FF227AD13E677BA4FB, B4B79D3B9393BAF3D90A461E87B8A2D6E86F1DBD4DAA57E0CD7702587A959C8F ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:47:52.0343 0x0904  NdisWan - ok
17:47:52.0343 0x0904  [ 5AA58D218431C79E36A4878F18414637, AE14B9B4281B533C5AEA571499253003C9E7AC01D3743C6058F2E3061E091554 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:47:52.0375 0x0904  NDProxy - ok
17:47:52.0390 0x0904  [ C70B403D8158E11BF0D43D5B153CBE6B, 27BCF498593D0D1040A9C35B2051531BCCD9D3D959EEDBC958745611F86A5F01 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:47:52.0421 0x0904  NetBIOS - ok
17:47:52.0421 0x0904  [ C181E1F7A2A251B7AF6352DCBD8457F3, F68D51565E24BE1DBEBBA854E19C367B41503F43A7F7667FCCFE5D0805EF5F4D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:47:52.0453 0x0904  NetBT - ok
17:47:52.0468 0x0904  [ B7FBB08BB1328BB977DDCC533C9F2938, 633CC56C4734E3B8E69BDA20C717B554E418FF769F303041F7AA402D8840F3D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:47:52.0515 0x0904  NetDDE - ok
17:47:52.0515 0x0904  [ B7FBB08BB1328BB977DDCC533C9F2938, 633CC56C4734E3B8E69BDA20C717B554E418FF769F303041F7AA402D8840F3D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:47:52.0546 0x0904  NetDDEdsdm - ok
17:47:52.0562 0x0904  [ 4DD0637AE896EB8E00DF331D1CCCFC5C, 23CEFCE57EF448C3881077EE31C983C701BB5039B049369046317C6B969B948A ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:47:52.0593 0x0904  Netlogon - ok
17:47:52.0593 0x0904  [ 926F0847887C38D0C6F8C1AEF4E45E98, 9C7CBC8536840F2670ECC51D3129E0D09EF8AC42C9C5783B0101D28081C4AD66 ] Netman          C:\WINDOWS\System32\netman.dll
17:47:52.0640 0x0904  Netman - ok
17:47:52.0656 0x0904  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:47:52.0656 0x0904  NetTcpPortSharing - ok
17:47:52.0671 0x0904  [ B826B6672072189E002A27C72C1BDCAC, EBA409F6BC4B6965F21F3EBF1442A1C0E76E7F7C3B43F51BE50628995FA354D0 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:47:52.0703 0x0904  Nla - ok
17:47:52.0718 0x0904  [ 20C123AFC574ABF76BA35D39C26AE6DF, 9B785E53039F1F83CCBE8ECD82A461BFAAD6E25F991966C1B3A6D9C07E1DA96D ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:47:52.0750 0x0904  Npfs - ok
17:47:52.0750 0x0904  [ 34A993D7E519364F5D548B5726917753, 62AEA36276F250D39F5D287F4C3220DECA0AE9552EB0A71E86F1F6597CE6159F ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:47:52.0796 0x0904  Ntfs - ok
17:47:52.0796 0x0904  [ 4DD0637AE896EB8E00DF331D1CCCFC5C, 23CEFCE57EF448C3881077EE31C983C701BB5039B049369046317C6B969B948A ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:47:52.0843 0x0904  NtLmSsp - ok
17:47:52.0843 0x0904  [ 4E1F925E4CBFFC853A96C2D88D0A88E3, F89676E4B8F244F3C51FBFCA153AE99CF539C2D949E763036CAB4464A3FA1D20 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:47:52.0890 0x0904  NtmsSvc - ok
17:47:52.0906 0x0904  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:47:52.0937 0x0904  Null - ok
17:47:52.0953 0x0904  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:47:52.0984 0x0904  NwlnkFlt - ok
17:47:52.0984 0x0904  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:47:53.0015 0x0904  NwlnkFwd - ok
17:47:53.0031 0x0904  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:47:53.0031 0x0904  ose - ok
17:47:53.0140 0x0904  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:47:53.0281 0x0904  osppsvc - ok
17:47:53.0281 0x0904  [ 2891078823B9C0E8D0A62F505B9A5E4B, EAFC1CCB0C07016E243E4F16D716EF305989ECC2B2B6976F2937DF011AC7E1E9 ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
17:47:53.0281 0x0904  ossrv - ok
17:47:53.0281 0x0904  PAExec - ok
17:47:53.0296 0x0904  [ 10572A94D8978619CE4845FE8595C9A5, 3BA1D9BEAC9C26DC2B4C9BF536A7250D4FE2D268BF39EC97C4EB40ED11B83328 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
17:47:53.0328 0x0904  Parport - ok
17:47:53.0328 0x0904  [ 67075DA61516ADEDD710A9DA6C6C8ACB, 1EE1DA69B0CD955B2E4228EE0F783FBB236548EA980A23A11B6D48998C8DF07E ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:47:53.0375 0x0904  PartMgr - ok
17:47:53.0375 0x0904  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:47:53.0406 0x0904  ParVdm - ok
17:47:53.0421 0x0904  [ F3CEBED46DC3A7F1758745C1D1FA5FCF, B512CCAFD7DC41EF1F1ED29A604B7A74530581DDA5E74CEBCEDE4308EB32AD91 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:47:53.0453 0x0904  PCI - ok
17:47:53.0453 0x0904  PCIDump - ok
17:47:53.0453 0x0904  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:47:53.0484 0x0904  PCIIde - ok
17:47:53.0500 0x0904  [ 1EC157CB90D06455D67C007ADA4973AC, 66BA6C4394D8CE730C3DA3FF24061D7EF7706ACC9C959682D26F1F0828BEB582 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:47:53.0531 0x0904  Pcmcia - ok
17:47:53.0546 0x0904  [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
17:47:53.0546 0x0904  pcouffin - detected UnsignedFile.Multi.Generic ( 1 )
17:47:53.0546 0x0904  pcouffin ( UnsignedFile.Multi.Generic ) - warning
17:47:53.0546 0x0904  PDCOMP - ok
17:47:53.0546 0x0904  PDFRAME - ok
17:47:53.0546 0x0904  PDRELI - ok
17:47:53.0546 0x0904  PDRFRAME - ok
17:47:53.0546 0x0904  perc2 - ok
17:47:53.0562 0x0904  perc2hib - ok
17:47:53.0578 0x0904  [ 76727219614A50B2DB29BD0CDA4260D5, 7FDB76B4BD1A788FA023F5E9A0101147D4E7D901C549D42F9AB347CC874AB669 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:47:53.0609 0x0904  PlugPlay - ok
17:47:53.0609 0x0904  [ 4DD0637AE896EB8E00DF331D1CCCFC5C, 23CEFCE57EF448C3881077EE31C983C701BB5039B049369046317C6B969B948A ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:47:53.0640 0x0904  PolicyAgent - ok
17:47:53.0640 0x0904  [ 87D6A848DC367056778168D40A6F1A70, 47E5B7CBDB672B2E1C33C312DE00007C22E20ACEF1CA49FDEECD1F02A4DBE8A3 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:47:53.0671 0x0904  PptpMiniport - ok
17:47:53.0687 0x0904  [ 4DD0637AE896EB8E00DF331D1CCCFC5C, 23CEFCE57EF448C3881077EE31C983C701BB5039B049369046317C6B969B948A ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:47:53.0718 0x0904  ProtectedStorage - ok
17:47:53.0718 0x0904  [ 8DC29E493CCE832784A60BF7C120F132, 4D1D6671D62F89B92155317D656995F25A1AEE74F2B4253E743C84C0851AC82F ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:47:53.0750 0x0904  PSched - ok
17:47:53.0796 0x0904  [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:47:53.0796 0x0904  PSI_SVC_2 - ok
17:47:53.0796 0x0904  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:47:53.0843 0x0904  Ptilink - ok
17:47:53.0843 0x0904  ql1080 - ok
17:47:53.0843 0x0904  Ql10wnt - ok
17:47:53.0843 0x0904  ql12160 - ok
17:47:53.0843 0x0904  ql1240 - ok
17:47:53.0843 0x0904  ql1280 - ok
17:47:53.0859 0x0904  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:47:53.0890 0x0904  RasAcd - ok
17:47:53.0890 0x0904  [ F251AA303981CDB9C0DB1D3B4E10AADB, B2E051C34E29CA435616063848EAE40B71906060BB782999643169DD2F838D61 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:47:53.0937 0x0904  RasAuto - ok
17:47:53.0937 0x0904  [ DBC6AEDA3111EDAF60948FC063565006, 4C6FA1BAFC8734EC1E6F42E51292FA795564020F04B01EEA99286B740461C3F6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:47:53.0968 0x0904  Rasl2tp - ok
17:47:53.0984 0x0904  [ 5790FB0CA1E1478172AA00FA365B9AB3, 2BA4BF704898E71A95CFB76E2C01C70D055229B61146F855AEFA53BAABC5D0BB ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:47:54.0015 0x0904  RasMan - ok
17:47:54.0015 0x0904  [ 96467FC3E135F0B174B8978BD8CE69F9, C63792A897BDA78DC45A630E303F9093DCE9EC5CE5160F48D82E01B0DF94ECAD ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:47:54.0046 0x0904  RasPppoe - ok
17:47:54.0062 0x0904  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:47:54.0093 0x0904  Raspti - ok
17:47:54.0093 0x0904  [ 1116A775BFA71F2C13F3D420DA455FF2, 213785097A8632C8DBDB41ABDF09483E9F8D4B44147F2C3ACDDBB12B0B5B6D06 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:47:54.0125 0x0904  Rdbss - ok
17:47:54.0125 0x0904  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:47:54.0171 0x0904  RDPCDD - ok
17:47:54.0171 0x0904  [ 9B7B9221177C83C7CBFD20B4B67F23DC, CAC6A8C7176C37F1242B78E685C670D10D0141FF832C21658C946EB6C1354B84 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:47:54.0203 0x0904  rdpdr - ok
17:47:54.0203 0x0904  [ 0CD1BDA7F6848E4DE4EED3D36874FFB5, 50BF8B1A9603EDC30715E588EE98C04BBFD3CEFE2C7E5B3CB5E001253B026F38 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:47:54.0250 0x0904  RDPWD - ok
17:47:54.0250 0x0904  [ A06AC4784C970B14631997181E6DADC2, 651B0CC887859E114028629B8E02E10921CF25D12633CF81878D875F82DF0420 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:47:54.0281 0x0904  RDSessMgr - ok
17:47:54.0281 0x0904  [ 11540F52CBC8A4C97467579BBF7FFAE2, 1FB09EF50D3EA85155D7D759DC67EA7727A3686077630F84335AB35C17895640 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:47:54.0328 0x0904  redbook - ok
17:47:54.0328 0x0904  [ 07CEB5F794F9D58DE068E4B50280E993, 4B3943115F7AC2B1A6FEBBDE88F68063F6F2881D51D0DA1B5EFE8075BFBD0EBB ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:47:54.0359 0x0904  RemoteAccess - ok
17:47:54.0390 0x0904  [ 13DA5B9187E209B26D8758B398DFC89A, 3A885CE8FC0AFFA8B4772EF71EC06DDB5E150190545556FD5FA7A4BD2C79D7C6 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:47:54.0421 0x0904  RemoteRegistry - ok
17:47:54.0421 0x0904  [ AB1E7F4BF9E0AA25281C8B3EF049257D, FAA08EA5698141F68B523F72022B11AAD03E2F266032B263D79E65E2B355C493 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:47:54.0453 0x0904  RpcLocator - ok
17:47:54.0468 0x0904  [ 70ABA737C26F576BD04F108E22FE8A8A, 9A182B9DE4ED3E3CD5F72E5F367D132959B42EDA9F4FE7D74FC9C1AD0C5D83C3 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:47:54.0515 0x0904  RpcSs - ok
17:47:54.0515 0x0904  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:47:54.0546 0x0904  RSVP - ok
17:47:54.0546 0x0904  [ 4DD0637AE896EB8E00DF331D1CCCFC5C, 23CEFCE57EF448C3881077EE31C983C701BB5039B049369046317C6B969B948A ] SamSs           C:\WINDOWS\system32\lsass.exe
17:47:54.0578 0x0904  SamSs - ok
17:47:54.0609 0x0904  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:47:54.0609 0x0904  SASDIFSV - ok
17:47:54.0609 0x0904  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:47:54.0609 0x0904  SASKUTIL - ok
17:47:54.0625 0x0904  [ B63D9939AB3247FB668C1115AC5B3A25, BE5E0F98764DCA9D67AF37C68DF6582E3563175ED29F2F031B4C9CF6915202DE ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:47:54.0656 0x0904  SCardSvr - ok
17:47:54.0671 0x0904  [ D79E3CD9BCD39BB2D611F0401418D714, 07937D4FE60FD8E9D0A0E79EB46A608B9BFA6E7BF34B484707CC84E10A2BE963 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:47:54.0703 0x0904  Schedule - ok
17:47:54.0703 0x0904  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:47:54.0718 0x0904  Secdrv - ok
17:47:54.0734 0x0904  [ 47B0B17D193B9317F2F47AD8EB884098, AFC7B9A9160BBA9439C67F599F77675440762F68063950DF18D0486909ED98BC ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:47:54.0765 0x0904  seclogon - ok
17:47:54.0765 0x0904  [ F67206DFD3610FECB83AA65E77431192, 03D2983B816F91E15DB7B066D31A5E6CA58455976B423C8260CB69E23A571726 ] SENS            C:\WINDOWS\system32\sens.dll
17:47:54.0812 0x0904  SENS - ok
17:47:54.0812 0x0904  [ DE23787927CB72533D4869855E955329, B3C42D5DBDCE42E4ED86220CBF0BCD5563B47AE059D742339AA00477BD6910E4 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:47:54.0843 0x0904  serenum - ok
17:47:54.0843 0x0904  [ 471168D4B9ADFD1F9E692F8779455188, 23188E85118A19332C94DA5E6095E4F4B4993C4E0F10E43581F171E51806FE73 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:47:54.0875 0x0904  Serial - ok
17:47:54.0890 0x0904  [ DC495A349DFD94FBFE4CF0689ED647B2, 1191328B7ACC7C70098A233854975BDA4BD8704550F9CCBD677FF8840E4FAB7E ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:47:54.0921 0x0904  Sfloppy - ok
17:47:54.0937 0x0904  [ DA9222DF50B74641658BE5B23B649016, AA64E1C817A1DE24BEA70FB5AF4B22B34C97CC6B18A4A911714DC4B0DFB17425 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:47:54.0984 0x0904  SharedAccess - ok
17:47:55.0000 0x0904  [ BB897A6E8434984742173BD13CD67CE5, E52F76DBE456A7E96F21AAB2634E5D45C1E577E4155CE987518093EE79545777 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:47:55.0031 0x0904  ShellHWDetection - ok
17:47:55.0031 0x0904  Simbad - ok
17:47:55.0031 0x0904  Sparrow - ok
17:47:55.0046 0x0904  [ DC8D2952FB6FFBAEC67BD1B93A34DF11, 0BD1523A68900B80ED1BCCB967643525CCA55D4FF4622D0128913690E6BB619E ] speedfan        C:\WINDOWS\system32\speedfan.sys
17:47:55.0046 0x0904  speedfan - ok
17:47:55.0062 0x0904  [ E477A633EA2D387788879A30666E5998, ACC16139447BE54732244D14062C3A61CFC41008E040858A3CFB22127602B156 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:47:55.0093 0x0904  splitter - ok
17:47:55.0093 0x0904  [ 0DD64932B9A6394B53222B7FD294D12A, E6ADEA627CD8C97D517003E3209969A31984CF0EF6CD3F575F3BFF690817A9C8 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:47:55.0125 0x0904  Spooler - ok
17:47:55.0125 0x0904  [ 8EC0EC1508D5C0DC9F0A46B264B41BFF, 22DE6EBD8403E7BD23D00749D7332FE27B448926593A546F036A03FEBC7C5749 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:47:55.0140 0x0904  sr - ok
17:47:55.0156 0x0904  [ 70BF530F3B28242FD6B2E558219316EB, 23143B8002853345E3B33F86E94D9768B47A542FE3C833D1530297131CE97E68 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:47:55.0171 0x0904  srservice - ok
17:47:55.0171 0x0904  [ 388A576B405FD4C8A4886AA872E8E0F1, 702D7A186B0A7207AE865D18E61AA753DDE8164BBA5ECE81A68E0BF58A793EB1 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:47:55.0218 0x0904  Srv - ok
17:47:55.0234 0x0904  [ AC1BC4FC0F1D0AA39DD487A277F90BC8, 0821CF103B6A43ACA31B82AAC6A79FEF4CC1A35542BAA8EDBAA36390FA97256A ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:47:55.0250 0x0904  SSDPSRV - ok
17:47:55.0265 0x0904  [ 12B5747B7B6B951075EE277400828E89, 2F93DAC109F28D740F56BE9595D51C43A6C32E6AD504ABE24AF18C23852E468A ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:47:55.0296 0x0904  stisvc - ok
17:47:55.0296 0x0904  [ A5491F57E70167A10ED40E19D36EDD13, 87B97098977143AF7CC024B561FB213B3CAECBDB9A17C5CB92EB03303AC653B6 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:47:55.0328 0x0904  swenum - ok
