Solved Safe mode BSD and activation loop after virus removal/repair install

[Adam Snowball]

So, I have a netbook which was infected with some kind of Virus/Spyware stuff. The strange thing is it would BSD in safe mode, safe mode w. networking and safe mode command; but not in normal or disable restart of sys failure.

I managed to run cleanup!, ATF and HijackThis, but it restarted in the middle of a MalewareBytes scan. I have since checked the drive with HDD regenerator (just in case) and ran through a SP3 repair install.

Now it is stuck in an activation loop, 'no' logs me out and 'yes' takes me to a blank desktop (not loading the activation wizard screen). I am pretty sure if I can get into safe mode I can fix the activation problem (remove IE, reinstall latest IE and then boot normally; it seems to activate in the process); but safe mode still results in a BSD which restarts too quick to make out anything other than blue, and disable restart on system failure boots fine.

I have taken the drive out and ran Malwarebytes and NOD32 through another PC, but detects nothing.

Any ideas?

Also, I was not sure if this should go into the other forum(BSD/restart) as it could go either way, but I am pretty sure it is spyware that put me in this position on the first place...

-Ads

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[Adam Snowball]

Hi DJM, thanks for taking the time to look at my problem. I think you may have missed the main dilemma with my problem though; booting into normal mode prompts for activation, then takes me to a blank desktop (supposed to be an activation wizard screen, but is broken due to repair install) and booting into safe mode results in a BSoD. But I will give those scans a go once I can get to the desktop.

Regards

-Ads

 

[Jay Pfoutz]

Download Farbar Recovery Scan Tool and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[Adam Snowball]

Good morning DJM. I should have been more specific, the laptop is running XP (although I thought I covered myself by stating SP3, oh well). So the only command prompt I can boot into is the XP recovery console. If I booted into a mini XP using a Hiren boot CD, could I run FRST then?

 

[Adam Snowball]

Or, is there any point booting with a Vista/Win7 OEM CD; then running the tool that way? (even though it is XP installed).

Thanks

-Ads

 

[Adam Snowball]

You know what, ignore the above replies.

Search.txt:

Farbar Recovery Scan Tool (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-18 11:22:21
Running from D:\

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2008-04-14 04:00] - [2008-04-14 04:00] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\WINDOWS\system32\dllcache\services.exe
[2008-04-14 04:00] - [2008-04-14 04:00] - 0108544 ___AC (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2010-03-08 03:42] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

C:\System Rollback Data\Restore\Current\01125\13\Target\WINDOWS\system32\dllcache\services.exe
[2010-03-08 03:42] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

C:\System Rollback Data\Restore\Current\01125\13\Target\WINDOWS\$NtUninstallKB956572$\services.exe
[2010-03-08 19:10] - [2008-04-15 04:00] - 0108544 ___AC (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\System Rollback Data\Restore\Current\01125\13\Attrib\WINDOWS\$NtUninstallKB956572$\services.exe
[2010-03-08 19:10] - [2008-04-15 04:00] - 0000000 ___AC ()

C:\System Rollback Data\Restore\Current\01125\13\Attrib\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2010-03-08 03:42] - [2009-02-06 03:06] - 0000000 ____A ()

=== End Of Search ===

 

[Adam Snowball]

FRST.txt (pt1):


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by SYSTEM at 18-10-2012 11:19:54
Running from D:\
Microsoft Windows XP Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [x]
HKLM\...\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg [x]
HKLM\...\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
4 BOTService; "C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe" [199152 2009-07-08] (Sonic Solutions)
2 Eventlog; C:\Windows\System32\services.exe [108544 2008-04-14] (Microsoft Corporation)
4 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [221266 2009-08-13] (IDT, Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 IDriverT; "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers (Whitelisted) ====================

3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1746432 2010-03-04] (Broadcom Corporation)
3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991136 2009-04-16] (Broadcom Corporation.)
3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2009-05-06] (Broadcom Corporation.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [39424 2009-03-31] (Atheros Communications, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [160256 2008-11-21] (Realtek Semiconductor Corp.)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] ()
3 STHDA; C:\Windows\System32\drivers\sthda.sys [1644211 2009-08-13] (IDT, Inc.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
0 SysCow; C:\Windows\System32\drivers\syscow32x.sys [103792 2009-07-01] (Sonic Solutions)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
3 massfilter; C:\Windows\System32\drivers\massfilter.sys [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 RemoteRegistry; [x]
3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [x]
3 Rts516xIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
4 Simbad; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\Rts5161ccid.sys [x]
3 WDICA; [x]
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x]
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x]
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-18 11:19 - 2012-10-18 11:19 - 00000000 ____D C:\FRST
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-10-12 09:39 - 2008-04-14 04:00 - 00426041 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicepad.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winzm.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winsp.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winpy.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00086073 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicesub.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winar30.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00072704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wingb.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winime.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00048256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w32.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00041600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.sys
2012-10-12 09:39 - 2008-04-14 04:00 - 00028288 ___AC C:\Windows\System32\dllcache\xjis.nls
2012-10-12 09:38 - 2012-10-12 09:38 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-10-12 09:38 - 2008-04-14 04:00 - 00571392 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlgnt.ime
2012-10-12 09:38 - 2008-04-14 04:00 - 00456192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpsvc.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00455168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintsetp.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00358400 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpincl.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00259072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpcl.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00236544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smi2smir.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00188416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpsmir.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00143422 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\softkey.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00101376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\srusbusd.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00076288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\uniime.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\unicdime.ime
2012-10-12 09:38 - 2008-04-14 04:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlphr.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00039936 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpthrd.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm9aw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00033280 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmp.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smb6w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sma3w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm87w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm81w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8cw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm93w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm92w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm90w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8dw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8aw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm89w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00025088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm59w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00021896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdipx.sys
2012-10-12 09:38 - 2008-04-14 04:00 - 00019464 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdspx.sys
2012-10-12 09:38 - 2008-04-14 04:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsm.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tsprof.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00013192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdasync.sys
2012-10-12 09:38 - 2008-04-14 04:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tmigrate.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpstup.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmptrap.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpmib.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smimsgif.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsy.dll
2012-10-12 09:38 - 2001-08-17 13:36 - 00012288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_smtpctrs.dll
2012-10-12 09:38 - 2001-08-17 13:36 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_snprfdll.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00131584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxviceo.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00083748 ___AC C:\Windows\System32\dllcache\prcp.nls
2012-10-12 09:37 - 2008-04-14 04:00 - 00083748 ___AC C:\Windows\System32\dllcache\prc.nls
2012-10-12 09:37 - 2008-04-14 04:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia330.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia001.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00077824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quick.ime
2012-10-12 09:37 - 2008-04-14 04:00 - 00070144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlphr.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00067584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmigrate.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00029184 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rw330ext.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00027648 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rw001ext.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\romanime.ime
2012-10-12 09:37 - 2008-04-14 04:00 - 00020736 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys
2012-10-12 09:37 - 2008-04-14 04:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\simptcp.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quser.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\register.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxmcro.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\query.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxgl.dll
2012-10-12 09:37 - 2001-08-17 13:36 - 00057856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_scripto.dll
2012-10-12 09:37 - 2001-08-17 13:36 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_seos.dll
2012-10-12 09:37 - 2001-08-17 13:36 - 00023040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_regtrace.exe
2012-10-12 09:36 - 2008-04-14 04:00 - 00482304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlgnt.ime
2012-10-12 09:36 - 2008-04-14 04:00 - 00229439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\multibox.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00175104 ___AC C:\Windows\System32\dllcache\pintlcsa.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00119808 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mtstocom.exe
2012-10-12 09:36 - 2008-04-14 04:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\phon.ime
2012-10-12 09:36 - 2008-04-14 04:00 - 00053760 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlcsd.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00036927 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs411.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs404.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00015360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs804.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs412.dll
2012-10-12 09:36 - 2001-08-17 13:36 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_ntfsdrv.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 01875968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.lex
2012-10-12 09:35 - 2008-04-14 04:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00092416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.sys
2012-10-12 09:35 - 2008-04-14 04:00 - 00092032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lmmib2.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00022528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lpdsvc.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lprmon.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\migregdb.exe
2012-10-12 09:35 - 2001-08-17 13:36 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_mailmsg.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 01158818 ___AC C:\Windows\System32\dllcache\korwbrkr.lex
2012-10-12 09:34 - 2008-04-14 04:00 - 00811064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81k.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00716856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcus.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00471102 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskdic.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00368696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcic.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00340023 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81.ime
2012-10-12 09:34 - 2008-04-14 04:00 - 00315455 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskf.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00311359 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsv.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00307257 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00274489 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputyc.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00262200 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputy.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00233527 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjprw.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00208952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpmig.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00196665 ___AC C:\Windows\System32\dllcache\imjpinst.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00155705 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdsvr.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00102456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imlang.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00081976 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00070656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\korwbrkr.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00059904 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imkrinst.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00059392 ___AC C:\Windows\System32\dllcache\imscinst.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00057398 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdadm.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00047066 ___AC C:\Windows\System32\dllcache\ksc.nls
2012-10-12 09:34 - 2008-04-14 04:00 - 00045109 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpuex.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00035328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iprip.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00018432 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jupiw.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecat.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecnt.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnec95.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdibm02.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41a.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41j.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdax2.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106n.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101a.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 13463552 ___AC C:\Windows\System32\dllcache\hwxjpn.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 10129408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxkor.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 10096640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxcht.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00562176 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsst.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00451584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsapi.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00400384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsxp32.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00397312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxstiff.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00285184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscomex.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00267776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssvc.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00246272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxst30.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00229376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscover.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00192512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxswzrd.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00154112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsui.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00142848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclnt.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00134339 ___AC C:\Windows\System32\dllcache\imekr.lex
2012-10-12 09:33 - 2008-04-14 04:00 - 00132608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclntr.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscfgwz.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00108827 ___AC C:\Windows\System32\dllcache\hanja.lex
2012-10-12 09:33 - 2008-04-14 04:00 - 00106496 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrcic.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00102463 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsm.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekr61.ime
2012-10-12 09:33 - 2008-04-14 04:00 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmbx.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00072192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscom.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00055296 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsevent.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmig.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00039936 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hostmib.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00036864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hanjadic.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsroute.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsdrv.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsmon.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsext32.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\flattemp.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssend.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsperf.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\f3ahvoas.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsres.dll
2012-10-12 09:33 - 2003-03-24 07:52 - 00094208 ___AC C:\Windows\System32\dllcache\fpencode.dll
2012-10-12 09:33 - 2003-03-24 07:52 - 00024632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmcgi.exe
2012-10-12 09:33 - 2003-03-24 07:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmdll.dll
2012-10-12 09:33 - 2001-08-17 13:36 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_fcachdll.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00480256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintsetp.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00101888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntagnt.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00092160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntwin.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00078848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dayi.ime
2012-10-12 09:32 - 2008-04-14 04:00 - 00057856 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimgd.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00057399 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cplexe.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00045056 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunid.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00031744 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucmd.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00025856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\et4000.sys
2012-10-12 09:32 - 2008-04-14 04:00 - 00024064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntcmd.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cprofile.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 01677824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chsbrkr.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00838144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtbrkr.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00218112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_g18030.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00198656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintime.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00195618 ___AC C:\Windows\System32\dllcache\c_10002.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00189986 ___AC C:\Windows\System32\dllcache\c_1361.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00187938 ___AC C:\Windows\System32\dllcache\c_20005.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00186402 ___AC C:\Windows\System32\dllcache\c_20001.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00185378 ___AC C:\Windows\System32\dllcache\c_20003.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00180770 ___AC C:\Windows\System32\dllcache\c_20932.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20004.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20000.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_20949.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_10003.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20936.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20002.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_10008.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173568 ___AC C:\Windows\System32\dllcache\chtskf.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00162850 ___AC C:\Windows\System32\dllcache\c_10001.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00097792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtmbx.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00082172 ___AC C:\Windows\System32\dllcache\bopomofo.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chajei.ime
2012-10-12 09:31 - 2008-04-14 04:00 - 00066728 ___AC C:\Windows\System32\dllcache\big5.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_858.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_870.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21027.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21025.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20924.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20880.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20871.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20838.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20833.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20424.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20423.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20420.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20297.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20290.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20285.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20284.nls

 

[Adam Snowball]

FTST.txt (pt2):