17:47:55.0359 0x0904  [ 5F8AB2829C52609E03560725EAF167F9, C4D15CE246DB3B1B7BC418EAB5095122F1A894CA314BC4966FF58E36D4C18969 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:47:55.0390 0x0904  swmidi - ok
17:47:55.0390 0x0904  SwPrv - ok
17:47:55.0390 0x0904  symc810 - ok
17:47:55.0390 0x0904  symc8xx - ok
17:47:55.0390 0x0904  sym_hi - ok
17:47:55.0390 0x0904  sym_u3 - ok
17:47:55.0406 0x0904  [ FEAEE2DF25F435C153756707321BBF46, 833B54DE83E089C2BA273CF595AF2A2CDBDF387443C0EAE4338420FF6B9B2267 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:47:55.0437 0x0904  sysaudio - ok
17:47:55.0437 0x0904  [ 0213F33C12AD17FCD77AF5F1E854C92C, DED89B0D0769BF8A1C939F22EBB0979A6F8C21A71AD9EB20B90CAF5237C05236 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:47:55.0468 0x0904  SysmonLog - ok
17:47:55.0484 0x0904  [ FF86C8AF96C3FFEEF236C9433401FEC3, 484E5F5D35DCB124CD3796EFDA1EED5E77339B6AB6D506A5E628B5CD0820B488 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:47:55.0515 0x0904  TapiSrv - ok
17:47:55.0531 0x0904  [ 19EBDA988DA80F133DC9E28A50F606E8, 4F8C273210E86C8FAC0E42CB3341B1336A779385357A3CE6627D954BA0D56398 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:47:55.0562 0x0904  Tcpip - ok
17:47:55.0562 0x0904  [ 76AFDFEA26D4CB16E81FA32A22C34376, 63A9D326A5051C72D030FF686287239A243745A5B3F4C5332C3FBE922BF329E7 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:47:55.0593 0x0904  TDPIPE - ok
17:47:55.0593 0x0904  [ 2FC82251C9E895AA48624EBE05E5774E, 027A05A635FDC37B4B75EE331A8285D29B418A9242DDDAA715E1BCCF5890F1D2 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:47:55.0640 0x0904  TDTCP - ok
17:47:55.0640 0x0904  [ 4E55B6F75AD92F13D6ABBF8D767CBCEC, D6D9DE8AB3AED7295334216FE56FA5949163727A3D5C66D5A98C85CD0BC1B7CA ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:47:55.0671 0x0904  TermDD - ok
17:47:55.0687 0x0904  [ 03178DA1A2B7C9B918E5062B2080D732, 688CC08FD1B3FE1118A6BA1A0AEE53E2094C7C26436CF03C1953193D1203B4AB ] TermService     C:\WINDOWS\System32\termsrv.dll
17:47:55.0718 0x0904  TermService - ok
17:47:55.0718 0x0904  [ BB897A6E8434984742173BD13CD67CE5, E52F76DBE456A7E96F21AAB2634E5D45C1E577E4155CE987518093EE79545777 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:47:55.0765 0x0904  Themes - ok
17:47:55.0781 0x0904  [ 4C678B7DC9B005A1B12FEDCB3A44E35F, 99FE384A2CB87D7E4376E1E60ABFC790C40DF0A3BB6FDB25EB52F0F70E885591 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:47:55.0796 0x0904  TlntSvr - ok
17:47:55.0812 0x0904  TosIde - ok
17:47:55.0812 0x0904  [ 65206F5582D60DB2234A4900F280BDB0, CDE80EF99ADF7AB1840937D211F7461864707302B9BE7D6E8BE77587ECBB182B ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:47:55.0843 0x0904  TrkWks - ok
17:47:55.0859 0x0904  [ 90374E55F93F2883377902CB9CBFC6DB, 5A814411B1294E1538948D17EA2E52337F19FA590A868B22F54C8106CFD364DD ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:47:55.0890 0x0904  Udfs - ok
17:47:55.0890 0x0904  ultra - ok
17:47:55.0906 0x0904  [ 415C2A770F4B6932308F9DE7B19B3139, 5E17A11D8E489C7DC138F97DB1CE2CA408DC10B3794B1586952D37F1ED37CE4F ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:47:55.0953 0x0904  Update - ok
17:47:55.0968 0x0904  [ 0EE265DBFD98DB023716C50CFE1521F0, 7B1C78480E6873D3DF666801ABDC5423F8C24D1A462BC3DB6C27E749EB00D2B7 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:47:55.0984 0x0904  upnphost - ok
17:47:55.0984 0x0904  [ 547DB36696544C3401563AA3772D6376, 33E81E1F6AB665D7F04997763D22BEC5D197B526D96CBFA8F7B3EF48F8B5E310 ] UPS             C:\WINDOWS\System32\ups.exe
17:47:56.0015 0x0904  UPS - ok
17:47:56.0031 0x0904  [ D37FEE874B49D951F68E788D40D8C196, D4472A5B629EAA78485FB432A103C9E37BFB624198DCEE9320782261026B40D6 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:47:56.0062 0x0904  usbehci - ok
17:47:56.0062 0x0904  [ 8167383FE00199108F63269C2B8A99E1, DFE238EC0CB9B636C7E3B501D3609095190CA9B6C455CA930E726E97F29C4E77 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:47:56.0109 0x0904  usbhub - ok
17:47:56.0125 0x0904  [ 14CAA438F4EBD12DBD43DB0273BC0FDC, 3ECE7E2AB1B964B2782DE48A1A7A1600BAD4D8A270102B26FA2EFB6914EACC40 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:47:56.0156 0x0904  usbprint - ok
17:47:56.0171 0x0904  [ 5BE9C3F196C607AAA072ED660F9C0423, 440D936CFE2BF3AA7AD5023150310EE9C073444CF56EB740D5DCA0D5B94F6285 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:47:56.0203 0x0904  usbscan - ok
17:47:56.0218 0x0904  [ E3EEF7AE5105A9F99B1807031EDB4171, E59F1F1D4C5827E713F3AF6C91615F0AC29BD6452716590200485ABFEAF1A114 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:47:56.0250 0x0904  USBSTOR - ok
17:47:56.0265 0x0904  [ C2D1B1671F9C1C66E0DF1B5D2DC87616, 577E0EC66E6D751B6521E7E35D8102CE0EC1A9B006B64BEFB75A5D0A15DC5370 ] VClone          C:\WINDOWS\system32\DRIVERS\VClone.sys
17:47:56.0265 0x0904  VClone - detected UnsignedFile.Multi.Generic ( 1 )
17:47:56.0265 0x0904  VClone ( UnsignedFile.Multi.Generic ) - warning
17:47:56.0265 0x0904  Force sending object to P2P due to detect: VClone
17:47:56.0265 0x0904  Object send P2P result: false
17:47:56.0265 0x0904  [ CC1F0DD100F577E9B029547FEE285813, 82068310870C373570020E1EDBF4A503263D4FE8FA2B86255DFC587B7AC2E318 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:47:56.0296 0x0904  VgaSave - ok
17:47:56.0296 0x0904  ViaIde - ok
17:47:56.0312 0x0904  [ 2ABF037F9D447424B58D73706B55B762, 2EA0CD7A788D39E608C1B8039CD86FD7E61B5B911EF1D264D87A58852125CA6B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:47:56.0343 0x0904  VolSnap - ok
17:47:56.0359 0x0904  [ 8901DA47BC3B7AA2EFE49A6FC265B0F8, 887CC6B63588B46B7624A7D4567C06773FF932B30C23DE55F9DD18C6B5A14275 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:47:56.0375 0x0904  VSS - ok
17:47:56.0390 0x0904  [ 64D724F8DD696AE17DC545D9A22C06DC, 455360B5969C0D0D178DF96A3CF335688FAD572070C4EA7A2E66C8FE77EFA4FE ] W32Time         C:\WINDOWS\system32\w32time.dll
17:47:56.0421 0x0904  W32Time - ok
17:47:56.0437 0x0904  [ 8794191476E6B93161BAAA136E309454, F9EE589EAEF43119DAD1F0AB74E4C3A7ECDAD261CEBB0134B1642886FBACA873 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:47:56.0468 0x0904  Wanarp - ok
17:47:56.0468 0x0904  WDICA - ok
17:47:56.0500 0x0904  [ CF66393A0B2E361503BF381AC013B34A, B9BFD6657B41D13EBEA5CB2DF3FB222D5709920F13F39039E8AB19C8E25B8E06 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:47:56.0531 0x0904  wdmaud - ok
17:47:56.0531 0x0904  [ 2695100EF6D97E11443EBCED0057F3F1, 44A7F10BA97361AE33F5309FDD69ADFD67A630758CA0AC2F53B53E3F4BF2EFB5 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:47:56.0562 0x0904  WebClient - ok
17:47:56.0593 0x0904  [ C509666623D32AC4CDA3199CE4EB1925, D7751B00B27453515AF150F8C5765C16FA3631D2821AD7C2B53F9C35BBADF3E6 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:47:56.0625 0x0904  winmgmt - ok
17:47:56.0640 0x0904  [ B9F63F85E14517B5551D55456F7C9D9C, 6F15B7778B742B347A226FD044DC9345380A7790F8AC5D7007BD1310ABB45DE1 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
17:47:56.0671 0x0904  WmdmPmSN - ok
17:47:56.0703 0x0904  [ B024B2E27C45FCC267B12AFA9DD04822, E61A32A4AE1360BFBED8BA8D097192CFAB2F790946E5CC589AE15261DC9B4709 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:47:56.0750 0x0904  Wmi - ok
17:47:56.0750 0x0904  [ A8A632D5802DEC0BBCA2AC750FD34BBD, EAA3D992327176B99AC84775464AA42EDA458C3179A70925157FB1637EB1EC1B ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:47:56.0781 0x0904  WmiAcpi - ok
17:47:56.0796 0x0904  [ 34CD451F120F5E8D8F430184F4E50E7A, 7282A30D924EF89570E863F879BCD6C4D04070FCFFB8DBE99095585B274BF13E ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:47:56.0828 0x0904  WmiApSrv - ok
17:47:56.0875 0x0904  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:47:56.0890 0x0904  WPFFontCache_v0400 - ok
17:47:56.0921 0x0904  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:47:56.0953 0x0904  WS2IFSL - ok
17:47:56.0968 0x0904  [ E750CD80918C221F7249802A3048A287, 8662558AC0C44DB15564205629EA90A1F76BFA6B1DC828AB3D05A528C277491E ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:47:57.0000 0x0904  wscsvc - ok
17:47:57.0015 0x0904  [ A05055C8FAD494885E39A57DC350C4DD, 5752F0ABA7902DAC966E6A00953364B50AAA587555F51D97301D401C49E8F49A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:47:57.0046 0x0904  wuauserv - ok
17:47:57.0062 0x0904  [ A2FC878AB3DAEA806C1E5D1F83EF6E57, 116FE02AE8EBD4FD0BD47E0A8D2EDCFA8F9BEEBD91CE97DB7A62A9CFCBD6BABA ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:47:57.0109 0x0904  WZCSVC - ok
17:47:57.0109 0x0904  [ 5031DA760DB4864FAE386DDFC1428607, 1DEF2109B546CBC6F0F3699022E170F3EDDFEC69D80DAAC28B191BE8B101A516 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:47:57.0156 0x0904  xmlprov - ok
17:47:57.0171 0x0904  [ 06897B431C07886454E0681723DD53E6, AB2632A4D93A7F3B7598C06A9FDC773A1B1B69A7DD926BDB7CF578992628E9DD ] ZAM             C:\WINDOWS\System32\drivers\zam32.sys
17:47:57.0171 0x0904  ZAM - ok
17:47:57.0187 0x0904  [ 06897B431C07886454E0681723DD53E6, AB2632A4D93A7F3B7598C06A9FDC773A1B1B69A7DD926BDB7CF578992628E9DD ] ZAM_Guard       C:\WINDOWS\System32\drivers\zamguard32.sys
17:47:57.0187 0x0904  ZAM_Guard - ok
17:47:57.0187 0x0904  ================ Scan global ===============================
17:47:57.0203 0x0904  [ E2C65A667921DDC7B81815836C1DB25D, A1EBE8C1CE034C463E373CF90DB26B114AE8D6CA00006FCB57645DEC715B9CE0 ] C:\WINDOWS\system32\basesrv.dll
17:47:57.0203 0x0904  [ DEA079254CAAB877ED3FD4A5BE80DE98, 3FF3C3FCC110B943D3D300AAA049D35B314583FCB56F96C7C0612C9B15E6A6E2 ] C:\WINDOWS\system32\winsrv.dll
17:47:57.0218 0x0904  [ DEA079254CAAB877ED3FD4A5BE80DE98, 3FF3C3FCC110B943D3D300AAA049D35B314583FCB56F96C7C0612C9B15E6A6E2 ] C:\WINDOWS\system32\winsrv.dll
17:47:57.0234 0x0904  [ 76727219614A50B2DB29BD0CDA4260D5, 7FDB76B4BD1A788FA023F5E9A0101147D4E7D901C549D42F9AB347CC874AB669 ] C:\WINDOWS\system32\services.exe
17:47:57.0234 0x0904  [ Global ] - ok
17:47:57.0234 0x0904  ================ Scan MBR ==================================
17:47:57.0265 0x0904  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:47:57.0437 0x0904  \Device\Harddisk0\DR0 - ok
17:47:57.0453 0x0904  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:47:57.0718 0x0904  \Device\Harddisk1\DR1 - ok
17:47:57.0718 0x0904  ================ Scan VBR ==================================
17:47:57.0718 0x0904  [ 46597510E6BF6DCC91832490BD3638D8 ] \Device\Harddisk0\DR0\Partition1
17:47:57.0718 0x0904  \Device\Harddisk0\DR0\Partition1 - ok
17:47:57.0718 0x0904  [ CAA8F93A857EDC1A06CBA7ADB2E9311B ] \Device\Harddisk0\DR0\Partition2
17:47:57.0718 0x0904  \Device\Harddisk0\DR0\Partition2 - ok
17:47:57.0718 0x0904  [ 6917828632650666275C1E061FB38768 ] \Device\Harddisk0\DR0\Partition3
17:47:57.0718 0x0904  \Device\Harddisk0\DR0\Partition3 - ok
17:47:57.0718 0x0904  [ 2CAC22B4BB74A07E6C41D71D4B4CFD5F ] \Device\Harddisk1\DR1\Partition1
17:47:57.0718 0x0904  \Device\Harddisk1\DR1\Partition1 - ok
17:47:57.0750 0x0904  [ 926A26E662C7F2F3B075C313A77ED64D ] \Device\Harddisk1\DR1\Partition2
17:47:57.0750 0x0904  \Device\Harddisk1\DR1\Partition2 - ok
17:47:57.0781 0x0904  [ 3B439F43FE491216F61C2DB966E0D606 ] \Device\Harddisk1\DR1\Partition3
17:47:57.0781 0x0904  \Device\Harddisk1\DR1\Partition3 - ok
17:47:57.0781 0x0904  ================ Scan generic autorun ======================
17:47:57.0812 0x0904  [ E2F3102B3A71E2EAD1AA0D6E964E3FBC, 0D346396BCC70FCD0DA549D2228E4D3F4245E53B9B4C45639FBA9E793509D7A3 ] C:\WINDOWS\system32\CTXFIHLP.EXE
17:47:57.0812 0x0904  CTxfiHlp - detected UnsignedFile.Multi.Generic ( 1 )
17:47:57.0812 0x0904  CTxfiHlp ( UnsignedFile.Multi.Generic ) - warning
17:47:57.0890 0x0904  [ 4664EE03CA8776CBA0C5D768281E1F4B, 25FC97416FCDF9C58F225928593004037451DEE71C9A510A1C13AD7763FDCF1D ] C:\Program Files\Browny02\Brother\BrStMonW.exe
17:47:57.0984 0x0904  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
17:47:57.0984 0x0904  BrStsMon00 ( UnsignedFile.Multi.Generic ) - warning
17:47:58.0046 0x0904  [ 5602FF42444B4991E69C62E493BDAEC4, 7AE46CA0CD1E1C091B31EE4A691C26823E0F1AB1CA6B1C29E6C662BF7E28A996 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
17:47:58.0140 0x0904  Malwarebytes TrayApp - ok
17:47:58.0281 0x0904  [ 4FBB97A8A9608D059E4B83ECCBBB846A, 16BA736637067018E8EFA578F029477A69126A91CD584133B3EA22C3EBB1CA10 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
17:47:58.0421 0x0904  SUPERAntiSpyware - ok
17:47:58.0500 0x0904  [ 10B9E1FA95AA3DEA675C9FEC4969A427, 8A27CEC74BB3189FFF2DC1A58C7AC9CA53426171E45DABB6424B5841273B84D1 ] C:\Compact Tray meter\Compact Tray Meter.exe
17:47:58.0593 0x0904  Compact Tray Meter - ok
17:47:58.0687 0x0904  [ 2CC5F8289EB8255B375C95304E8B58B4, C0541D65B41D9A8D4412D8E3A71CA7B457A6B6C4D376E6FFA7E8799CE9B46E4D ] C:\Program Files\Internet Download Manager\IDMan.exe
17:47:58.0812 0x0904  IDMan - ok
17:47:58.0828 0x0904  [ E6735D6E15457E06FEDE517051AF0D70, E787C048D999E36AA10EB7536E01145A46F94A01C6D6849F91ABD0077AEC5815 ] C:\WINDOWS\system32\ctfmon.exe
17:47:58.0875 0x0904  CTFMON.EXE - ok
17:47:58.0921 0x0904  Win FW state via NFM: enabled
17:47:58.0921 0x0904  ============================================================
17:47:58.0921 0x0904  Scan finished
17:47:58.0921 0x0904  ============================================================
17:47:58.0937 0x08e0  Detected object count: 11
17:47:58.0937 0x08e0  Actual detected object count: 11
17:50:43.0328 0x08e0  Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  KMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  VClone ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  CTxfiHlp ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  CTxfiHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:43.0328 0x08e0  BrStsMon00 ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:43.0328 0x08e0  BrStsMon00 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Not seeing much.  Do you really need Superantispyware and Internet Download Manager?