2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20280.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20278.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20277.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20273.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20269.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20108.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20107.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20106.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20105.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1149.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1148.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1147.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1146.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1145.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1144.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1143.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1142.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1141.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1140.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1047.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtskdic.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00054528 ___AC (Philips Semiconductors GmbH) C:\Windows\System32\dllcache\cap7146.sys
2012-10-12 09:31 - 2008-04-14 04:00 - 00021504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintlgnt.ime
2012-10-12 09:31 - 2008-04-14 04:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgport.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgusr.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chglogon.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\change.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_is2022.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00331264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\aqueue.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0804.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0412.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0411.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0404.dll
2012-10-12 09:30 - 2003-03-24 07:52 - 00032827 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptest.exe
2012-10-12 09:30 - 2003-03-24 07:52 - 00020536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.dll
2012-10-12 09:30 - 2003-03-24 07:52 - 00016437 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.exe
2012-10-12 09:30 - 2003-03-24 07:52 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptsat.dll
2012-10-12 09:30 - 2001-08-17 13:36 - 00045056 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_aqadmin.dll
2012-10-12 09:30 - 2001-08-17 13:36 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_adsiisex.dll
2012-10-12 09:29 - 2012-10-12 09:29 - 00262144 ____A C:\Windows\System32\config\userdifr
2012-10-12 09:29 - 2012-10-12 09:29 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\MSDOS.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\IO.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\CONFIG.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\AUTOEXEC.BAT
2012-10-12 09:29 - 2004-05-12 15:39 - 00876653 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awel.dll
2012-10-12 09:29 - 2004-05-12 15:39 - 00598071 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmc.dll
2012-10-12 09:29 - 2004-05-12 15:39 - 00184435 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4amsft.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00208896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmcsat.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00188494 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpcount.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00188480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cfgwiz.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00147513 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4apws.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00109328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98swin.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00102509 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4atxt.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00082035 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4anscp.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00049212 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awebs.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00049210 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4areg.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00041020 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avnb.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00032826 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avss.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpexedll.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020538 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpremadm.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00014608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98sadm.exe
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest
2012-10-12 09:26 - 2008-04-14 04:00 - 03558912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\moviemk.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 01314816 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msoe.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 01135616 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaueng.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 01135616 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00851968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\vgx.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00774144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\setup_wm.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00744448 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\helpsvc.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00691712 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcomm.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00691712 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00536576 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado15.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00430592 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuapi.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00430592 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00368640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mpvis.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00331776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadce.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00214528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwconn1.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00200704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadox.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00180224 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadomd.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00172032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwhelp.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00162304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaucpl.cpl
2012-10-12 09:26 - 2008-04-14 04:00 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl
2012-10-12 09:26 - 2008-04-14 04:00 - 00153088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\triedit.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00143360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadco.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00128512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dhtmled.ocx
2012-10-12 09:26 - 2008-04-14 04:00 - 00120320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuweb.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00120320 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00112640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wucltui.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuauclt.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00111104 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00102400 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msjro.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmpband.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00093184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iexplore.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwconn2.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado27.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado26.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado25.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isign32.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\isign32.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00073728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmplayer.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00073728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwtutor.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado21.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado20.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwres.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwconn.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00049152 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwutil.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00046080 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wab.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00040960 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\trialoc.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hmmapi.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00032768 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwdl.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00032256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wups.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00032256 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00024576 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwrmind.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00020480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetwiz.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isignup.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 02061824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lhmstscx.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 02061824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00956928 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtctm.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\msdtctm.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00677888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lhmstsc.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00677888 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00472064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fastprox.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00437248 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmiprvsd.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00427008 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtcprx.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00427008 ____A (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00343040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mspaint.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\mspaint.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00218112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmiprvse.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00214528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wordpad.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00161792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtcuiu.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msdtcuiu.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00139656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
2012-10-12 09:24 - 2008-04-14 04:00 - 00139656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-10-12 09:24 - 2008-04-14 04:00 - 00091648 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mtxoci.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\mtxoci.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00058880 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtclog.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\msdtclog.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 02144487 ___AC C:\Windows\System32\dllcache\NT5.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 01296669 ___AC C:\Windows\System32\dllcache\SP3.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 01088840 ___RA C:\Windows\SET138.tmp
2012-10-12 08:43 - 2008-04-14 04:00 - 01088840 ___AC C:\Windows\System32\dllcache\NTPRINT.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00797189 ___AC C:\Windows\System32\dllcache\NT5IIS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00402264 ___AC C:\Windows\System32\dllcache\NT5INF.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00399645 ___AC C:\Windows\System32\dllcache\MAPIMIG.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00171588 ___AC C:\Windows\System32\dllcache\startoc.cat
2012-10-12 08:43 - 2008-04-14 04:00 - 00037484 ___AC C:\Windows\System32\dllcache\MW770.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00034063 ___AC C:\Windows\System32\dllcache\FP4.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00026991 ___AC C:\Windows\System32\dllcache\msn7.cat
2012-10-12 08:43 - 2008-04-14 04:00 - 00024661 ___AC (Perle Systems Ltd.) C:\Windows\System32\dllcache\spxcoins.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00024661 ____A (Perle Systems Ltd.) C:\Windows\System32\spxcoins.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00016535 ___RA C:\Windows\SET144.tmp
2012-10-12 08:43 - 2008-04-14 04:00 - 00016535 ___AC C:\Windows\System32\dllcache\IMS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00014433 ___AC C:\Windows\System32\dllcache\msn9.cat
2012-10-12 08:43 - 2008-04-14 04:00 - 00013472 ___AC C:\Windows\System32\dllcache\HPCRDP.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\irclass.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\irclass.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00012363 ___AC C:\Windows\System32\dllcache\MSMSGS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00010027 ___AC C:\Windows\System32\dllcache\MSTSWEB.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00008574 ___AC C:\Windows\System32\dllcache\IASNT4.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00007382 ___AC C:\Windows\System32\dllcache\OEMBIOS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00007334 ___AC C:\Windows\System32\dllcache\wmerrenu.cat
2012-10-12 08:42 - 2008-04-14 04:00 - 01296669 ___RA C:\Windows\SET135.tmp
2012-10-12 08:41 - 2012-10-12 10:20 - 00301770 ____A C:\Windows\setupapi.log
2012-10-04 09:01 - 2012-10-17 05:13 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-04 08:50 - 2012-10-04 11:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-04 08:10 - 2012-10-04 08:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-04 08:10 - 2012-09-07 08:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-04 06:35 - 2012-10-04 06:35 - 00000442 ____A C:\rkill.log
2012-10-04 06:33 - 2012-10-04 06:33 - 00000000 ____D C:\Windows\pss
2012-10-04 06:25 - 2012-10-04 06:25 - 00000000 ____D C:\Program Files\Trend Micro
2012-10-04 06:25 - 2012-10-04 06:25 - 00000000 ____D C:\Program Files\CleanUp!
2012-09-21 15:16 - 2012-09-21 15:17 - 00015021 ____A C:\Windows\KB2744842-IE8.log
2012-09-21 11:08 - 2012-08-28 07:14 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 11:08 - 2012-08-28 07:14 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-21 11:07 - 2012-08-28 07:14 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

==================== 3 Months Modified Files ==================

2012-10-17 06:57 - 2010-12-05 09:59 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{BC1BE4BC-E69F-4F67-AF16-9B88426FF8E6}.job
2012-10-17 06:46 - 2010-03-04 03:23 - 00000282 ____A C:\Windows\Tasks\BackOnTrack Instant Restore Idle.job
2012-10-17 06:35 - 2010-07-17 12:39 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 05:53 - 2009-04-10 18:25 - 00456373 ____A C:\Windows\WindowsUpdate.log
2012-10-17 05:53 - 2009-04-10 18:25 - 00001230 ____A C:\Windows\System32\wpa.dbl
2012-10-17 05:13 - 2012-10-04 09:01 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-17 05:07 - 2009-04-10 18:06 - 00555204 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-17 05:03 - 2009-04-10 18:25 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-17 05:03 - 2009-04-10 10:55 - 00000050 ____A C:\Windows\wiaservc.log
2012-10-17 05:03 - 2009-04-10 10:54 - 00000159 ____A C:\Windows\wiadebug.log
2012-10-12 10:20 - 2012-10-12 08:41 - 00301770 ____A C:\Windows\setupapi.log
2012-10-12 10:20 - 2009-04-10 18:01 - 00525179 ____A C:\Windows\comsetup.log
2012-10-12 10:17 - 2009-04-10 18:01 - 00249496 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-12 09:42 - 2009-04-10 18:10 - 00588135 ____A C:\Windows\tsoc.log
2012-10-12 09:42 - 2009-04-10 18:10 - 00234072 ____A C:\Windows\iis6.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00317622 ____A C:\Windows\ntdtcsetup.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00283562 ____A C:\Windows\setupact.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00083910 ____A C:\Windows\ocmsn.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00004438 ____A C:\Windows\imsins.log
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-10-12 09:39 - 2009-04-10 10:51 - 32505856 ____A C:\Windows\System32\config\software.sav
2012-10-12 09:39 - 2009-04-10 10:51 - 05505024 ____A C:\Windows\System32\config\system.sav
2012-10-12 09:39 - 2009-04-10 10:51 - 00524288 ____A C:\Windows\System32\config\default.sav
2012-10-12 09:39 - 2009-04-10 10:51 - 00262144 ____A C:\Windows\System32\config\userdiff
2012-10-12 09:39 - 2009-04-10 10:51 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG
2012-10-12 09:38 - 2012-10-12 09:38 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-10-12 09:37 - 2009-04-10 10:51 - 00001024 ___AH C:\Windows\System32\config\TempKey.LOG
2012-10-12 09:29 - 2012-10-12 09:29 - 00262144 ____A C:\Windows\System32\config\userdifr
2012-10-12 09:29 - 2012-10-12 09:29 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\MSDOS.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\IO.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\CONFIG.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\AUTOEXEC.BAT
2012-10-12 09:29 - 2009-04-10 18:02 - 00030357 ____A C:\Windows\wmsetup.log
2012-10-12 09:29 - 2009-04-10 17:59 - 00316640 ____A C:\Windows\WMSysPr9.prx
2012-10-12 09:29 - 2009-04-10 17:59 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2012-10-12 09:29 - 2009-04-10 17:59 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2012-10-12 09:28 - 2009-04-10 17:58 - 00004161 ____A C:\Windows\ODBCINST.INI
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest
2012-10-12 09:27 - 2009-04-10 17:59 - 00000507 ____A C:\Windows\win.ini
2012-10-12 09:27 - 2009-04-10 17:57 - 00000749 __RAH C:\Windows\System32\nwc.cpl.manifest
2012-10-12 09:27 - 2009-04-10 17:57 - 00000749 __RAH C:\Windows\System32\cdplayer.exe.manifest
2012-10-12 09:27 - 2009-04-10 17:57 - 00000488 __RAH C:\Windows\System32\WindowsLogon.manifest
2012-10-12 09:25 - 2009-04-10 18:10 - 00004380 ____A C:\Windows\sessmgr.setup.log
2012-10-12 09:25 - 2009-04-10 17:57 - 01501945 ____A C:\Windows\FaxSetup.log
2012-10-12 09:25 - 2009-04-10 17:57 - 00752832 ____A C:\Windows\ocgen.log
2012-10-12 09:25 - 2009-04-10 17:57 - 00076167 ____A C:\Windows\msgsocm.log
2012-10-12 09:25 - 2009-04-10 17:57 - 00023444 ____A C:\Windows\System32\emptyregdb.dat
2012-10-12 09:25 - 2009-04-10 17:57 - 00000993 ____A C:\Windows\DtcInstall.log
2012-10-12 09:23 - 2009-04-10 17:55 - 00000373 ____A C:\Windows\cmsetacl.log
2012-10-12 09:22 - 2009-04-10 17:55 - 00000211 ___SH C:\boot.ini
2012-10-12 09:21 - 2009-04-10 10:53 - 00005208 ____A C:\Windows\System32\pid.PNF
2012-10-12 09:21 - 2009-04-10 10:52 - 00005846 ____A C:\Windows\regopt.log
2012-10-12 09:21 - 2009-04-10 10:52 - 00000231 ____A C:\Windows\system.ini
2012-10-04 11:08 - 2009-04-10 18:25 - 00262144 ____A C:\Windows\System32\config\security.sav
2012-10-04 11:08 - 2009-04-10 18:25 - 00032618 ____A C:\Windows\SchedLgU.Txt
2012-10-04 11:04 - 2012-02-17 09:26 - 00001917 ____A C:\Windows\epplauncher.mif
2012-10-04 11:00 - 2009-08-23 05:30 - 00909423 ____A C:\Windows\setupapi.old
2012-10-04 10:57 - 2010-07-17 12:39 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-04 06:35 - 2012-10-04 06:35 - 00000442 ____A C:\rkill.log
2012-09-21 15:17 - 2012-09-21 15:16 - 00015021 ____A C:\Windows\KB2744842-IE8.log
2012-09-21 15:17 - 2009-08-23 05:32 - 00092579 ____A C:\Windows\updspapi.log
2012-09-21 15:17 - 2009-04-10 18:01 - 00001374 ____A C:\Windows\imsins.BAK
2012-09-16 00:55 - 2012-09-16 00:55 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-09-12 15:01 - 2012-09-12 15:00 - 00006004 ____A C:\Windows\KB2736233.log
2012-09-12 15:00 - 2010-03-09 11:29 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-07 08:04 - 2012-10-04 08:10 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 06:05 - 2012-09-05 06:04 - 00013785 ____A C:\ads_err.adt
2012-09-05 06:04 - 2012-09-05 06:04 - 00004559 ____A C:\ads_err.adm
2012-09-05 06:04 - 2012-09-05 06:04 - 00003072 ____A C:\ads_err.adi
2012-09-05 05:59 - 2012-09-05 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2012-09-05 05:59 - 2012-09-05 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2012-08-30 13:03 - 2012-08-30 13:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-28 11:44 - 2012-08-28 11:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-28 07:14 - 2012-09-21 11:08 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-28 07:14 - 2012-09-21 11:08 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-28 07:14 - 2012-09-21 11:07 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-21 04:01 - 2012-09-16 00:57 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 04:01 - 2012-08-21 04:01 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-08-14 18:12 - 2012-08-14 13:15 - 00016062 ____A C:\Windows\KB2712808.log
2012-08-14 18:11 - 2012-08-14 18:11 - 00011787 ____A C:\Windows\KB2731847.log
2012-08-14 18:11 - 2012-08-14 13:13 - 00015644 ____A C:\Windows\KB2705219.log
2012-08-14 18:10 - 2012-08-14 18:10 - 00010852 ____A C:\Windows\KB2723135.log
2012-08-14 18:08 - 2012-08-14 18:02 - 00015406 ____A C:\Windows\KB2722913-IE8.log