 

SAS mostly just likes to find cookies.  I am not a big fan of them because they like to sue sites that give them bad reviews.

 

IDM usually comes with a lot of adware.

 

Let's do another FRST scan with Addition.txt checked.  


  • 0

#19
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

SAS is not really needed. But IDM is important as I'm on a dial-up internet connection, and IDM helps with downloading (and resuming when required) large files. I have purchased the full licensed version of IDM, so there are no ads nor anything else.

 

 

FRST scan log -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Peter Bahniuk (administrator) on MINE (01-08-2017 09:32:38)
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Loaded Profiles: Peter Bahniuk (Available Profiles: Peter Bahniuk & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(www.dennisbabkin.com) C:\Compact Tray meter\Compact Tray Meter.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(the sz development) C:\Program Files\RimhillEx\RimhillEx.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Farbar) C:\Documents and Settings\Peter Bahniuk\Desktop\FRST_2.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2013-12-23] (ATI Technologies Inc.)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-12-07] (SUPERAntiSpyware)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [Compact Tray Meter] => C:\Compact Tray meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4027504 2017-07-15] (Tonec Inc.)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\Startup\RimhillEx.lnk [2016-11-07]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files\RimhillEx\RimhillEx.exe (the sz development)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{6A394987-A551-40AF-9ADD-BA74B9C7F236}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: nejrxvyi.default
FF ProfilePath: C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default [2017-07-31]
FF Extension: (Status-4-Evar) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\[email protected] [2016-11-04]
FF Extension: (ColorfulTabs) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-11-04]
FF Extension: (Flagfox) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-11-04]
FF Extension: (FlashGot) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-11-12]
FF Extension: (RightToClick) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-11-04]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-04]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF ProfilePath: C:\Documents and Settings\Peter Bahniuk\Application Data\K-Meleon\lvu8bvvw.default [2017-06-29]
FF user.js: detected! => C:\Documents and Settings\Peter Bahniuk\Application Data\K-Meleon\lvu8bvvw.default\user.js [2006-04-07]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Peter Bahniuk\Application Data\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Documents and Settings\Peter Bahniuk\Application Data\IDM\idmmzcc5 [2017-07-26] [not signed]
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-29] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-07-15]
CHR HKLM\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files\Offline Explorer\mpoe.crx <not found>
 
Opera: 
=======
OPR Extension: (EagleGet Free Downloader) - C:\Documents and Settings\Peter Bahniuk\Application Data\Opera Software\Opera Stable\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2017-02-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2013-12-23] (ATI Technologies Inc.) [File not signed]
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2016-10-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-07-27] (Power Admin LLC)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [6852096 2013-12-23] (ATI Technologies Inc.) [File not signed]
R3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-11-16] (REALiX™)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [142144 2017-07-15] (Tonec Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-01] (Malwarebytes)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-10-24] (VSO Software) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-25] (Elaborate Bytes AG) [File not signed]
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-07-27] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-07-27] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-01 09:25 - 2017-08-01 09:23 - 001777664 _____ (Farbar) C:\Documents and Settings\Peter Bahniuk\Desktop\FRST_2.exe
2017-07-31 17:52 - 2017-07-31 17:52 - 000064109 _____ C:\tdsskiller.txt
2017-07-31 17:47 - 2017-07-31 17:52 - 000128308 _____ C:\TDSSKiller.3.1.0.15_31.07.2017_17.47.20_log.txt
2017-07-31 17:46 - 2017-07-31 17:46 - 000016106 _____ C:\ComboFix.txt
2017-07-31 17:46 - 2017-07-31 17:46 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-31 17:46 - 2017-07-31 17:46 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-07-31 17:46 - 2017-07-31 17:46 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-31 17:38 - 2011-06-26 18:45 - 000256000 _____ C:\WINDOWS\PEV.exe
2017-07-31 17:38 - 2010-11-08 05:20 - 000208896 _____ C:\WINDOWS\MBR.exe
2017-07-31 17:38 - 2009-04-20 16:56 - 000060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000098816 _____ C:\WINDOWS\sed.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000080412 _____ C:\WINDOWS\grep.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000068096 _____ C:\WINDOWS\zip.exe
2017-07-31 17:37 - 2017-07-31 17:22 - 005659794 ____R (Swearware) C:\Documents and Settings\Peter Bahniuk\Desktop\ComboFix_2.exe
2017-07-31 16:49 - 2017-07-31 17:46 - 000000000 ____D C:\WINDOWS\erdnt
2017-07-31 16:49 - 2017-07-31 17:46 - 000000000 ____D C:\Qoobox
2017-07-31 16:48 - 2017-07-10 00:33 - 004922400 _____ (AO Kaspersky Lab) C:\Documents and Settings\Peter Bahniuk\Desktop\tdsskiller.exe
2017-07-30 13:12 - 2017-07-30 13:16 - 000000354 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Perms.txt
2017-07-30 13:11 - 2013-05-02 07:56 - 000459114 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\GrantPerms.exe
2017-07-30 12:07 - 2017-07-30 12:07 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-07-30 11:06 - 2017-07-30 11:06 - 000001036 _____ C:\VEW_application.txt
2017-07-30 11:05 - 2017-07-30 11:06 - 000001036 _____ C:\VEW.txt
2017-07-30 11:05 - 2017-07-30 11:05 - 000002014 _____ C:\VEW_system.txt
2017-07-30 11:01 - 2017-07-30 11:01 - 000820212 _____ C:\WINDOWS\SIGVERIF.TXT
2017-07-30 10:43 - 2017-08-01 09:32 - 000022915 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-30 10:43 - 2017-08-01 09:32 - 000007394 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-30 10:12 - 2017-07-30 13:48 - 000000000 ____D C:\Program Files\SpeedFan
2017-07-30 10:12 - 2017-07-30 10:12 - 000000682 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\SpeedFan.lnk
2017-07-30 10:12 - 2017-07-30 10:12 - 000000045 _____ C:\WINDOWS\system32\initdebug.nfo
2017-07-30 10:12 - 2017-07-30 10:12 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\SpeedFan
2017-07-30 00:31 - 2017-07-30 00:32 - 000048868 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Speccy.txt
2017-07-30 00:29 - 2017-07-30 00:29 - 000005583 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\System Idle Process.txt
2017-07-30 00:26 - 2017-07-30 00:18 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Peter Bahniuk\Desktop\procexp.exe
2017-07-29 12:02 - 2017-07-29 12:02 - 000512828 _____ C:\Documents and Settings\Peter Bahniuk\My Documents\Sys_XP_Support.zip
2017-07-29 12:00 - 2017-07-29 12:00 - 000051582 _____ C:\Documents and Settings\Peter Bahniuk\My Documents\reports
2017-07-29 11:49 - 2017-07-29 11:49 - 000147968 _____ C:\Documents and Settings\Peter Bahniuk\My Documents\old_BSOD_XP_v1.3_jcgriff2_PROD_Sysnative.exe
2017-07-29 11:46 - 2017-07-29 11:46 - 000716448 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Peter Bahniuk\My Documents\autoruns.exe
2017-07-29 11:26 - 2017-07-29 11:26 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2017-07-29 11:26 - 2017-07-29 11:26 - 000000000 ____D C:\Program Files\Speccy
2017-07-28 22:21 - 2017-07-28 22:38 - 003234816 _____ C:\Documents and Settings\Peter Bahniuk\Can You Trust Your Color Meter-131132803.mp4.part
2017-07-28 21:07 - 2017-07-28 21:07 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
2017-07-28 21:06 - 2007-11-30 23:25 - 001888992 ____C (ATI Technologies Inc. ) C:\WINDOWS\system32\dllcache\ati3duag.dll
2017-07-28 21:06 - 2007-11-30 23:25 - 000516768 ____C (ATI Technologies Inc. ) C:\WINDOWS\system32\dllcache\ativvaxx.dll
2017-07-28 21:06 - 2007-11-30 23:25 - 000229376 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\ati2cqag.dll
2017-07-28 21:06 - 2007-11-30 23:25 - 000201728 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\ati2dvag.dll
2017-07-28 00:14 - 2017-07-28 00:14 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-28 00:13 - 2017-07-28 00:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-07-28 00:12 - 2017-07-28 00:13 - 000003388 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Rkill.txt
2017-07-28 00:12 - 2017-07-27 23:52 - 022176840 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\RogueKiller_portable32_(12.11.8.0).exe
2017-07-28 00:12 - 2017-07-27 16:40 - 001792640 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Peter Bahniuk\Desktop\uSeRiNiT.exe
2017-07-27 17:25 - 2017-07-27 17:25 - 000189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-07-27 17:10 - 2017-07-30 12:04 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-07-27 17:10 - 2017-07-27 17:10 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-07-27 17:10 - 2017-07-27 17:10 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-07-27 17:10 - 2017-07-27 17:10 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\Zemana
2017-07-27 16:53 - 2017-07-27 17:10 - 000003152 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Rkill_.txt
2017-07-27 16:53 - 2017-07-27 16:53 - 000003368 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Rkill_1.txt
2017-07-27 16:52 - 2017-08-01 09:24 - 000221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-27 16:52 - 2017-07-27 16:52 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-07-27 16:52 - 2017-07-27 16:52 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-27 16:52 - 2017-07-27 16:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-27 16:52 - 2017-06-27 12:06 - 000059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-07-27 10:23 - 2017-07-27 10:23 - 000026990 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Addition.txt
2017-07-27 10:22 - 2017-08-01 09:32 - 000011703 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\FRST.txt
2017-07-27 10:22 - 2017-08-01 09:32 - 000000000 ____D C:\FRST
2017-07-27 02:45 - 2017-07-27 02:47 - 000000000 ____D C:\Tweaking.com - Windows Repair
2017-07-27 02:34 - 2017-07-27 02:36 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Desktop\Tweaking.com - Windows Repair
2017-07-27 01:57 - 2017-07-27 01:57 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Foxit Software
2017-07-27 01:16 - 2017-07-27 01:16 - 000094208 _____ C:\WINDOWS\Minidump\Mini072717-02.dmp
2017-07-27 01:05 - 2017-07-27 01:05 - 000094208 _____ C:\WINDOWS\Minidump\Mini072717-01.dmp
2017-07-27 00:56 - 2017-07-27 00:58 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Foxit Software
2017-07-27 00:56 - 2017-07-27 00:56 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Foxit AgentInformation
2017-07-27 00:56 - 2017-07-27 00:56 - 000000000 ____D C:\Documents and Settings\All Users\Foxit Software
2017-07-27 00:56 - 2017-07-27 00:56 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Foxit ContentPlatform
2017-07-26 20:16 - 2017-07-26 20:16 - 000000696 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Internet Download Manager.lnk
2017-07-26 20:15 - 2017-07-26 20:16 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\Internet Download Manager
2017-07-26 20:15 - 2017-07-26 20:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
2017-07-15 05:18 - 2017-07-15 05:13 - 000142144 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmtdi.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-01 09:32 - 2016-10-08 18:44 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Local Settings\Temp
2017-08-01 09:29 - 2016-10-09 06:30 - 000005196 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-01 09:25 - 2016-10-08 19:02 - 000006346 _____ C:\WINDOWS\ModemLog_LSI PCI-SV92PP Soft Modem.txt
2017-08-01 09:24 - 2016-11-05 16:23 - 000000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1478319800.job
2017-08-01 09:24 - 2016-10-08 18:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-31 18:59 - 2016-10-09 19:22 - 000054760 _____ C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-31 18:59 - 2016-10-09 19:22 - 000054760 _____ C:\WINDOWS\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-31 18:59 - 2016-10-09 19:22 - 000000788 _____ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-31 18:59 - 2016-10-08 18:44 - 000000178 ___SH C:\Documents and Settings\Peter Bahniuk\ntuser.ini
2017-07-31 18:59 - 2016-10-08 18:43 - 000032534 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-31 17:45 - 2016-10-09 16:00 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\DMCache
2017-07-31 17:45 - 2006-03-01 00:00 - 000000227 _____ C:\WINDOWS\system.ini
2017-07-31 17:41 - 2016-10-08 18:44 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk
2017-07-31 14:31 - 2016-10-09 06:28 - 000000211 __RSH C:\boot.ini
2017-07-31 07:50 - 2006-03-01 00:00 - 000000528 _____ C:\WINDOWS\win.ini
2017-07-30 17:28 - 2016-11-16 22:16 - 000000000 ____D C:\Program Files\HWiNFO32
2017-07-30 17:28 - 2016-11-16 22:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2017-07-30 12:41 - 2006-03-01 00:00 - 000012984 _____ C:\WINDOWS\system32\wpa.dbl
2017-07-30 12:07 - 2016-10-09 06:23 - 000000000 ___HD C:\WINDOWS\inf
2017-07-30 12:05 - 2017-06-29 13:55 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-07-30 12:05 - 2017-06-29 13:54 - 000859324 _____ C:\WINDOWS\ntbtlog.txt
2017-07-30 12:00 - 2016-10-08 18:57 - 000131072 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-07-30 11:34 - 2016-10-09 06:23 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-07-28 21:38 - 2017-03-09 20:00 - 000000000 ____D C:\Youtube command line downloader
2017-07-28 21:04 - 2016-10-08 18:54 - 000000000 ____D C:\AMD
2017-07-27 17:08 - 2017-03-03 14:41 - 000000000 ____D C:\Program Files\TubeDigger
2017-07-27 02:47 - 2017-06-29 13:56 - 000044496 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-07-27 01:16 - 2016-11-24 11:02 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-27 00:56 - 2016-10-09 06:29 - 000000000 ____D C:\Documents and Settings\All Users
2017-07-27 00:43 - 2016-10-10 10:53 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2017-07-26 22:33 - 2016-10-21 15:38 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Zoom Player
2017-07-26 20:50 - 2016-10-16 13:35 - 000000000 ____D C:\Program Files\VideoLAN
2017-07-26 20:16 - 2016-10-09 16:00 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\IDM
2017-07-26 20:16 - 2016-10-09 15:56 - 000000000 ____D C:\Program Files\Internet Download Manager
 