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-04-14 04:00] - [2008-04-14 04:00] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 2038.56 MB
Available physical RAM: 1675.98 MB
Total Pagefile: 1845.72 MB
Available Pagefile: 1710.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.31 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:127.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (STICKY) (Removable) (Total:14.92 GB) (Free:7.05 GB) FAT32
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: (FRMCFRE_EN_DVD) (CDROM) (Total:2.87 GB) (Free:0 GB) UDF
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 8 MB
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 149 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 26 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D STICKY FAT32 Removable 15 GB Healthy

=========================================================
==================== End Of Log ============================

 

[Jay Pfoutz]

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp [x]
4 RemoteRegistry; [x]
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[Adam Snowball]

No change in boot behavior.

######

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-18 18:03:54 Run:1
Running from E:\Utilities\Cleanup Tools\Fabar

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SRFirstRun Value deleted successfully.
RemoteRegistry service deleted successfully.

==== End of Fixlog ====

 

[Jay Pfoutz]

Same thing here, use this script now for the same fix as just above:

start
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe C:\WINDOWS\system32\services.exe
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe C:\WINDOWS\system32\services.exe
end

Let me know how it works out!

 

[Adam Snowball]

Hey. Only just managed to get around to try it out, no joy I am afraid, still the same.

-Ads

######

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-19 15:46:24 Run:2
Running from E:\Utilities\Cleanup Tools\Fabar

==============================================

C:\WINDOWS\system32\services.exe moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe copied successfully to C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\services.exe moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe copied successfully to C:\WINDOWS\system32\services.exe

==== End of Fixlog ====

 

[Jay Pfoutz]

Okay. Please re-run FRST and post a new log.

 

[Adam Snowball]

Search.txt:

Farbar Recovery Scan Tool (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-19 17:29:59
Running from E:\Utilities\Cleanup Tools\Fabar

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2008-04-14 04:00] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

C:\WINDOWS\system32\dllcache\services.exe
[2008-04-14 04:00] - [2008-04-14 04:00] - 0108544 ___AC (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2010-03-08 03:42] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

C:\System Rollback Data\Restore\Current\01125\13\Target\WINDOWS\system32\dllcache\services.exe
[2010-03-08 03:42] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

C:\System Rollback Data\Restore\Current\01125\13\Target\WINDOWS\$NtUninstallKB956572$\services.exe
[2010-03-08 19:10] - [2008-04-15 04:00] - 0108544 ___AC (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\System Rollback Data\Restore\Current\01125\13\Attrib\WINDOWS\$NtUninstallKB956572$\services.exe
[2010-03-08 19:10] - [2008-04-15 04:00] - 0000000 ___AC ()

C:\System Rollback Data\Restore\Current\01125\13\Attrib\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2010-03-08 03:42] - [2009-02-06 03:06] - 0000000 ____A ()

C:\FRST\Quarantine\services.exe
[2008-04-14 04:00] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

=== End Of Search ===

 

[Jay Pfoutz]

Sorry, but I'm talking about a full scan, as in Post #9 above...

 

[Adam Snowball]

FRST.txt - pt1

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by SYSTEM at 19-10-2012 17:27:22
Running from E:\Utilities\Cleanup Tools\Fabar
Microsoft Windows XP Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [x]
HKLM\...\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
4 BOTService; "C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe" [199152 2009-07-08] (Sonic Solutions)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
4 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [221266 2009-08-13] (IDT, Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 IDriverT; "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers (Whitelisted) ====================