==================== Files in the root of some directories =======
 
2016-10-09 21:03 - 2017-03-02 20:03 - 000000651 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pacemaker.ini
2016-10-09 21:03 - 2016-10-09 21:03 - 000000010 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pacemaker_songparams.txt
2016-10-24 21:04 - 2016-10-24 21:04 - 000007887 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.cat
2016-10-24 21:04 - 2016-10-24 21:04 - 000001144 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.inf
2016-10-24 21:04 - 2016-10-24 21:04 - 000000034 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.log
2016-10-24 21:04 - 2016-10-24 21:04 - 000047360 _____ (VSO Software) C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.sys
2016-11-14 19:23 - 2016-11-14 19:23 - 000003584 _____ () C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
FRST Addition scan log -
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Peter Bahniuk (01-08-2017 09:32:56)
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) (2016-10-08 06:42:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1390067357-606747145-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1390067357-606747145-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-1390067357-606747145-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1390067357-606747145-725345543-1000 - Limited - Disabled)
Peter Bahniuk (S-1-5-21-1390067357-606747145-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Peter Bahniuk
SUPPORT_388945a0 (S-1-5-21-1390067357-606747145-725345543-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Auslogics Disk Defrag Professional (HKLM\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.3.4.0 - Auslogics Software Pty Ltd)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.0.0 - Auslogics Labs Pty Ltd)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Blue Cat's Stereo Flanger VST 2.62 (HKLM\...\{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}) (Version: 2.62 - Blue Cat Audio)
Corel PaintShop Pro X6 (HKLM\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM\...\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HL-3150CDN (HKLM\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HWiNFO32 Version 5.52 (HKLM\...\HWiNFO32_is1) (Version: 5.52 - Martin Malík - REALiX)
ICA (HKLM\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IPM_PSP_COM (HKLM\...\{164D34E1-0271-4960-8A26-E8990A302DB1}) (Version: 16.1.0.48 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.68.1 (HKLM\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Nero 11 DiscSpeed (HKLM\...\{B8B03F99-F600-4D96-ADBD-2F384240FB9C}) (Version: 11.0.00400 - Nero AG)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 36.0.2130.65 (HKLM\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
Opti Drive Control 1.70 (HKLM\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version:  - Erik Deppe)
PaceMaker plug-in for Winamp and MediaMonkey (HKLM\...\PaceMaker plug-in) (Version: 2.7 - PaceMaker plug-inc.)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
PSPPContent (HKLM\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (HKLM\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Quake II (HKLM\...\Quake2UninstallKey) (Version:  - )
RimhillEx 1.08 (HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\RimhillEx_is1) (Version:  - the sz development)
Setup (HKLM\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TMPGEnc Plus 2.5 (HKLM\...\{2A1E27FF-BE53-45B4-950F-060236E98E3D}) (Version: 2.524.63.181 - Pegasys Inc.) Hidden
TMPGEnc Plus 2.5 (HKLM\...\InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}) (Version: 2.524.63.181 - Pegasys Inc.)
Vivaldi (HKLM\...\Vivaldi) (Version: 1.0.435.46 - Vivaldi)
VSO Inspector 2.0.2 (HKLM\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 12.7 - Inmatrix LTD)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers1: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers2: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers4: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2008-08-12] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1478319800.job => C:\Program Files\Opera\launcher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Buy or Upgrade Zoom Player.lnk -> hxxp://inmatrix.com/shop_relay/buyshortcut.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Download Skins.lnk -> hxxp://skins.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Video Tutorials.lnk -> hxxp://inmatrix.com/tutorial_redir.htm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Forum.lnk -> hxxp://forum.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Frequently Asked Questions.lnk -> hxxp://www.inmatrix.com/zplayer/fa
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Home Page.lnk -> hxxp://www.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Online Help.lnk -> hxxp://www.inmatrix.com/zplaye
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Usage Guides.lnk -> hxxp://www.inmatrix.com/articles.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-01 00:20 - 2014-03-01 00:20 - 000002560 _____ () C:\WINDOWS\CTXFIRES.DLL
2016-11-30 16:14 - 2016-05-08 02:47 - 000947832 _____ () C:\Program Files\Vivaldi\Application\1.0.435.46\ffmpeg.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [368]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-03-01 00:00 - 2017-07-31 17:45 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 203.97.78.43 - 203.97.78.44
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe] => Enabled:PotPlayer (32-Bit)
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Vivaldi\Application\vivaldi.exe] => Enabled:Vivaldi
StandardProfile\AuthorizedApplications: [C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe] => Enabled:PotPlayer (32-Bit)
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Restore Points =========================
 
29-06-2017 13:48:09 System Checkpoint
26-07-2017 21:52:52 System Checkpoint
27-07-2017 00:43:14 Removed Adobe Reader XI.
27-07-2017 00:56:24 Printer Driver Foxit Reader PDF Printer Driver Installed
27-07-2017 17:27:51 Unsigned driver install
28-07-2017 18:18:59 System Checkpoint
30-07-2017 12:07:45 Unsigned driver install
31-07-2017 14:05:45 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/01/2017 09:29:00 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (08/01/2017 09:29:00 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (07/31/2017 05:49:34 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (07/31/2017 05:49:34 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (07/31/2017 04:51:51 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (07/31/2017 04:51:51 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (07/31/2017 02:36:15 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (07/31/2017 02:36:15 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (07/31/2017 12:51:25 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (07/31/2017 12:51:25 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
 
System errors:
=============
Error: (08/01/2017 09:25:13 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
 
Error: (08/01/2017 09:24:49 AM) (Source: DCOM) (EventID: 10005) (User: MINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BrYNSvc with arguments ""
in order to run the server:
{F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
 
Error: (08/01/2017 09:24:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
 
Error: (08/01/2017 09:24:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
 
Error: (07/31/2017 05:45:58 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
 
Error: (07/31/2017 05:45:41 PM) (Source: DCOM) (EventID: 10005) (User: MINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BrYNSvc with arguments ""
in order to run the server:
{F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
 
Error: (07/31/2017 05:45:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
 
Error: (07/31/2017 05:45:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
 
Error: (07/31/2017 04:48:15 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
 
Error: (07/31/2017 04:47:52 PM) (Source: DCOM) (EventID: 10005) (User: MINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BrYNSvc with arguments ""
in order to run the server:
{F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 3296.08 MB
Available physical RAM: 2535.52 MB
Total Virtual: 5180.32 MB
Available Virtual: 4450.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.76 GB) (Free:77.93 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:119.73 GB) (Free:5.83 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:353.01 GB) (Free:226.22 GB) NTFS
Drive f: () (Fixed) (Total:14.99 GB) (Free:10.93 GB) NTFS
Drive g: () (Fixed) (Total:310 GB) (Free:16.17 GB) NTFS
Drive h: () (Fixed) (Total:35.91 GB) (Free:11.23 GB) NTFS
Drive i: (WXPOEM_EN) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Let's remove: AlternateDataStreams: C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [368]

and look at why these have recent changes:
\Documents and Settings\Peter Bahniuk\ntuser.ini
\WINDOWS\system.ini
\WINDOWS\win.ini
 
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   544bytes   15 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Your Brother printer is either not connected, is off, or needs to be reinstalled.

  • 0

#21
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

FRST Fix log -

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Peter Bahniuk (01-08-2017 13:01:40) Run:1
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Loaded Profiles: Peter Bahniuk (Available Profiles: Peter Bahniuk & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CMD: TYPE \Documents and Settings\Peter Bahniuk\ntuser.ini
CMD: TYPE \WINDOWS\system.ini
CMD: TYPE \WINDOWS\win.ini
AlternateDataStreams: C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [368]
 
 
 
 
*****************
 
 
========= TYPE \Documents and Settings\Peter Bahniuk\ntuser.ini =========
 
The system cannot find the file specified.
Error occurred while processing: \Documents.
The system cannot find the file specified.
Error occurred while processing: and.
The system cannot find the path specified.
 
========= End of CMD: =========
 
 
========= TYPE \WINDOWS\system.ini =========
 
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
 
========= End of CMD: =========
 
 
========= TYPE \WINDOWS\win.ini =========
 
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
[MSUCE]
Advanced=0
CodePage=Unicode
Font=Arial
 
========= End of CMD: =========
 
C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\desktop.ini => ":722b2b1c349a06abf0e866180e5a7e63" ADS removed successfully..
 
==== End of Fixlog 13:01:40 ====
 
 
Looks like the file ntuser.ini was not found(?)
 
Actually I have two Brother printers, but neither are currently connected to my computer.

  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Yes.  Forgot it was XP.  Should hae put quotes around the path because of the spaces.

 

You can copy the next line:

 

CMD: TYPE "\Documents and Settings\Peter Bahniuk\ntuser.ini"

 

Startup FRST and paste the copied line in FRST's Seach Box then hit Fix.  It should work this time.

 

There was nothing interesting in the other two.  We did remove the ADS which looked suspicious.

 

How is it running now?


  • 0

#23
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

OK.

 

FRST keeps coming up with the message that there is no fixlist.txt when clicking the Fix button (after copying the CMD . .  details into FRST search window).

 

So I just created another fixlist.txt file with just the single entry CMD: TYPE "\Documents and Settings\Peter Bahniuk\ntuser.ini". This time FRST seemed to run OK.

 

FRST Fix log -

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Peter Bahniuk (01-08-2017 14:16:17) Run:2
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Loaded Profiles: Peter Bahniuk (Available Profiles: Peter Bahniuk & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CMD: TYPE "\Documents and Settings\Peter Bahniuk\ntuser.ini"
*****************
 
 
========= TYPE "\Documents and Settings\Peter Bahniuk\ntuser.ini" =========
 
 
     
[General]
ExclusionList=Local Settings;Temporary Internet Files;History;Temp
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:16:17 ====
 
 
So far, the video drivers have not (yet) disappeared.
 
Unfortunately, the computer will still not boot into Safe Mode after selecting SafeBoot and Minimal options under msconfig. The computer boots back into Normal Mode.
 
Screenshots of Boot.ini tab attached -
 
Safe Mode no go.png Safe Mode no go extended.png

Edited by brispuss, 31 July 2017 - 08:51 PM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Sorry for the delay.  Must have missed the email.

 

ntuser.ini was harmless.  Don't know why FRST didn't want to work from the search box.  Most of the time that works.

 

The 3rd problem you were complaining about in your other post

 

3) on (re)booting, often get Windows explorer opening with explorer showing C:\Program Files directory, when I haven't even opened that directory!?

 

is usually caused by something trying to run a program that has been removed.  Would have to be one of the following based on your last FRST scan unless you have installed something new.

 

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)

 
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-12-07] (SUPERAntiSpyware)
 
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4027504 2017-07-15] (Tonec Inc.)
 