3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1746432 2010-03-04] (Broadcom Corporation)
3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991136 2009-04-16] (Broadcom Corporation.)
3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2009-05-06] (Broadcom Corporation.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [39424 2009-03-31] (Atheros Communications, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [160256 2008-11-21] (Realtek Semiconductor Corp.)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] ()
3 STHDA; C:\Windows\System32\drivers\sthda.sys [1644211 2009-08-13] (IDT, Inc.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
0 SysCow; C:\Windows\System32\drivers\syscow32x.sys [103792 2009-07-01] (Sonic Solutions)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
3 massfilter; C:\Windows\System32\drivers\massfilter.sys [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [x]
3 Rts516xIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
4 Simbad; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\Rts5161ccid.sys [x]
3 WDICA; [x]
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x]
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x]
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-18 11:19 - 2012-10-18 11:19 - 00000000 ____D C:\FRST
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-10-12 09:39 - 2008-04-14 04:00 - 00426041 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicepad.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winzm.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winsp.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winpy.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00086073 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicesub.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winar30.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00072704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wingb.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winime.ime
2012-10-12 09:39 - 2008-04-14 04:00 - 00048256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w32.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00041600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.dll
2012-10-12 09:39 - 2008-04-14 04:00 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.sys
2012-10-12 09:39 - 2008-04-14 04:00 - 00028288 ___AC C:\Windows\System32\dllcache\xjis.nls
2012-10-12 09:38 - 2012-10-12 09:38 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-10-12 09:38 - 2008-04-14 04:00 - 00571392 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlgnt.ime
2012-10-12 09:38 - 2008-04-14 04:00 - 00456192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpsvc.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00455168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintsetp.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00358400 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpincl.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00259072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpcl.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00236544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smi2smir.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00188416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpsmir.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00143422 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\softkey.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00101376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\srusbusd.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00076288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\uniime.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\unicdime.ime
2012-10-12 09:38 - 2008-04-14 04:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlphr.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00039936 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpthrd.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm9aw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00033280 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmp.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smb6w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sma3w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm87w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm81w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8cw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm93w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm92w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm90w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8dw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8aw.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm89w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00025088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm59w.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00021896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdipx.sys
2012-10-12 09:38 - 2008-04-14 04:00 - 00019464 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdspx.sys
2012-10-12 09:38 - 2008-04-14 04:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsm.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tsprof.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00013192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdasync.sys
2012-10-12 09:38 - 2008-04-14 04:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tmigrate.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpstup.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmptrap.exe
2012-10-12 09:38 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpmib.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smimsgif.dll
2012-10-12 09:38 - 2008-04-14 04:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsy.dll
2012-10-12 09:38 - 2001-08-17 13:36 - 00012288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_smtpctrs.dll
2012-10-12 09:38 - 2001-08-17 13:36 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_snprfdll.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00131584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxviceo.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00083748 ___AC C:\Windows\System32\dllcache\prcp.nls
2012-10-12 09:37 - 2008-04-14 04:00 - 00083748 ___AC C:\Windows\System32\dllcache\prc.nls
2012-10-12 09:37 - 2008-04-14 04:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia330.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia001.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00077824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quick.ime
2012-10-12 09:37 - 2008-04-14 04:00 - 00070144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlphr.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00067584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmigrate.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00029184 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rw330ext.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00027648 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rw001ext.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\romanime.ime
2012-10-12 09:37 - 2008-04-14 04:00 - 00020736 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys
2012-10-12 09:37 - 2008-04-14 04:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\simptcp.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quser.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\register.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxmcro.dll
2012-10-12 09:37 - 2008-04-14 04:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\query.exe
2012-10-12 09:37 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxgl.dll
2012-10-12 09:37 - 2001-08-17 13:36 - 00057856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_scripto.dll
2012-10-12 09:37 - 2001-08-17 13:36 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_seos.dll
2012-10-12 09:37 - 2001-08-17 13:36 - 00023040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_regtrace.exe
2012-10-12 09:36 - 2008-04-14 04:00 - 00482304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlgnt.ime
2012-10-12 09:36 - 2008-04-14 04:00 - 00229439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\multibox.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00175104 ___AC C:\Windows\System32\dllcache\pintlcsa.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00119808 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mtstocom.exe
2012-10-12 09:36 - 2008-04-14 04:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\phon.ime
2012-10-12 09:36 - 2008-04-14 04:00 - 00053760 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlcsd.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00036927 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs411.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs404.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00015360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs804.dll
2012-10-12 09:36 - 2008-04-14 04:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs412.dll
2012-10-12 09:36 - 2001-08-17 13:36 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_ntfsdrv.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 01875968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.lex
2012-10-12 09:35 - 2008-04-14 04:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00092416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.sys
2012-10-12 09:35 - 2008-04-14 04:00 - 00092032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lmmib2.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00022528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lpdsvc.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lprmon.dll
2012-10-12 09:35 - 2008-04-14 04:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\migregdb.exe
2012-10-12 09:35 - 2001-08-17 13:36 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_mailmsg.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 01158818 ___AC C:\Windows\System32\dllcache\korwbrkr.lex
2012-10-12 09:34 - 2008-04-14 04:00 - 00811064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81k.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00716856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcus.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00471102 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskdic.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00368696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcic.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00340023 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81.ime
2012-10-12 09:34 - 2008-04-14 04:00 - 00315455 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskf.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00311359 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsv.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00307257 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00274489 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputyc.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00262200 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputy.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00233527 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjprw.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00208952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpmig.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00196665 ___AC C:\Windows\System32\dllcache\imjpinst.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00155705 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdsvr.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00102456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imlang.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00081976 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00070656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\korwbrkr.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00059904 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imkrinst.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00059392 ___AC C:\Windows\System32\dllcache\imscinst.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00057398 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdadm.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00047066 ___AC C:\Windows\System32\dllcache\ksc.nls
2012-10-12 09:34 - 2008-04-14 04:00 - 00045109 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpuex.exe
2012-10-12 09:34 - 2008-04-14 04:00 - 00035328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iprip.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00018432 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jupiw.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecat.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecnt.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnec95.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdibm02.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41a.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41j.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdax2.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106n.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101a.dll
2012-10-12 09:34 - 2008-04-14 04:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 13463552 ___AC C:\Windows\System32\dllcache\hwxjpn.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 10129408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxkor.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 10096640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxcht.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00562176 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsst.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00451584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsapi.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00400384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsxp32.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00397312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxstiff.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00285184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscomex.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00267776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssvc.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00246272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxst30.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00229376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscover.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00192512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxswzrd.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00154112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsui.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00142848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclnt.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00134339 ___AC C:\Windows\System32\dllcache\imekr.lex
2012-10-12 09:33 - 2008-04-14 04:00 - 00132608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclntr.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscfgwz.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00108827 ___AC C:\Windows\System32\dllcache\hanja.lex
2012-10-12 09:33 - 2008-04-14 04:00 - 00106496 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrcic.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00102463 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsm.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekr61.ime
2012-10-12 09:33 - 2008-04-14 04:00 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmbx.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00072192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscom.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00055296 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsevent.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmig.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00039936 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hostmib.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00036864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hanjadic.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsroute.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsdrv.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsmon.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsext32.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\flattemp.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssend.exe
2012-10-12 09:33 - 2008-04-14 04:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsperf.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\f3ahvoas.dll
2012-10-12 09:33 - 2008-04-14 04:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsres.dll
2012-10-12 09:33 - 2003-03-24 07:52 - 00094208 ___AC C:\Windows\System32\dllcache\fpencode.dll
2012-10-12 09:33 - 2003-03-24 07:52 - 00024632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmcgi.exe
2012-10-12 09:33 - 2003-03-24 07:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmdll.dll
2012-10-12 09:33 - 2001-08-17 13:36 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_fcachdll.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00480256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintsetp.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00101888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntagnt.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00092160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntwin.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00078848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dayi.ime
2012-10-12 09:32 - 2008-04-14 04:00 - 00057856 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimgd.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00057399 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cplexe.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00045056 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunid.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00031744 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucmd.dll
2012-10-12 09:32 - 2008-04-14 04:00 - 00025856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\et4000.sys
2012-10-12 09:32 - 2008-04-14 04:00 - 00024064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntcmd.exe
2012-10-12 09:32 - 2008-04-14 04:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cprofile.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 01677824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chsbrkr.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00838144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtbrkr.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00218112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_g18030.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00198656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintime.dll

 

[Adam Snowball]

FRST.txt p2


2012-10-12 09:31 - 2008-04-14 04:00 - 00195618 ___AC C:\Windows\System32\dllcache\c_10002.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00189986 ___AC C:\Windows\System32\dllcache\c_1361.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00187938 ___AC C:\Windows\System32\dllcache\c_20005.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00186402 ___AC C:\Windows\System32\dllcache\c_20001.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00185378 ___AC C:\Windows\System32\dllcache\c_20003.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00180770 ___AC C:\Windows\System32\dllcache\c_20932.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20004.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20000.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_20949.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_10003.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20936.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20002.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_10008.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00173568 ___AC C:\Windows\System32\dllcache\chtskf.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00162850 ___AC C:\Windows\System32\dllcache\c_10001.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00097792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtmbx.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00082172 ___AC C:\Windows\System32\dllcache\bopomofo.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chajei.ime
2012-10-12 09:31 - 2008-04-14 04:00 - 00066728 ___AC C:\Windows\System32\dllcache\big5.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_858.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_870.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21027.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21025.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20924.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20880.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20871.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20838.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20833.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20424.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20423.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20420.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20297.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20290.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20285.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20284.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20280.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20278.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20277.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20273.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20269.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20108.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20107.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20106.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20105.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1149.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1148.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1147.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1146.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1145.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1144.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1143.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1142.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1141.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1140.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1047.nls
2012-10-12 09:31 - 2008-04-14 04:00 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtskdic.dll
2012-10-12 09:31 - 2008-04-14 04:00 - 00054528 ___AC (Philips Semiconductors GmbH) C:\Windows\System32\dllcache\cap7146.sys
2012-10-12 09:31 - 2008-04-14 04:00 - 00021504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintlgnt.ime
2012-10-12 09:31 - 2008-04-14 04:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgport.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgusr.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chglogon.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\change.exe
2012-10-12 09:31 - 2008-04-14 04:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_is2022.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00331264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\aqueue.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0804.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0412.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0411.dll
2012-10-12 09:30 - 2008-04-14 04:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0404.dll
2012-10-12 09:30 - 2003-03-24 07:52 - 00032827 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptest.exe
2012-10-12 09:30 - 2003-03-24 07:52 - 00020536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.dll
2012-10-12 09:30 - 2003-03-24 07:52 - 00016437 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.exe
2012-10-12 09:30 - 2003-03-24 07:52 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptsat.dll
2012-10-12 09:30 - 2001-08-17 13:36 - 00045056 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_aqadmin.dll
2012-10-12 09:30 - 2001-08-17 13:36 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_adsiisex.dll
2012-10-12 09:29 - 2012-10-12 09:29 - 00262144 ____A C:\Windows\System32\config\userdifr
2012-10-12 09:29 - 2012-10-12 09:29 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\MSDOS.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\IO.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\CONFIG.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\AUTOEXEC.BAT
2012-10-12 09:29 - 2004-05-12 15:39 - 00876653 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awel.dll
2012-10-12 09:29 - 2004-05-12 15:39 - 00598071 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmc.dll
2012-10-12 09:29 - 2004-05-12 15:39 - 00184435 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4amsft.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00208896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmcsat.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00188494 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpcount.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00188480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cfgwiz.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00147513 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4apws.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00109328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98swin.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00102509 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4atxt.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00082035 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4anscp.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00049212 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awebs.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00049210 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4areg.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00041020 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avnb.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00032826 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avss.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpexedll.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.dll
2012-10-12 09:29 - 2003-03-24 07:52 - 00020538 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpremadm.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.exe
2012-10-12 09:29 - 2003-03-24 07:52 - 00014608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98sadm.exe
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest
2012-10-12 09:26 - 2008-04-14 04:00 - 03558912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\moviemk.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 01314816 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msoe.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 01135616 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaueng.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 01135616 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00851968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\vgx.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00774144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\setup_wm.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00744448 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\helpsvc.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00691712 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcomm.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00691712 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00536576 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado15.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00430592 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuapi.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00430592 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00368640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mpvis.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00331776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadce.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00214528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwconn1.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00200704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadox.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00180224 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadomd.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00172032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwhelp.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00162304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaucpl.cpl
2012-10-12 09:26 - 2008-04-14 04:00 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl
2012-10-12 09:26 - 2008-04-14 04:00 - 00153088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\triedit.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00143360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msadco.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00128512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dhtmled.ocx
2012-10-12 09:26 - 2008-04-14 04:00 - 00120320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuweb.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00120320 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00112640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wucltui.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuauclt.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00111104 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00102400 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msjro.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmpband.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00093184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iexplore.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwconn2.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado27.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado26.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado25.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isign32.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\isign32.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00073728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmplayer.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00073728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwtutor.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado21.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msado20.tlb
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwres.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwconn.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00049152 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwutil.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00046080 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wab.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00040960 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\trialoc.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hmmapi.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00032768 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwdl.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00032256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wups.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00032256 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-10-12 09:26 - 2008-04-14 04:00 - 00024576 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\icwrmind.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00020480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetwiz.exe
2012-10-12 09:26 - 2008-04-14 04:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isignup.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 02061824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lhmstscx.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 02061824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00956928 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtctm.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\msdtctm.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00677888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lhmstsc.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00677888 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00472064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fastprox.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00437248 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmiprvsd.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00427008 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtcprx.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00427008 ____A (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00343040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mspaint.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\mspaint.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00218112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wmiprvse.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00214528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wordpad.exe
2012-10-12 09:24 - 2008-04-14 04:00 - 00161792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtcuiu.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msdtcuiu.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00139656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
2012-10-12 09:24 - 2008-04-14 04:00 - 00139656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-10-12 09:24 - 2008-04-14 04:00 - 00091648 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mtxoci.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\mtxoci.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00058880 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msdtclog.dll
2012-10-12 09:24 - 2008-04-14 04:00 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\msdtclog.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 02144487 ___AC C:\Windows\System32\dllcache\NT5.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 01296669 ___AC C:\Windows\System32\dllcache\SP3.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 01088840 ___RA C:\Windows\SET138.tmp
2012-10-12 08:43 - 2008-04-14 04:00 - 01088840 ___AC C:\Windows\System32\dllcache\NTPRINT.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00797189 ___AC C:\Windows\System32\dllcache\NT5IIS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00402264 ___AC C:\Windows\System32\dllcache\NT5INF.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00399645 ___AC C:\Windows\System32\dllcache\MAPIMIG.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00171588 ___AC C:\Windows\System32\dllcache\startoc.cat
2012-10-12 08:43 - 2008-04-14 04:00 - 00037484 ___AC C:\Windows\System32\dllcache\MW770.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00034063 ___AC C:\Windows\System32\dllcache\FP4.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00026991 ___AC C:\Windows\System32\dllcache\msn7.cat
2012-10-12 08:43 - 2008-04-14 04:00 - 00024661 ___AC (Perle Systems Ltd.) C:\Windows\System32\dllcache\spxcoins.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00024661 ____A (Perle Systems Ltd.) C:\Windows\System32\spxcoins.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00016535 ___RA C:\Windows\SET144.tmp
2012-10-12 08:43 - 2008-04-14 04:00 - 00016535 ___AC C:\Windows\System32\dllcache\IMS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00014433 ___AC C:\Windows\System32\dllcache\msn9.cat
2012-10-12 08:43 - 2008-04-14 04:00 - 00013472 ___AC C:\Windows\System32\dllcache\HPCRDP.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\irclass.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\irclass.dll
2012-10-12 08:43 - 2008-04-14 04:00 - 00012363 ___AC C:\Windows\System32\dllcache\MSMSGS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00010027 ___AC C:\Windows\System32\dllcache\MSTSWEB.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00008574 ___AC C:\Windows\System32\dllcache\IASNT4.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00007382 ___AC C:\Windows\System32\dllcache\OEMBIOS.CAT
2012-10-12 08:43 - 2008-04-14 04:00 - 00007334 ___AC C:\Windows\System32\dllcache\wmerrenu.cat
2012-10-12 08:42 - 2008-04-14 04:00 - 01296669 ___RA C:\Windows\SET135.tmp
2012-10-12 08:41 - 2012-10-12 10:20 - 00301770 ____A C:\Windows\setupapi.log
2012-10-04 09:01 - 2012-10-17 05:13 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-04 08:50 - 2012-10-04 11:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-04 08:10 - 2012-10-04 08:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-04 08:10 - 2012-09-07 08:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-04 06:35 - 2012-10-04 06:35 - 00000442 ____A C:\rkill.log
2012-10-04 06:33 - 2012-10-04 06:33 - 00000000 ____D C:\Windows\pss
2012-10-04 06:25 - 2012-10-04 06:25 - 00000000 ____D C:\Program Files\Trend Micro
2012-10-04 06:25 - 2012-10-04 06:25 - 00000000 ____D C:\Program Files\CleanUp!
2012-09-21 15:16 - 2012-09-21 15:17 - 00015021 ____A C:\Windows\KB2744842-IE8.log
2012-09-21 11:08 - 2012-08-28 07:14 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 11:08 - 2012-08-28 07:14 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-21 11:07 - 2012-08-28 07:14 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