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
 
Startup: C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\Startup\RimhillEx.lnk [2016-11-07]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files\RimhillEx\RimhillEx.exe (the sz development)
 
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1478319800.job => C:\Program Files\Opera\launcher.exe

 

and from your earlier post:  Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

 

So verify that all the folders listed above (after C:\Program Files\) are still present and can be opened.  The Tweaking.com should have been removed already based on your last FRST scan.

 

You can also Start, Run, msconfig, OK then uncheck all of the Startup items then under Services, Hide all Microsoft services then uncheck everything that remains.  OK.  Reboot.  If that stops Explorer from popping up then go back in and recheck 1/2 of the items you unchecked, OK and reboot.  Takes a while but you should be able to isolate it down to one or two items that cause the problem.

 

When you ran tweaking.com's program did you just do the safe mode fix or do everything?

 

Let's look at the safe mode key in the registry:

 

Copy the next two lines

 

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" /s  > \junk.txt

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" /s >> \junk.txt

 

Start, run, cmd, OK

 

Right click and Paste (or Edit then Paste) and the copied lines should appear.  Hit Enter.

Attach the file C:\junk.txt


  • 0

#25
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

All programs and folders except for SAS are present and can be opened/browsed. SAS was uninstalled recently. I now have deleted the registry entry for SAS.

 

Then ran msconfig and stopped all services apart from Microsoft ones. Rebooted, but the folder C:\Program Files continues to open!?

 

Just did the Safe Mode only fix when running WRAIO.

 

Here is Junk log -

 

 
! REG.EXE VERSION 3.0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys
    <NO NAME> REG_SZ FSFilter System Recovery
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swprv
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
    <NO NAME> REG_SZ Universal Serial Bus controllers
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ CD-ROM Drive
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ DiskDrive
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Standard floppy disk controller
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Hdc
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Keyboard
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Mouse
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ PCMCIA Adapters
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ SCSIAdapter
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ System
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Floppy disk drive
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
    <NO NAME> REG_SZ Volume shadow copy
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    <NO NAME> REG_SZ Volume
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    <NO NAME> REG_SZ Human Interface Devices
 
! REG.EXE VERSION 3.0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys
    <NO NAME> REG_SZ FSFilter System Recovery
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\swprv
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
    <NO NAME> REG_SZ Driver Group
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
    <NO NAME> REG_SZ Driver
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC
    <NO NAME> REG_SZ Service
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
    <NO NAME> REG_SZ Universal Serial Bus controllers
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ CD-ROM Drive
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ DiskDrive
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Standard floppy disk controller
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Hdc
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Keyboard
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Mouse
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Net
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ NetClient
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ NetService
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ NetTrans
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ PCMCIA Adapters
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ SCSIAdapter
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ System
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
    <NO NAME> REG_SZ Floppy disk drive
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    <NO NAME> REG_SZ Volume
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    <NO NAME> REG_SZ Human Interface Devices

  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Did you uncheck the stuff in Startup in MSCONFIG?

 

Run FRST again,  Check the addition.txt box then hit Scan.  Post both logs.  Perhaps we can see what is not working.

 

 

 

The registry entries look normal.  Only thing which is not standard are two entries from MBAM.  


  • 0

#27
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Yes, non-Microsoft services were all unchecked under msconfig.

 

FRST log -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Peter Bahniuk (administrator) on MINE (06-08-2017 14:45:18)
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Loaded Profiles: Peter Bahniuk (Available Profiles: Peter Bahniuk & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Innovative Solutions) C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
(www.dennisbabkin.com) C:\Compact Tray meter\Compact Tray Meter.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(the sz development) C:\Program Files\RimhillEx\RimhillEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2013-12-23] (Advanced Micro Devices, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2013-12-23] (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [Compact Tray Meter] => C:\Compact Tray meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4027504 2017-07-15] (Tonec Inc.)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [Device Doctor] => C:\Program Files (x86)\Device Doctor\DDTray.exe [1046504 2017-03-30] (Device Doctor Software Inc.)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [DriverMax_RESTART] => [X]
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
Startup: C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\Startup\RimhillEx.lnk [2016-11-07]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files\RimhillEx\RimhillEx.exe (the sz development)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{6A394987-A551-40AF-9ADD-BA74B9C7F236}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-07-13] (Internet Download Manager, Tonec Inc.)
 
FireFox:
========
FF DefaultProfile: nejrxvyi.default
FF ProfilePath: C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default [2017-07-31]
FF Extension: (Status-4-Evar) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\[email protected] [2016-11-04]
FF Extension: (ColorfulTabs) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-11-04]
FF Extension: (Flagfox) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-11-04]
FF Extension: (FlashGot) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-11-12]
FF Extension: (RightToClick) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-11-04]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-04]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF ProfilePath: C:\Documents and Settings\Peter Bahniuk\Application Data\K-Meleon\lvu8bvvw.default [2017-06-29]
FF user.js: detected! => C:\Documents and Settings\Peter Bahniuk\Application Data\K-Meleon\lvu8bvvw.default\user.js [2006-04-07]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Peter Bahniuk\Application Data\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Documents and Settings\Peter Bahniuk\Application Data\IDM\idmmzcc5 [2017-07-26] [not signed]
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-29] ()
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-07-15]
CHR HKLM\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files\Offline Explorer\mpoe.crx <not found>
 