==================== 3 Months Modified Files ==================

2012-10-19 06:49 - 2009-04-10 18:25 - 00467315 ____A C:\Windows\WindowsUpdate.log
2012-10-19 06:48 - 2009-04-10 18:25 - 00032618 ____A C:\Windows\SchedLgU.Txt
2012-10-19 06:48 - 2009-04-10 18:25 - 00001230 ____A C:\Windows\System32\wpa.dbl
2012-10-19 06:48 - 2009-04-10 18:25 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-19 06:48 - 2009-04-10 10:55 - 00000050 ____A C:\Windows\wiaservc.log
2012-10-19 06:48 - 2009-04-10 10:54 - 00000275 ____A C:\Windows\wiadebug.log
2012-10-17 06:57 - 2010-12-05 09:59 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{BC1BE4BC-E69F-4F67-AF16-9B88426FF8E6}.job
2012-10-17 06:46 - 2010-03-04 03:23 - 00000282 ____A C:\Windows\Tasks\BackOnTrack Instant Restore Idle.job
2012-10-17 06:35 - 2010-07-17 12:39 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 05:13 - 2012-10-04 09:01 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-17 05:07 - 2009-04-10 18:06 - 00555204 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-12 10:20 - 2012-10-12 08:41 - 00301770 ____A C:\Windows\setupapi.log
2012-10-12 10:20 - 2009-04-10 18:01 - 00525179 ____A C:\Windows\comsetup.log
2012-10-12 10:17 - 2009-04-10 18:01 - 00249496 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-12 09:42 - 2009-04-10 18:10 - 00588135 ____A C:\Windows\tsoc.log
2012-10-12 09:42 - 2009-04-10 18:10 - 00234072 ____A C:\Windows\iis6.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00317622 ____A C:\Windows\ntdtcsetup.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00283562 ____A C:\Windows\setupact.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00083910 ____A C:\Windows\ocmsn.log
2012-10-12 09:42 - 2009-04-10 18:01 - 00004438 ____A C:\Windows\imsins.log
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-10-12 09:39 - 2012-10-12 09:39 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-10-12 09:39 - 2009-04-10 10:51 - 32505856 ____A C:\Windows\System32\config\software.sav
2012-10-12 09:39 - 2009-04-10 10:51 - 05505024 ____A C:\Windows\System32\config\system.sav
2012-10-12 09:39 - 2009-04-10 10:51 - 00524288 ____A C:\Windows\System32\config\default.sav
2012-10-12 09:39 - 2009-04-10 10:51 - 00262144 ____A C:\Windows\System32\config\userdiff
2012-10-12 09:39 - 2009-04-10 10:51 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG
2012-10-12 09:38 - 2012-10-12 09:38 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-10-12 09:37 - 2009-04-10 10:51 - 00001024 ___AH C:\Windows\System32\config\TempKey.LOG
2012-10-12 09:29 - 2012-10-12 09:29 - 00262144 ____A C:\Windows\System32\config\userdifr
2012-10-12 09:29 - 2012-10-12 09:29 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\MSDOS.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 _RASH C:\IO.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\CONFIG.SYS
2012-10-12 09:29 - 2012-10-12 09:29 - 00000000 ____A C:\AUTOEXEC.BAT
2012-10-12 09:29 - 2009-04-10 18:02 - 00030357 ____A C:\Windows\wmsetup.log
2012-10-12 09:29 - 2009-04-10 17:59 - 00316640 ____A C:\Windows\WMSysPr9.prx
2012-10-12 09:29 - 2009-04-10 17:59 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2012-10-12 09:29 - 2009-04-10 17:59 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2012-10-12 09:28 - 2009-04-10 17:58 - 00004161 ____A C:\Windows\ODBCINST.INI
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest
2012-10-12 09:27 - 2012-10-12 09:27 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest
2012-10-12 09:27 - 2009-04-10 17:59 - 00000507 ____A C:\Windows\win.ini
2012-10-12 09:27 - 2009-04-10 17:57 - 00000749 __RAH C:\Windows\System32\nwc.cpl.manifest
2012-10-12 09:27 - 2009-04-10 17:57 - 00000749 __RAH C:\Windows\System32\cdplayer.exe.manifest
2012-10-12 09:27 - 2009-04-10 17:57 - 00000488 __RAH C:\Windows\System32\WindowsLogon.manifest
2012-10-12 09:25 - 2009-04-10 18:10 - 00004380 ____A C:\Windows\sessmgr.setup.log
2012-10-12 09:25 - 2009-04-10 17:57 - 01501945 ____A C:\Windows\FaxSetup.log
2012-10-12 09:25 - 2009-04-10 17:57 - 00752832 ____A C:\Windows\ocgen.log
2012-10-12 09:25 - 2009-04-10 17:57 - 00076167 ____A C:\Windows\msgsocm.log
2012-10-12 09:25 - 2009-04-10 17:57 - 00023444 ____A C:\Windows\System32\emptyregdb.dat
2012-10-12 09:25 - 2009-04-10 17:57 - 00000993 ____A C:\Windows\DtcInstall.log
2012-10-12 09:23 - 2009-04-10 17:55 - 00000373 ____A C:\Windows\cmsetacl.log
2012-10-12 09:22 - 2009-04-10 17:55 - 00000211 ___SH C:\boot.ini
2012-10-12 09:21 - 2009-04-10 10:53 - 00005208 ____A C:\Windows\System32\pid.PNF
2012-10-12 09:21 - 2009-04-10 10:52 - 00005846 ____A C:\Windows\regopt.log
2012-10-12 09:21 - 2009-04-10 10:52 - 00000231 ____A C:\Windows\system.ini
2012-10-04 11:08 - 2009-04-10 18:25 - 00262144 ____A C:\Windows\System32\config\security.sav
2012-10-04 11:04 - 2012-02-17 09:26 - 00001917 ____A C:\Windows\epplauncher.mif
2012-10-04 11:00 - 2009-08-23 05:30 - 00909423 ____A C:\Windows\setupapi.old
2012-10-04 10:57 - 2010-07-17 12:39 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-04 06:35 - 2012-10-04 06:35 - 00000442 ____A C:\rkill.log
2012-09-21 15:17 - 2012-09-21 15:16 - 00015021 ____A C:\Windows\KB2744842-IE8.log
2012-09-21 15:17 - 2009-08-23 05:32 - 00092579 ____A C:\Windows\updspapi.log
2012-09-21 15:17 - 2009-04-10 18:01 - 00001374 ____A C:\Windows\imsins.BAK
2012-09-16 00:55 - 2012-09-16 00:55 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-09-12 15:01 - 2012-09-12 15:00 - 00006004 ____A C:\Windows\KB2736233.log
2012-09-12 15:00 - 2010-03-09 11:29 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-07 08:04 - 2012-10-04 08:10 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 06:05 - 2012-09-05 06:04 - 00013785 ____A C:\ads_err.adt
2012-09-05 06:04 - 2012-09-05 06:04 - 00004559 ____A C:\ads_err.adm
2012-09-05 06:04 - 2012-09-05 06:04 - 00003072 ____A C:\ads_err.adi
2012-09-05 05:59 - 2012-09-05 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2012-09-05 05:59 - 2012-09-05 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2012-08-30 13:03 - 2012-08-30 13:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-28 11:44 - 2012-08-28 11:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-28 07:14 - 2012-09-21 11:08 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-28 07:14 - 2012-09-21 11:08 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-28 07:14 - 2012-09-21 11:07 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-21 04:01 - 2012-09-16 00:57 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 04:01 - 2012-08-21 04:01 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-08-14 18:12 - 2012-08-14 13:15 - 00016062 ____A C:\Windows\KB2712808.log
2012-08-14 18:11 - 2012-08-14 18:11 - 00011787 ____A C:\Windows\KB2731847.log
2012-08-14 18:11 - 2012-08-14 13:13 - 00015644 ____A C:\Windows\KB2705219.log
2012-08-14 18:10 - 2012-08-14 18:10 - 00010852 ____A C:\Windows\KB2723135.log
2012-08-14 18:08 - 2012-08-14 18:02 - 00015406 ____A C:\Windows\KB2722913-IE8.log