Opera: 
=======
OPR Extension: (EagleGet Free Downloader) - C:\Documents and Settings\Peter Bahniuk\Application Data\Opera Software\Opera Stable\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2017-02-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2013-12-23] (ATI Technologies Inc.) [File not signed]
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2017-08-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2016-10-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-07-27] (Power Admin LLC)
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [6852096 2013-12-23] (ATI Technologies Inc.) [File not signed]
R3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] () [File not signed]
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [142144 2017-07-15] (Tonec Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-06] (Malwarebytes)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-10-24] (VSO Software) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2015-03-24] (Avira GmbH)
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-25] (Elaborate Bytes AG) [File not signed]
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-07-27] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-07-27] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-06 14:40 - 2017-08-06 14:40 - 000000000 ____D C:\Process Monitor
2017-08-06 14:35 - 2017-08-06 14:44 - 001777664 _____ (Farbar) C:\Documents and Settings\Peter Bahniuk\Desktop\FRST.exe
2017-08-06 09:55 - 2017-08-06 09:56 - 000017209 _____ C:\junk.txt
2017-08-05 21:02 - 2017-08-05 21:02 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\ATI
2017-08-05 21:02 - 2017-08-05 21:02 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\ATI
2017-08-05 21:02 - 2017-08-05 21:02 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\ATI
2017-08-05 21:00 - 2017-08-05 21:00 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
2017-08-05 20:59 - 2017-08-05 20:59 - 000000000 ____D C:\Program Files\ATI
2017-08-05 20:59 - 2017-08-05 20:59 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-08-05 20:59 - 2013-12-23 20:37 - 000071192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc32.dll
2017-08-05 20:59 - 2013-12-23 20:37 - 000071192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom32.dll
2017-08-05 20:59 - 2013-12-23 20:33 - 006852096 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys
2017-08-05 20:59 - 2013-12-23 20:27 - 000442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIDEMGX.dll
2017-08-05 20:59 - 2013-12-23 20:26 - 000306176 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvag.dll
2017-08-05 20:59 - 2013-12-23 20:04 - 000212992 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\atipdlxx.dll
2017-08-05 20:59 - 2013-12-23 20:04 - 000163840 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\Oemdspif.dll
2017-08-05 20:59 - 2013-12-23 20:04 - 000043520 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\ati2edxx.dll
2017-08-05 20:59 - 2013-12-23 20:02 - 000643072 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
2017-08-05 20:59 - 2013-12-23 20:01 - 000053248 _____ ( ATI Technologies Inc.) C:\WINDOWS\system32\ATIDDC.DLL
2017-08-05 20:59 - 2013-12-23 19:48 - 004847552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\ati3duag.dll
2017-08-05 20:59 - 2013-12-23 19:38 - 000307200 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atiiiexx.dll
2017-08-05 20:59 - 2013-12-23 19:35 - 018964480 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atioglxx.dll
2017-08-05 20:59 - 2013-12-23 19:27 - 002380800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\ativvaxx.dll
2017-08-05 20:59 - 2013-12-23 19:22 - 001610912 _____ C:\WINDOWS\system32\ativvaxx.cap
2017-08-05 20:59 - 2013-12-23 19:15 - 000296208 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-08-05 20:59 - 2013-12-23 19:15 - 000163840 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-08-05 20:59 - 2013-12-23 19:11 - 000929792 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atikvmag.dll
2017-08-05 20:59 - 2013-12-23 19:06 - 000017408 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atitvo32.dll
2017-08-05 20:59 - 2013-12-23 19:05 - 000053248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2017-08-05 20:59 - 2013-12-23 19:01 - 000663552 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\ati2cqag.dll
2017-08-05 20:59 - 2013-12-23 19:01 - 000495616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiok3x2.dll
2017-08-05 20:59 - 2013-07-04 21:41 - 000710269 _____ C:\WINDOWS\system32\atiicdxx.dat
2017-08-05 20:59 - 2012-07-16 14:25 - 000038445 _____ C:\WINDOWS\atiogl.xml
2017-08-05 20:59 - 2010-08-28 06:32 - 000294912 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2017-08-05 20:59 - 2009-06-23 03:34 - 000045056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2017-08-05 20:59 - 2009-05-12 09:35 - 000118784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atibtmon.exe
2017-08-05 20:59 - 2001-11-10 04:01 - 000024064 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\ativcoxx.dll
2017-08-05 13:43 - 2017-08-06 14:29 - 000054400 _____ C:\WINDOWS\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-08-05 13:43 - 2017-08-06 14:29 - 000000788 _____ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-08-05 13:42 - 2017-08-05 13:42 - 000000000 ____D C:\Program Files\Common Files\Creative Labs Shared
2017-08-05 12:34 - 2017-08-05 12:56 - 000015737 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\HWiNFO32.INI
2017-08-05 12:34 - 2017-07-06 09:33 - 003460208 _____ (REALiX) C:\Documents and Settings\Peter Bahniuk\Desktop\HWiNFO32.exe
2017-08-05 10:51 - 2017-08-05 21:00 - 000000000 ____D C:\Program Files\ATI Technologies
2017-08-05 10:51 - 2017-08-05 10:51 - 000000000 ____D C:\AMD
2017-08-04 18:02 - 2017-08-05 12:33 - 000000114 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\USB Disk Format Tool.url
2017-08-04 18:02 - 2017-08-04 18:02 - 000000876 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Unknown Device Identifier.lnk
2017-08-04 18:02 - 2017-08-04 18:02 - 000000000 ____D C:\Program Files\Unknown Device Identifier
2017-08-04 18:02 - 2017-08-04 18:02 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Unknown Device Identifier 9.01
2017-08-04 17:54 - 2017-08-04 18:01 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Device Doctor
2017-08-04 17:54 - 2017-08-04 17:54 - 000000763 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Device Doctor.lnk
2017-08-04 17:54 - 2017-08-04 17:54 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Device Doctor
2017-08-04 17:53 - 2017-08-06 14:42 - 000000304 _____ C:\WINDOWS\Tasks\DriverMax Notification.job
2017-08-04 17:53 - 2017-08-06 14:37 - 000000308 _____ C:\WINDOWS\Tasks\DriverMaxAgent.job
2017-08-04 17:53 - 2017-08-04 17:53 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\My Drivers
2017-08-04 17:52 - 2017-08-06 14:30 - 000000308 _____ C:\WINDOWS\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351.job
2017-08-04 17:52 - 2017-08-04 18:02 - 000000310 _____ C:\WINDOWS\Tasks\DriverMaxWelcome.job
2017-08-04 17:52 - 2017-08-04 17:52 - 000000887 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\DriverMax.lnk
2017-08-04 17:52 - 2017-08-04 17:52 - 000000000 ____D C:\Program Files\Innovative Solutions
2017-08-04 17:52 - 2017-08-04 17:52 - 000000000 ____D C:\My Drivers
2017-08-04 17:52 - 2017-08-04 17:52 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\Innovative Solutions
2017-08-04 17:52 - 2017-08-04 17:52 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Innovative Solutions
2017-08-04 17:52 - 2017-08-04 17:52 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
2017-08-04 12:49 - 2008-07-30 00:06 - 000027144 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\SafeBoot-for-Windows-XP-SP3.reg
2017-08-04 01:58 - 2017-08-04 01:58 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-04 01:58 - 2015-07-28 17:52 - 000821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe
2017-08-04 00:33 - 2017-08-04 01:50 - 000065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2017-08-04 00:33 - 2017-08-04 00:33 - 000001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-08-04 00:33 - 2017-08-04 00:33 - 000001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2017-08-04 00:32 - 2017-08-04 02:32 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2017-08-04 00:32 - 2017-08-04 01:58 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-08-04 00:32 - 2013-09-20 10:49 - 000018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2017-08-03 20:00 - 2017-08-03 20:00 - 000000902 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Registry Repair.lnk
2017-08-03 20:00 - 2017-08-03 20:00 - 000000896 _____ C:\Documents and Settings\All Users\Desktop\Registry Repair.lnk
2017-08-03 20:00 - 2017-08-03 20:00 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\GlarySoft
2017-08-03 20:00 - 2017-08-03 20:00 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Glarysoft
2017-08-03 19:59 - 2017-08-03 19:59 - 000000000 ____D C:\Program Files\Glarysoft
2017-08-03 19:40 - 2007-11-30 23:26 - 000364032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3svc.dll
2017-08-03 19:40 - 2007-11-30 23:26 - 000103424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\uihelper.dll
2017-08-03 19:40 - 2007-11-30 23:26 - 000076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wam51.dll
2017-08-03 19:40 - 2007-11-30 23:26 - 000053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamreg51.dll
2017-08-03 19:40 - 2007-11-30 23:26 - 000033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tools.dll
2017-08-03 19:40 - 2007-11-30 23:25 - 000571392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintlgnt.ime
2017-08-03 19:40 - 2007-11-30 23:25 - 000079360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winar30.ime
2017-08-03 19:40 - 2007-11-30 23:25 - 000065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winime.ime
2017-08-03 19:40 - 2007-11-30 23:25 - 000065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\unicdime.ime
2017-08-03 19:40 - 2007-11-30 23:24 - 000426041 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\voicepad.dll
2017-08-03 19:40 - 2007-11-30 23:24 - 000156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winzm.ime
2017-08-03 19:40 - 2007-11-30 23:24 - 000156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winsp.ime
2017-08-03 19:40 - 2007-11-30 23:24 - 000156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winpy.ime
2017-08-03 19:40 - 2007-11-30 23:24 - 000086073 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\voicesub.dll
2017-08-03 19:40 - 2007-11-30 23:24 - 000076288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\uniime.dll
2017-08-03 19:40 - 2007-11-30 23:24 - 000072704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wingb.ime
2017-08-03 19:40 - 2007-11-30 23:24 - 000010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tmigrate.dll
2017-08-03 19:40 - 2007-11-30 14:16 - 000455168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintsetp.exe
2017-08-03 19:40 - 2007-11-30 14:16 - 000044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintlphr.exe
2017-08-03 19:40 - 2006-03-01 00:00 - 000073728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3ext.dll
2017-08-03 19:40 - 2006-03-01 00:00 - 000048256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w32.dll
2017-08-03 19:40 - 2006-03-01 00:00 - 000041600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.dll
2017-08-03 19:40 - 2006-03-01 00:00 - 000031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.sys
2017-08-03 19:40 - 2006-03-01 00:00 - 000028288 ____C C:\WINDOWS\system32\dllcache\xjis.nls
2017-08-03 19:40 - 2006-03-01 00:00 - 000014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsprof.exe
2017-08-03 19:40 - 2006-03-01 00:00 - 000009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamps51.dll
2017-08-03 19:40 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3svapi.dll
2017-08-03 19:40 - 2006-03-01 00:00 - 000004608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3ctrs51.dll
2017-08-03 19:39 - 2007-11-30 23:26 - 000267776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssvc.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000236544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smi2smir.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000229376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscover.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000142848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclnt.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mtstocom.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntwin.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\svcext51.dll
2017-08-03 19:39 - 2007-11-30 23:26 - 000046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sspifilt.dll
2017-08-03 19:39 - 2007-11-30 23:26 - 000045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ssinc51.dll
2017-08-03 19:39 - 2007-11-30 23:26 - 000042496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\davcdata.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmp.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntcmd.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetin51.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmptrap.exe
2017-08-03 19:39 - 2007-11-30 23:26 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\migregdb.exe
2017-08-03 19:39 - 2007-11-30 23:25 - 000562176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsst.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000482304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlgnt.ime
2017-08-03 19:39 - 2007-11-30 23:25 - 000456192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpsvc.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000451584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsapi.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000400384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsxp32.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000397312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxstiff.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000358400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpincl.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000285184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscomex.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000268288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\httpext.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000259072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpcl.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000257024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infocomm.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000246272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxst30.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000221696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\seo.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_g18030.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000192512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxswzrd.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000188416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpsmir.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsui.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iische51.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpsv251.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntagnt.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\metada51.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iislog51.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000079360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phon.ime
2017-08-03 19:39 - 2007-11-30 23:25 - 000078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dayi.ime
2017-08-03 19:39 - 2007-11-30 23:25 - 000078336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chajei.ime
2017-08-03 19:39 - 2007-11-30 23:25 - 000077824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\quick.ime
2017-08-03 19:39 - 2007-11-30 23:25 - 000072192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscom.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000061440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\httpod51.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsevent.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000044544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nsepm.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000039936 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpthrd.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000039936 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hostmib.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000037888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\md5filt.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iprip.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lmmib2.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gzip.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000029184 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw330ext.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rw001ext.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iscomlog.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsdrv.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\romanime.ime
2017-08-03 19:39 - 2007-11-30 23:25 - 000025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisadmin.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compfilt.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsmon.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsext32.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000022528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lpdsvc.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintlgnt.ime
2017-08-03 19:39 - 2007-11-30 23:25 - 000018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lprmon.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\exstrace.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lonsint.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpapi.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rwnh.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsperf.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\httpmb51.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pwsdata.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisfecnv.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpmib.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpmib.dll
2017-08-03 19:39 - 2007-11-30 23:25 - 000004096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcref.dll
2017-08-03 19:39 - 2007-11-30 23:23 - 000175104 ____C C:\WINDOWS\system32\dllcache\pintlcsa.dll
2017-08-03 19:39 - 2007-11-30 23:23 - 000067584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmigrate.dll
2017-08-03 19:39 - 2007-11-30 23:23 - 000053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlcsd.dll
2017-08-03 19:39 - 2007-11-30 23:23 - 000015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs404.dll
2017-08-03 19:39 - 2007-11-30 23:23 - 000015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs804.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 013463552 ____C C:\WINDOWS\system32\dllcache\hwxjpn.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000811064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjp81k.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000716856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpcus.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000368696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpcic.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000340023 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjp81.ime
2017-08-03 19:39 - 2007-11-30 23:22 - 000315455 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imskf.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000274489 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjputyc.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000106496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrcic.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000102456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imlang.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekr61.ime
2017-08-03 19:39 - 2007-11-30 23:22 - 000086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrmbx.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000081976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdct.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdibm02.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlk41a.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsres.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlk41j.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdax2.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106n.dll
2017-08-03 19:39 - 2007-11-30 23:22 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101.dll
2017-08-03 19:39 - 2007-11-30 23:21 - 000198656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintime.dll
2017-08-03 19:39 - 2007-11-30 23:21 - 000173568 ____C C:\WINDOWS\system32\dllcache\chtskf.dll
2017-08-03 19:39 - 2007-11-30 23:21 - 000097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtmbx.dll
2017-08-03 19:39 - 2007-11-30 23:21 - 000056320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtskdic.dll
2017-08-03 19:39 - 2007-11-30 16:25 - 000020736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ramdisk.sys
2017-08-03 19:39 - 2007-11-30 14:16 - 000480256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintsetp.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000307257 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdct.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000262200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjputy.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000233527 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjprw.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000208952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpmig.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000196665 ____C C:\WINDOWS\system32\dllcache\imjpinst.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000155705 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdsvr.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlphr.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000059392 ____C C:\WINDOWS\system32\dllcache\imscinst.exe
2017-08-03 19:39 - 2007-11-30 14:16 - 000057399 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cplexe.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 010129408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxkor.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 010096640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxcht.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 001875968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.lex
2017-08-03 19:39 - 2006-03-01 00:00 - 001677824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chsbrkr.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 001158818 ____C C:\WINDOWS\system32\dllcache\korwbrkr.lex
2017-08-03 19:39 - 2006-03-01 00:00 - 000838144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtbrkr.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000471102 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imskdic.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000311359 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsv.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000229439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\multibox.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000189986 ____C C:\WINDOWS\system32\dllcache\c_1361.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000187938 ____C C:\WINDOWS\system32\dllcache\c_20005.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000186402 ____C C:\WINDOWS\system32\dllcache\c_20001.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000185378 ____C C:\WINDOWS\system32\dllcache\c_20003.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000185344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\thawbrkr.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000180770 ____C C:\WINDOWS\system32\dllcache\c_20932.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000180258 ____C C:\WINDOWS\system32\dllcache\c_20004.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000180258 ____C C:\WINDOWS\system32\dllcache\c_20000.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000177698 ____C C:\WINDOWS\system32\dllcache\c_20949.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000173602 ____C C:\WINDOWS\system32\dllcache\c_20936.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000173602 ____C C:\WINDOWS\system32\dllcache\c_20002.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000143422 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\softkey.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000134339 ____C C:\WINDOWS\system32\dllcache\imekr.lex
2017-08-03 19:39 - 2006-03-01 00:00 - 000132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclntr.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000131584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxviceo.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000111104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscfgwz.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000108827 ____C C:\WINDOWS\system32\dllcache\hanja.lex
2017-08-03 19:39 - 2006-03-01 00:00 - 000102463 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsm.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000101376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\srusbusd.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000098304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000092416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.sys
2017-08-03 19:39 - 2006-03-01 00:00 - 000092032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000083748 ____C C:\WINDOWS\system32\dllcache\prcp.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000083748 ____C C:\WINDOWS\system32\dllcache\prc.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia330.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia001.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000070656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\korwbrkr.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_864.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_862.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_858.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_720.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_870.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_708.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_28596.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_21027.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_21025.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20924.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20880.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20871.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20838.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20833.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20424.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20423.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20420.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20297.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20290.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20285.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20284.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20280.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20278.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20277.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20273.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20269.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20108.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20107.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20106.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20105.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000060928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisclex4.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000059904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imkrinst.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000057856 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuimgd.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000057398 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdadm.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000056320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\convlog.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000054528 ____C (Philips Semiconductors GmbH) C:\WINDOWS\system32\dllcache\cap7146.sys
2017-08-03 19:39 - 2006-03-01 00:00 - 000053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nextlink.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000047066 ____C C:\WINDOWS\system32\dllcache\ksc.nls
2017-08-03 19:39 - 2006-03-01 00:00 - 000045109 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpuex.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000045056 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esunid.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrmig.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm9aw.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000036927 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs411.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hanjadic.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\controt.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000031744 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esucmd.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb6w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sma3w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pagecnt.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsroute.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm87w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm81w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000029184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8cw.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm93w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm92w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mdsync.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm90w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8dw.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8aw.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm89w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\et4000.sys
2017-08-03 19:39 - 2006-03-01 00:00 - 000025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm59w.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\logscrpt.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000021896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdipx.sys
2017-08-03 19:39 - 2006-03-01 00:00 - 000020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\permchk.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\counters.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000019464 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdspx.sys
2017-08-03 19:39 - 2006-03-01 00:00 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iiscrmap.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\simptcp.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cprofile.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jupiw.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\status.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\quser.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsm.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgport.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\register.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\flattemp.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs412.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgusr.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chglogon.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000013192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdasync.sys
2017-08-03 19:39 - 2006-03-01 00:00 - 000011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxmcro.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssend.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_iscii.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpstup.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\query.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\change.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecat.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iwrps.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infoctrs.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecnt.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpctrs2.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnec95.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\isapips.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iissync.exe
2017-08-03 19:39 - 2006-03-01 00:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_is2022.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxgl.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth3.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth2.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinpun.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101a.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftlx041e.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smimsgif.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsy.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdvntc.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdusa.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdurdu.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth1.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth0.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsyr2.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsyr1.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdintel.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdintam.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinmar.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinkan.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinhin.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinguj.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdindev.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdheb.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdfa.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbddiv2.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbddiv1.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda3.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda2.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda1.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdgeo.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdarmw.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdarme.dll
2017-08-03 19:39 - 2006-03-01 00:00 - 000003584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iismui.dll
2017-08-03 19:39 - 2003-03-24 16:52 - 000094208 ____C C:\WINDOWS\system32\dllcache\fpencode.dll
2017-08-03 19:39 - 2003-03-24 16:52 - 000024632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpadmcgi.exe
2017-08-03 19:39 - 2003-03-24 16:52 - 000020541 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpadmdll.dll
2017-08-03 19:39 - 2001-08-17 22:36 - 000065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2017-08-03 19:39 - 2001-08-17 22:36 - 000057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2017-08-03 19:39 - 2001-08-17 22:36 - 000043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
2017-08-03 19:39 - 2001-08-17 22:36 - 000038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2017-08-03 19:39 - 2001-08-17 22:36 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2017-08-03 19:39 - 2001-08-17 22:36 - 000023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2017-08-03 19:39 - 2001-08-17 22:36 - 000012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
2017-08-03 19:39 - 2001-08-17 22:36 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2017-08-03 19:38 - 2017-08-03 19:38 - 000262144 _____ C:\WINDOWS\system32\config\userdifr
2017-08-03 19:38 - 2007-11-30 23:26 - 000030720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrstas.exe
2017-08-03 19:38 - 2007-11-30 23:26 - 000008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\staxmem.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 002134528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpsnap.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000829440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetmgr.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000369664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asp51.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000331264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aqueue.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000290816 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adsiis51.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000189440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpadm.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000133632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrtl.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\appconf.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000068608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\isatq.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000068608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisext51.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000064512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iismap.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\coadmin.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admwprox.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000029696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admexs.dll
2017-08-03 19:38 - 2007-11-30 23:25 - 000013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infoadmn.dll
2017-08-03 19:38 - 2007-11-30 23:22 - 000076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\logui.ocx
2017-08-03 19:38 - 2007-11-30 23:21 - 000275968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\certwiz.ocx
2017-08-03 19:38 - 2007-11-30 23:21 - 000076288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2017-08-03 19:38 - 2007-04-02 22:56 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0804.dll
2017-08-03 19:38 - 2007-04-02 22:56 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0412.dll
2017-08-03 19:38 - 2007-04-02 22:56 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0411.dll
2017-08-03 19:38 - 2007-04-02 22:56 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt040d.dll
2017-08-03 19:38 - 2007-04-02 22:56 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0404.dll
2017-08-03 19:38 - 2007-04-02 22:56 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0401.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000195618 ____C C:\WINDOWS\system32\dllcache\c_10002.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000177698 ____C C:\WINDOWS\system32\dllcache\c_10003.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000173602 ____C C:\WINDOWS\system32\dllcache\c_10008.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000169984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisui.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000162850 ____C C:\WINDOWS\system32\dllcache\c_10001.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\certmap.ocx
2017-08-03 19:38 - 2006-03-01 00:00 - 000082172 ____C C:\WINDOWS\system32\dllcache\bopomofo.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066728 ____C C:\WINDOWS\system32\dllcache\big5.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1149.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1148.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1147.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1146.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1145.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1144.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1143.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1142.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1141.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1140.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_1047.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10021.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10005.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10004.nls
2017-08-03 19:38 - 2006-03-01 00:00 - 000049664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adrot.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\browscap.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000029184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asptxn.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000019968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetsloc.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisreset.exe
2017-08-03 19:38 - 2006-03-01 00:00 - 000010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aspperf.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\authfilt.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetmgr.exe
2017-08-03 19:38 - 2006-03-01 00:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamregps.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admxprox.dll
2017-08-03 19:38 - 2006-03-01 00:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrstap.dll
2017-08-03 19:38 - 2004-05-13 00:39 - 000876653 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4awel.dll
2017-08-03 19:38 - 2004-05-13 00:39 - 000598071 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpmmc.dll
2017-08-03 19:38 - 2004-05-13 00:39 - 000184435 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4amsft.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpmmcsat.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000188494 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpcount.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000188480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cfgwiz.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000147513 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4apws.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000109328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp98swin.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000102509 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4atxt.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000082035 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4anscp.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000049212 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4awebs.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000049210 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4areg.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000041020 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4avnb.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000032827 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tcptest.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000032826 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp4avss.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000020541 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpexedll.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\author.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admin.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000020538 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fpremadm.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000020536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shtml.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000016439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\author.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000016439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admin.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000016437 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shtml.exe
2017-08-03 19:38 - 2003-03-24 16:52 - 000016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tcptsat.dll
2017-08-03 19:38 - 2003-03-24 16:52 - 000014608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fp98sadm.exe
2017-08-03 19:38 - 2001-08-17 22:36 - 000045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2017-08-03 19:38 - 2001-08-17 22:36 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2017-08-03 19:37 - 2017-08-03 19:37 - 000000749 ___RH C:\WINDOWS\WindowsShell.Manifest
2017-08-03 19:37 - 2017-08-03 19:37 - 000000749 ___RH C:\WINDOWS\system32\wuaucpl.cpl.manifest
2017-08-03 19:37 - 2017-08-03 19:37 - 000000749 ___RH C:\WINDOWS\system32\sapi.cpl.manifest
2017-08-03 19:37 - 2017-08-03 19:37 - 000000749 ___RH C:\WINDOWS\system32\nwc.cpl.manifest
2017-08-03 19:37 - 2017-08-03 19:37 - 000000749 ___RH C:\WINDOWS\system32\ncpa.cpl.manifest
2017-08-03 19:37 - 2017-08-03 19:37 - 000000488 ___RH C:\WINDOWS\system32\logonui.exe.manifest
2017-08-03 19:34 - 2017-08-03 19:34 - 000000123 _____ C:\WINDOWS\pnplog.txt
2017-08-03 19:28 - 2007-12-01 01:32 - 001292766 ____R C:\WINDOWS\SET2B.tmp
2017-08-03 19:28 - 2007-12-01 01:32 - 001292766 ____C C:\WINDOWS\system32\dllcache\SP3.CAT
2017-08-03 19:28 - 2007-12-01 01:32 - 000113057 ____C C:\WINDOWS\system32\dllcache\tabletpc.cat
2017-08-03 19:28 - 2007-12-01 01:27 - 002134325 ____C C:\WINDOWS\system32\dllcache\NT5.CAT
2017-08-03 19:28 - 2007-12-01 01:27 - 001088979 ____R C:\WINDOWS\SET2E.tmp
2017-08-03 19:28 - 2007-12-01 01:27 - 001088979 ____C C:\WINDOWS\system32\dllcache\NTPRINT.CAT
2017-08-03 19:28 - 2007-12-01 01:27 - 000516849 ____C C:\WINDOWS\system32\dllcache\NT5INF.CAT
2017-08-03 19:28 - 2007-12-01 01:27 - 000144623 ____C C:\WINDOWS\system32\dllcache\netfx.cat
2017-08-03 19:28 - 2007-12-01 01:27 - 000034886 ____C C:\WINDOWS\system32\dllcache\mediactr.cat
2017-08-03 19:28 - 2007-12-01 01:27 - 000034202 ____C C:\WINDOWS\system32\dllcache\FP4.CAT
2017-08-03 19:28 - 2007-12-01 01:26 - 000027130 ____C C:\WINDOWS\system32\dllcache\msn7.cat
2017-08-03 19:28 - 2007-12-01 01:26 - 000016674 ____R C:\WINDOWS\SET3A.tmp
2017-08-03 19:28 - 2007-12-01 01:26 - 000016674 ____C C:\WINDOWS\system32\dllcache\IMS.CAT
2017-08-03 19:28 - 2007-12-01 01:26 - 000014572 ____C C:\WINDOWS\system32\dllcache\msn9.cat
2017-08-03 19:28 - 2007-12-01 01:26 - 000012502 ____C C:\WINDOWS\system32\dllcache\MSMSGS.CAT
2017-08-03 19:28 - 2007-12-01 01:26 - 000010166 ____C C:\WINDOWS\system32\dllcache\MSTSWEB.CAT
2017-08-03 19:28 - 2006-03-01 00:00 - 000797189 ____C C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2017-08-03 19:28 - 2006-03-01 00:00 - 000399645 ____C C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2017-08-03 19:28 - 2006-03-01 00:00 - 000037484 ____C C:\WINDOWS\system32\dllcache\MW770.CAT
2017-08-03 19:28 - 2006-03-01 00:00 - 000024661 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spxcoins.dll
2017-08-03 19:28 - 2006-03-01 00:00 - 000024661 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\spxcoins.dll
2017-08-03 19:28 - 2006-03-01 00:00 - 000014573 ____R C:\WINDOWS\SET75.tmp
2017-08-03 19:28 - 2006-03-01 00:00 - 000013472 ____C C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2017-08-03 19:28 - 2006-03-01 00:00 - 000013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irclass.dll
2017-08-03 19:28 - 2006-03-01 00:00 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2017-08-03 19:28 - 2006-03-01 00:00 - 000008574 ____C C:\WINDOWS\system32\dllcache\IASNT4.CAT
2017-08-03 19:28 - 2006-03-01 00:00 - 000007382 ____C C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2017-08-03 18:03 - 2017-08-06 14:30 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2017-08-03 17:52 - 2017-08-03 17:52 - 003153920 _____ C:\Documents and Settings\Peter Bahniuk\secsetup.sdb
2017-08-03 15:24 - 2017-08-03 15:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\adaware
2017-08-01 23:24 - 2017-08-01 23:25 - 000000004 _____ C:\ScrubRetValFile.txt
2017-08-01 22:57 - 2017-08-01 22:57 - 000615154 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-606747145-725345543-1003-0.dat
2017-08-01 22:53 - 2017-08-01 22:53 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2017-08-01 22:53 - 2017-08-01 22:53 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2017-08-01 22:53 - 2017-08-01 22:45 - 001607032 _____ (Microsoft Corporation) C:\Documents and Settings\Peter Bahniuk\Desktop\MGADiag.exe
2017-08-01 21:30 - 2015-03-24 14:59 - 000028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2017-08-01 13:01 - 2017-08-01 14:16 - 000000694 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Fixlog.txt
2017-07-31 17:52 - 2017-07-31 17:52 - 000064109 _____ C:\tdsskiller.txt
2017-07-31 17:47 - 2017-07-31 17:52 - 000128308 _____ C:\TDSSKiller.3.1.0.15_31.07.2017_17.47.20_log.txt
2017-07-31 17:46 - 2017-08-05 10:24 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-31 17:46 - 2017-07-31 17:46 - 000016106 _____ C:\ComboFix.txt
2017-07-31 17:46 - 2017-07-31 17:46 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-31 17:46 - 2017-07-31 17:46 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-07-31 17:38 - 2011-06-26 18:45 - 000256000 _____ C:\WINDOWS\PEV.exe
2017-07-31 17:38 - 2010-11-08 05:20 - 000208896 _____ C:\WINDOWS\MBR.exe
2017-07-31 17:38 - 2009-04-20 16:56 - 000060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000098816 _____ C:\WINDOWS\sed.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000080412 _____ C:\WINDOWS\grep.exe
2017-07-31 17:38 - 2000-08-31 12:00 - 000068096 _____ C:\WINDOWS\zip.exe
2017-07-31 17:37 - 2017-07-31 17:22 - 005659794 ____R (Swearware) C:\Documents and Settings\Peter Bahniuk\Desktop\ComboFix_2.exe
2017-07-31 16:49 - 2017-07-31 17:46 - 000000000 ____D C:\WINDOWS\erdnt
2017-07-31 16:49 - 2017-07-31 17:46 - 000000000 ____D C:\Qoobox
2017-07-31 16:48 - 2017-07-10 00:33 - 004922400 _____ (AO Kaspersky Lab) C:\Documents and Settings\Peter Bahniuk\Desktop\tdsskiller.exe
2017-07-30 13:12 - 2017-07-30 13:16 - 000000354 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Perms.txt
2017-07-30 13:11 - 2013-05-02 07:56 - 000459114 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\GrantPerms.exe
2017-07-30 11:06 - 2017-07-30 11:06 - 000001036 _____ C:\VEW_application.txt
2017-07-30 11:05 - 2017-07-30 11:06 - 000001036 _____ C:\VEW.txt
2017-07-30 11:05 - 2017-07-30 11:05 - 000002014 _____ C:\VEW_system.txt
2017-07-30 11:01 - 2017-07-30 11:01 - 000820212 _____ C:\WINDOWS\SIGVERIF.TXT
2017-07-30 10:43 - 2017-08-06 14:45 - 000025765 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-30 10:43 - 2017-08-06 14:45 - 000009352 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-30 10:12 - 2017-08-03 16:10 - 000000000 ____D C:\Program Files\SpeedFan
2017-07-30 10:12 - 2017-07-30 10:12 - 000000045 _____ C:\WINDOWS\system32\initdebug.nfo
2017-07-30 00:31 - 2017-07-30 00:32 - 000048868 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Speccy.txt
2017-07-30 00:29 - 2017-07-30 00:29 - 000005583 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\System Idle Process.txt
2017-07-30 00:26 - 2017-07-30 00:18 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Peter Bahniuk\Desktop\procexp.exe
2017-07-29 12:02 - 2017-07-29 12:02 - 000512828 _____ C:\Documents and Settings\Peter Bahniuk\My Documents\Sys_XP_Support.zip
2017-07-29 12:00 - 2017-07-29 12:00 - 000051582 _____ C:\Documents and Settings\Peter Bahniuk\My Documents\reports
2017-07-29 11:49 - 2017-07-29 11:49 - 000147968 _____ C:\Documents and Settings\Peter Bahniuk\My Documents\old_BSOD_XP_v1.3_jcgriff2_PROD_Sysnative.exe
2017-07-29 11:46 - 2017-07-29 11:46 - 000716448 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Peter Bahniuk\My Documents\autoruns.exe
2017-07-29 11:26 - 2017-07-29 11:26 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2017-07-29 11:26 - 2017-07-29 11:26 - 000000000 ____D C:\Program Files\Speccy
2017-07-28 22:21 - 2017-07-28 22:38 - 003234816 _____ C:\Documents and Settings\Peter Bahniuk\Can You Trust Your Color Meter-131132803.mp4.part
2017-07-28 00:14 - 2017-07-28 00:14 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-28 00:13 - 2017-07-28 00:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-07-28 00:12 - 2017-07-28 00:13 - 000003388 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Rkill.txt
2017-07-28 00:12 - 2017-07-27 23:52 - 022176840 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\RogueKiller_portable32_(12.11.8.0).exe
2017-07-28 00:12 - 2017-07-27 16:40 - 001792640 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Peter Bahniuk\Desktop\uSeRiNiT.exe
2017-07-27 17:25 - 2017-07-27 17:25 - 000189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-07-27 17:10 - 2017-08-05 14:07 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-07-27 17:10 - 2017-07-27 17:10 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-07-27 17:10 - 2017-07-27 17:10 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-07-27 17:10 - 2017-07-27 17:10 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\Zemana
2017-07-27 16:53 - 2017-07-27 17:10 - 000003152 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Rkill_.txt
2017-07-27 16:53 - 2017-07-27 16:53 - 000003368 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Rkill_1.txt
2017-07-27 16:52 - 2017-08-06 14:30 - 000221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-27 16:52 - 2017-07-27 16:52 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-07-27 16:52 - 2017-07-27 16:52 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-27 16:52 - 2017-07-27 16:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-27 16:52 - 2017-06-27 12:06 - 000059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-07-27 10:23 - 2017-08-01 09:33 - 000025887 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Addition.txt
2017-07-27 10:22 - 2017-08-06 14:45 - 000012455 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\FRST.txt
2017-07-27 10:22 - 2017-08-06 14:45 - 000000000 ____D C:\FRST
2017-07-27 02:45 - 2017-07-27 02:47 - 000000000 ____D C:\Tweaking.com - Windows Repair
2017-07-27 02:34 - 2017-07-27 02:36 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Desktop\Tweaking.com - Windows Repair
2017-07-27 01:57 - 2017-07-27 01:57 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Foxit Software
2017-07-27 01:16 - 2017-07-27 01:16 - 000094208 _____ C:\WINDOWS\Minidump\Mini072717-02.dmp
2017-07-27 01:05 - 2017-07-27 01:05 - 000094208 _____ C:\WINDOWS\Minidump\Mini072717-01.dmp
2017-07-27 00:56 - 2017-07-27 00:58 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Foxit Software
2017-07-27 00:56 - 2017-07-27 00:56 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Foxit AgentInformation
2017-07-27 00:56 - 2017-07-27 00:56 - 000000000 ____D C:\Documents and Settings\All Users\Foxit Software
2017-07-27 00:56 - 2017-07-27 00:56 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Foxit ContentPlatform
2017-07-26 20:16 - 2017-07-26 20:16 - 000000696 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Internet Download Manager.lnk
2017-07-26 20:15 - 2017-07-26 20:16 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\Internet Download Manager
2017-07-26 20:15 - 2017-07-26 20:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
2017-07-15 05:18 - 2017-07-15 05:13 - 000142144 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmtdi.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-06 14:45 - 2016-10-08 18:44 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Local Settings\Temp
2017-08-06 14:35 - 2016-10-09 16:00 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\IDM
2017-08-06 14:34 - 2016-10-09 06:30 - 000334490 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-06 14:31 - 2016-10-08 19:02 - 000006914 _____ C:\WINDOWS\ModemLog_LSI PCI-SV92PP Soft Modem.txt
2017-08-06 14:30 - 2016-11-05 16:23 - 000000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1478319800.job
2017-08-06 14:30 - 2016-10-08 18:57 - 000458752 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-08-06 14:30 - 2016-10-08 18:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-06 14:29 - 2016-10-09 19:22 - 000054400 _____ C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-08-06 14:29 - 2016-10-08 18:44 - 000000178 ___SH C:\Documents and Settings\Peter Bahniuk\ntuser.ini
2017-08-06 14:29 - 2016-10-08 18:43 - 000031848 _____ C:\WINDOWS\SchedLgU.Txt
2017-08-06 14:28 - 2016-10-09 06:28 - 000000211 ___SH C:\boot.ini
2017-08-06 14:28 - 2006-03-01 00:00 - 000000528 _____ C:\WINDOWS\win.ini
2017-08-06 14:28 - 2006-03-01 00:00 - 000000227 _____ C:\WINDOWS\system.ini
2017-08-05 21:02 - 2006-03-01 00:00 - 000012984 _____ C:\WINDOWS\system32\wpa.dbl
2017-08-05 20:59 - 2016-10-09 06:23 - 000000000 ___HD C:\WINDOWS\inf
2017-08-05 14:08 - 2016-10-21 15:38 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Zoom Player
2017-08-05 13:42 - 2016-10-09 19:21 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2017-08-05 13:42 - 2016-10-08 18:51 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-08-05 13:41 - 2016-10-09 19:20 - 000445016 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-08-05 13:41 - 2016-10-09 19:20 - 000109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-08-05 13:41 - 2016-10-09 19:20 - 000000000 ____D C:\WINDOWS\system32\Data
2017-08-05 13:41 - 2016-10-09 19:20 - 000000000 ____D C:\Program Files\Creative
2017-08-05 13:41 - 2016-10-09 06:23 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-08-05 10:26 - 2017-06-29 13:55 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-08-05 10:26 - 2017-06-29 13:54 - 001144120 _____ C:\WINDOWS\ntbtlog.txt
2017-08-04 17:54 - 2016-11-24 09:18 - 000000000 ____D C:\Program Files (x86)
2017-08-04 17:53 - 2016-10-08 18:44 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk
2017-08-04 07:19 - 2016-10-09 06:28 - 022806528 _____ C:\WINDOWS\system32\config\software.sav
2017-08-04 07:19 - 2016-10-09 06:28 - 006029312 _____ C:\WINDOWS\system32\config\system.sav
2017-08-04 07:19 - 2016-10-09 06:28 - 000524288 _____ C:\WINDOWS\system32\config\default.sav
2017-08-04 07:19 - 2016-10-09 06:28 - 000262144 _____ C:\WINDOWS\system32\config\userdiff
2017-08-04 07:19 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system32\usmt
2017-08-04 07:19 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system32\Setup
2017-08-04 07:19 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system
2017-08-04 07:19 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-08-04 07:19 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\Help
2017-08-04 07:18 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\Network Diagnostic
2017-08-04 07:18 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\mui
2017-08-04 07:18 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\Media
2017-08-04 07:18 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\ime
2017-08-04 07:17 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system32\npp
2017-08-04 07:17 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\PeerNet
2017-08-04 07:17 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\msagent
2017-08-04 07:12 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-08-04 07:11 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system32\ias
2017-08-04 07:11 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system32\1033
2017-08-04 07:10 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\Driver Cache
2017-08-03 19:49 - 2016-10-08 18:39 - 000000000 ____D C:\WINDOWS\Registration
2017-08-03 19:47 - 2016-10-08 18:43 - 000000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2017-08-03 19:41 - 2016-10-09 06:29 - 000622088 _____ C:\WINDOWS\setuplog.txt
2017-08-03 19:38 - 2016-10-09 06:30 - 000004161 _____ C:\WINDOWS\ODBCINST.INI
2017-08-03 19:38 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\security
2017-08-03 19:38 - 2016-10-08 18:41 - 000316640 _____ C:\WINDOWS\WMSysPr9.prx
2017-08-03 19:38 - 2016-10-08 18:41 - 000023392 _____ C:\WINDOWS\system32\nscompat.tlb
2017-08-03 19:38 - 2016-10-08 18:41 - 000016832 _____ C:\WINDOWS\system32\amcompat.tlb
2017-08-03 19:38 - 2016-10-08 18:41 - 000001607 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2017-08-03 19:38 - 2016-10-08 18:41 - 000001599 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2017-08-03 19:38 - 2016-10-08 18:41 - 000001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2017-08-03 19:38 - 2016-10-08 18:41 - 000001280 _____ C:\WINDOWS\OEWABLog.txt
2017-08-03 19:38 - 2016-10-08 18:41 - 000000792 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk
2017-08-03 19:38 - 2016-10-08 18:41 - 000000278 _____ C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
2017-08-03 19:37 - 2016-10-09 06:23 - 000000000 ___RD C:\WINDOWS\Web
2017-08-03 19:37 - 2016-10-09 06:23 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-03 19:37 - 2016-10-08 18:41 - 000000488 ___RH C:\WINDOWS\system32\WindowsLogon.manifest
2017-08-03 19:37 - 2016-10-08 18:40 - 000000786 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2017-08-03 19:37 - 2016-10-08 18:40 - 000000749 ___RH C:\WINDOWS\system32\cdplayer.exe.manifest
2017-08-03 19:37 - 2016-10-08 18:39 - 000022720 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-03 19:37 - 2016-10-08 18:39 - 000000609 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2017-08-03 19:37 - 2016-10-08 18:38 - 000000000 ____D C:\WINDOWS\system32\Com
2017-08-03 19:35 - 2016-10-09 07:34 - 000004444 _____ C:\WINDOWS\system32\pid.PNF
2017-08-03 19:28 - 2016-10-09 06:29 - 000000000 ___HD C:\Documents and Settings\Default User
2017-08-03 19:02 - 2016-10-09 06:29 - 000262144 _____ C:\WINDOWS\system32\config\security.sav
2017-08-03 17:46 - 2016-10-09 06:30 - 000001891 _____ C:\WINDOWS\imsins.BAK
2017-08-03 16:22 - 2017-06-29 13:39 - 000185286 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-08-03 15:24 - 2016-10-08 18:57 - 000042872 _____ C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-08-01 22:58 - 2016-11-24 09:36 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2017-08-01 22:58 - 2016-10-09 06:29 - 000184224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-01 22:57 - 2016-11-23 14:53 - 000203250 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-08-01 22:56 - 2016-10-09 06:30 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-01 22:56 - 2016-10-09 06:29 - 000000000 ____D C:\Documents and Settings\All Users
2017-08-01 22:56 - 2016-10-08 23:44 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2017-08-01 21:59 - 2016-10-09 06:29 - 001107888 _____ C:\WINDOWS\setupapi.old
2017-07-31 17:45 - 2016-10-09 16:00 - 000000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\DMCache
2017-07-30 17:28 - 2016-11-16 22:16 - 000000000 ____D C:\Program Files\HWiNFO32
2017-07-30 17:28 - 2016-11-16 22:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2017-07-28 21:38 - 2017-03-09 20:00 - 000000000 ____D C:\Youtube command line downloader
2017-07-27 17:08 - 2017-03-03 14:41 - 000000000 ____D C:\Program Files\TubeDigger
2017-07-27 02:47 - 2017-06-29 13:56 - 000044496 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-07-27 01:16 - 2016-11-24 11:02 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-27 00:43 - 2016-10-10 10:53 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2017-07-26 20:50 - 2016-10-16 13:35 - 000000000 ____D C:\Program Files\VideoLAN
2017-07-26 20:16 - 2016-10-09 15:56 - 000000000 ____D C:\Program Files\Internet Download Manager
 