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-04-14 04:00] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 2038.56 MB
Available physical RAM: 1670.27 MB
Total Pagefile: 1845.72 MB
Available Pagefile: 1705.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.95 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:125.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (FRMCFRE_EN_DVD) (CDROM) (Total:2.87 GB) (Free:0 GB) UDF
3 Drive e: (STICKY) (Removable) (Total:14.92 GB) (Free:7.09 GB) FAT32
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 8 MB
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 149 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 26 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E STICKY FAT32 Removable 15 GB Healthy

=========================================================
==================== End Of Log ============================

 

[Jay Pfoutz]

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Network REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPENet.exe and double-click on it to burn to a CD using ISO Burner.
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

 

[Adam Snowball]

Hi DMJ. Sorry I have not replied sooner, I have not been in the office for a few days.

The process did not go as described. I was not asked "Do you wish to load the remote registry", the drivers option had "None", "Use Safelist" and "All"; and therefore no option of "Non-Microsoft" and there was no C:\_OTL\MovedFiles folder created.

I presumed "None" was interchangeable with "Non-Microsoft" in the drivers part and ran the scan.

Attached OTL.txt below

 

[Adam Snowball]

OTL.txt pt1:

OTL logfile created on: 10/24/2012 4:24:12 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 125.43 Gb Free Space | 84.16% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/09/12 12:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/13 13:09:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/06/02 14:05:58 | 000,457,200 | ---- | M] () [Auto] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2008/04/15 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1349377222687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/12 13:29:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 15:19:05 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/16 11:15:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/12 14:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/10/12 13:39:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012/10/12 13:39:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012/10/12 13:39:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012/10/12 13:39:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012/10/12 13:39:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012/10/12 13:39:22 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012/10/12 13:39:18 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/10/12 13:39:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/10/12 13:39:11 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/10/12 13:39:10 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012/10/12 13:39:09 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012/10/12 13:38:58 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012/10/12 13:38:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012/10/12 13:38:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/10/12 13:38:48 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/10/12 13:38:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/10/12 13:38:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/10/12 13:38:46 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/10/12 13:38:43 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/10/12 13:38:42 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/10/12 13:38:42 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/10/12 13:38:25 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/10/12 13:38:17 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/10/12 13:38:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012/10/12 13:38:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012/10/12 13:38:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/10/12 13:38:13 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012/10/12 13:38:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/10/12 13:38:12 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012/10/12 13:38:12 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012/10/12 13:38:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012/10/12 13:38:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012/10/12 13:38:10 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012/10/12 13:38:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/10/12 13:38:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/10/12 13:38:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/10/12 13:38:06 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012/10/12 13:38:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/10/12 13:38:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/10/12 13:38:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/10/12 13:38:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/10/12 13:38:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/10/12 13:38:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/10/12 13:38:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/10/12 13:38:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/10/12 13:38:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/10/12 13:38:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/10/12 13:38:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/10/12 13:38:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/10/12 13:38:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/10/12 13:38:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/10/12 13:37:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/10/12 13:37:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/10/12 13:37:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/10/12 13:37:41 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/10/12 13:37:41 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/10/12 13:37:40 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/10/12 13:37:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012/10/12 13:37:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012/10/12 13:37:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/10/12 13:37:28 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/10/12 13:37:15 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012/10/12 13:37:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/10/12 13:37:13 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012/10/12 13:37:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/10/12 13:37:02 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/10/12 13:37:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/10/12 13:37:01 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/10/12 13:37:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/10/12 13:37:00 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/10/12 13:36:59 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/10/12 13:36:59 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2012/10/12 13:36:57 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2012/10/12 13:36:52 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012/10/12 13:36:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/10/12 13:36:51 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/10/12 13:36:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012/10/12 13:36:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/10/12 13:36:11 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/10/12 13:36:10 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012/10/12 13:35:52 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/10/12 13:35:52 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/10/12 13:35:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012/10/12 13:35:16 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/10/12 13:35:16 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/10/12 13:35:10 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/10/12 13:35:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012/10/12 13:35:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012/10/12 13:35:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012/10/12 13:34:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/10/12 13:34:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/10/12 13:34:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/10/12 13:34:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/10/12 13:34:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2012/10/12 13:34:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2012/10/12 13:34:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2012/10/12 13:34:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2012/10/12 13:34:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2012/10/12 13:34:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/10/12 13:34:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2012/10/12 13:34:28 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/10/12 13:34:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012/10/12 13:34:14 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012/10/12 13:34:13 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/10/12 13:34:12 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/10/12 13:34:11 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/10/12 13:34:10 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012/10/12 13:34:10 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012/10/12 13:34:09 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/10/12 13:34:07 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012/10/12 13:34:06 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012/10/12 13:34:05 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012/10/12 13:34:04 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012/10/12 13:34:04 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012/10/12 13:34:04 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/10/12 13:34:03 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012/10/12 13:34:02 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012/10/12 13:34:01 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012/10/12 13:34:01 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012/10/12 13:34:00 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/10/12 13:33:59 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/10/12 13:33:59 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012/10/12 13:33:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/10/12 13:33:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012/10/12 13:33:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012/10/12 13:33:43 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/10/12 13:33:35 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/10/12 13:33:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012/10/12 13:33:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/10/12 13:33:22 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012/10/12 13:33:22 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012/10/12 13:33:21 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012/10/12 13:33:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012/10/12 13:33:21 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012/10/12 13:33:20 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012/10/12 13:33:20 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012/10/12 13:33:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/10/12 13:33:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/10/12 13:33:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012/10/12 13:33:18 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012/10/12 13:33:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012/10/12 13:33:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012/10/12 13:33:17 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012/10/12 13:33:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll

 

[Adam Snowball]

OTL.txt pt2:


[2012/10/12 13:33:16 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012/10/12 13:33:16 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012/10/12 13:33:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012/10/12 13:33:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012/10/12 13:33:15 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/10/12 13:33:14 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012/10/12 13:33:14 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/10/12 13:33:09 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012/10/12 13:33:09 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012/10/12 13:33:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/10/12 13:33:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/10/12 13:33:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2012/10/12 13:32:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012/10/12 13:32:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012/10/12 13:32:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012/10/12 13:32:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/10/12 13:32:55 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/10/12 13:32:55 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/10/12 13:32:54 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/10/12 13:32:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012/10/12 13:32:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/10/12 13:32:10 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012/10/12 13:32:00 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/10/12 13:31:59 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/10/12 13:31:59 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/10/12 13:31:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/10/12 13:31:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/10/12 13:31:54 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/10/12 13:31:53 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/10/12 13:31:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/10/12 13:31:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/10/12 13:31:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/10/12 13:31:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012/10/12 13:31:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/10/12 13:31:45 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/10/12 13:31:43 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2012/10/12 13:31:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/10/12 13:30:56 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012/10/12 13:30:56 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/10/12 13:30:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2012/10/12 13:30:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2012/10/12 13:30:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2012/10/12 13:30:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2012/10/12 13:30:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/10/12 13:30:12 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012/10/12 13:30:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012/10/12 13:30:10 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012/10/12 13:30:09 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012/10/12 13:29:56 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012/10/12 13:29:54 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012/10/12 13:29:53 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012/10/12 13:29:53 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012/10/12 13:29:52 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012/10/12 13:29:52