==================== Files in the root of some directories =======
 
2016-10-09 21:03 - 2017-03-02 20:03 - 000000651 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pacemaker.ini
2016-10-09 21:03 - 2016-10-09 21:03 - 000000010 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pacemaker_songparams.txt
2016-10-24 21:04 - 2016-10-24 21:04 - 000007887 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.cat
2016-10-24 21:04 - 2016-10-24 21:04 - 000001144 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.inf
2016-10-24 21:04 - 2016-10-24 21:04 - 000000034 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.log
2016-10-24 21:04 - 2016-10-24 21:04 - 000047360 _____ (VSO Software) C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.sys
2016-11-14 19:23 - 2016-11-14 19:23 - 000003584 _____ () C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
2017-08-05 10:24 - 2017-08-05 10:24 - 000000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\parctmp.exe
2017-08-01 21:31 - 2017-08-01 21:32 - 000000000 ____D () C:\Documents and Settings\Peter Bahniuk\Local Settings\Temp\avgnt.exe
2017-08-04 02:25 - 2017-08-04 12:47 - 000000000 _____ () C:\Documents and Settings\Peter Bahniuk\Local Settings\Temp\parctmp.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
FRST Addition log -
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Peter Bahniuk (06-08-2017 14:45:40)
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) (2017-08-03 07:40:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1390067357-606747145-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1390067357-606747145-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-1390067357-606747145-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1390067357-606747145-725345543-1000 - Limited - Disabled)
Peter Bahniuk (S-1-5-21-1390067357-606747145-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Peter Bahniuk
SUPPORT_388945a0 (S-1-5-21-1390067357-606747145-725345543-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{33C731E7-B72A-1587-A3EF-054FCC011A3C}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag Professional (HKLM\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.3.4.0 - Auslogics Software Pty Ltd)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.0.0 - Auslogics Labs Pty Ltd)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Blue Cat's Stereo Flanger VST 2.62 (HKLM\...\{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}) (Version: 2.62 - Blue Cat Audio)
Corel PaintShop Pro X6 (HKLM\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM\...\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
Device Doctor v4.0.1 (HKLM\...\Device Doctor_is1) (Version: 4.0.1 - Device Doctor Software Inc.)
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
DriverMax 9 (HKLM\...\DMX5_is1) (Version: 9.37.0.260 - Innovative Solutions)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HL-3150CDN (HKLM\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HWiNFO32 Version 5.52 (HKLM\...\HWiNFO32_is1) (Version: 5.52 - Martin Malík - REALiX)
ICA (HKLM\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IPM_PSP_COM (HKLM\...\{164D34E1-0271-4960-8A26-E8990A302DB1}) (Version: 16.1.0.48 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.68.1 (HKLM\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Nero 11 DiscSpeed (HKLM\...\{B8B03F99-F600-4D96-ADBD-2F384240FB9C}) (Version: 11.0.00400 - Nero AG)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 36.0.2130.65 (HKLM\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
Opti Drive Control 1.70 (HKLM\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version:  - Erik Deppe)
PaceMaker plug-in for Winamp and MediaMonkey (HKLM\...\PaceMaker plug-in) (Version: 2.7 - PaceMaker plug-inc.)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
PSPPContent (HKLM\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (HKLM\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Quake II (HKLM\...\Quake2UninstallKey) (Version:  - )
Registry Repair 5.0.1.85 (HKLM\...\Registry Repair) (Version: 5.0.1.85 - Glarysoft Ltd)
RimhillEx 1.08 (HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\RimhillEx_is1) (Version:  - the sz development)
Setup (HKLM\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TMPGEnc Plus 2.5 (HKLM\...\{2A1E27FF-BE53-45B4-950F-060236E98E3D}) (Version: 2.524.63.181 - Pegasys Inc.) Hidden
TMPGEnc Plus 2.5 (HKLM\...\InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}) (Version: 2.524.63.181 - Pegasys Inc.)
Unknown Device Identifier 9.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 9.01 - Huntersoft)
Vivaldi (HKLM\...\Vivaldi) (Version: 1.0.435.46 - Vivaldi)
VSO Inspector 2.0.2 (HKLM\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 12.7 - Inmatrix LTD)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers1: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers2: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers4: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2008-08-12] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-12-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351.job => C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
Task: C:\WINDOWS\Tasks\DriverMax Notification.job => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\WINDOWS\Tasks\DriverMaxAgent.job => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\WINDOWS\Tasks\DriverMaxWelcome.job => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1478319800.job => C:\Program Files\Opera\launcher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Buy or Upgrade Zoom Player.lnk -> hxxp://inmatrix.com/shop_relay/buyshortcut.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Download Skins.lnk -> hxxp://skins.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Video Tutorials.lnk -> hxxp://inmatrix.com/tutorial_redir.htm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Forum.lnk -> hxxp://forum.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Frequently Asked Questions.lnk -> hxxp://www.inmatrix.com/zplayer/fa
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Home Page.lnk -> hxxp://www.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Online Help.lnk -> hxxp://www.inmatrix.com/zplaye
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Usage Guides.lnk -> hxxp://www.inmatrix.com/articles.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-04 00:32 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-04 00:32 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-08-04 00:32 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-01 01:20 - 2014-03-01 01:20 - 000002560 _____ () C:\WINDOWS\CTXFIRES.DLL
2010-03-16 12:22 - 2010-03-16 12:22 - 000014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2014-01-07 11:28 - 2014-01-07 11:28 - 000016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-12-23 03:15 - 2013-12-23 03:15 - 000270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-11-30 16:14 - 2016-05-08 02:47 - 000947832 _____ () C:\Program Files\Vivaldi\Application\1.0.435.46\ffmpeg.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-03-01 00:00 - 2017-07-31 17:45 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 203.97.78.43 - 203.97.78.44
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe] => Enabled:PotPlayer (32-Bit)
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Vivaldi\Application\vivaldi.exe] => Enabled:Vivaldi
StandardProfile\AuthorizedApplications: [C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe] => Enabled:PotPlayer (32-Bit)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Restore Points =========================
 
03-08-2017 19:49:26 System Checkpoint
04-08-2017 18:07:20 Installed Realtek High Definition Audio Driver
05-08-2017 10:53:40 Removed Realtek High Definition Audio Driver
05-08-2017 13:41:58 Installed Creative Audio Control Panel
05-08-2017 13:42:14 Installed Creative Software AutoUpdate
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/03/2017 08:01:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.3264, faulting module urlmon.dll, version 6.0.2900.3264, fault address 0x0003acdd.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (08/03/2017 06:07:50 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (08/03/2017 06:07:50 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (08/03/2017 05:46:45 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (08/03/2017 05:46:45 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (08/03/2017 05:43:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application repair_windows.exe, version 4.0.0.1, faulting module gdi32.dll, version 5.1.2600.3264, fault address 0x0001c6fd.
Processing media-specific event for [repair_windows.exe!ws!]
 
Error: (08/03/2017 05:25:33 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (08/03/2017 05:25:33 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (08/03/2017 04:05:33 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (08/03/2017 04:05:33 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
 
System errors:
=============
Error: (08/06/2017 02:30:40 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
 
Error: (08/06/2017 02:30:24 PM) (Source: DCOM) (EventID: 10005) (User: MINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BrYNSvc with arguments ""
in order to run the server:
{F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
 
Error: (08/06/2017 02:30:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
 
Error: (08/06/2017 02:30:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
Spybot-S&D 2 Security Center Service is not a valid Win32 application.
 
Error: (08/06/2017 02:30:20 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/06/2017 02:30:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
 
Error: (08/06/2017 02:28:42 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
 
Error: (08/06/2017 02:28:27 PM) (Source: DCOM) (EventID: 10005) (User: MINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BrYNSvc with arguments ""
in order to run the server:
{F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
 
Error: (08/06/2017 02:28:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
 
Error: (08/06/2017 02:28:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
Spybot-S&D 2 Security Center Service is not a valid Win32 application.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 3296.08 MB
Available physical RAM: 2558.51 MB
Total Virtual: 5180.32 MB
Available Virtual: 4441.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.76 GB) (Free:79.64 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:119.73 GB) (Free:4.06 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:353.01 GB) (Free:226.18 GB) NTFS
Drive f: () (Fixed) (Total:14.99 GB) (Free:10.9 GB) NTFS
Drive g: () (Fixed) (Total:310 GB) (Free:12.86 GB) NTFS
Drive h: () (Fixed) (Total:35.91 GB) (Free:10.24 GB) NTFS
Drive i: (WXPOEM_EN) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Bad idea to install Spybot S&D.  Please uninstall it and have it remove any "immunizations"  These made sense in Win 2000 days but just cause problems these days.

 

Do we need Driver Max & Device Doctor?

 

Device Doctor is probably the cause of your 3rd problem.  If you look at its entry:

 

HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [Device Doctor] => C:\Program Files (x86)\Device Doctor\DDTray.exe [1046504 2017-03-30] (Device Doctor Software Inc.)

 

You can see it is pointing to a folder that doesn't normally exist on a 32 bit XP. ==>  C:\Program Files (x86)

 

Also don't trust Registry Repair.

 

 

If you still get the error after removing Device Doctor:  Put:

 

HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [Device Doctor] => C:\Program Files (x86)\Device Doctor\DDTray.exe [1046504 2017-03-30] (Device Doctor Software Inc.)

 
 
in a fixlist.txt file and hit Fix.

  • 0

#29
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

All recently installed programs (to aid in malware detection and to locate appropriate drivers) have been uninstalled.

 

After system reboot, the C:\Program Files folder no longer appears! Thank you! One issue resolved.

 

Unfortunately, Safe Mode booting still doesn't work when changing Boot.ini settings under msconfig. Wondering whether this problem is to do with the triple boot setup?

 

Finally, as per this thread, it is not clear why video resolution can still be changed after video drivers have been uninstalled (and any remaining files cleaned by using DDU) and after rebooting?

 

The usual procedure I follow to change (or reinstall) video drivers is to uninstall via driver software. Boot into Safe Mode and run DDU to thoroughly remove all traces of the drivers. Boot back to Normal Mode, and then (re)install video drivers. Reboot again to finalize installation.

 

I believe that is the best/correct procedure??


Edited by brispuss, 05 August 2017 - 10:32 PM.

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

It is possible that Windows recognizes your video and either has the driver available or quickly downloads it.  The latter option is easily checked.  Just restart with the Internet disconnected.  The former requires a registry hack.  Go in to regedit and navigate to

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

 

Look in the right pane for

 

DevicePath

 

If you double click on it and delete the Value Data (which normally says: %SystemRoot%\inf )   then OK.  It should not be able to load new devices unless you scan for hardware changes.  Put it back the way it was when done.  

 

Haven't tested the above especially not for video drivers so if it doesn't work you may have to do last known good or a system Restore.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP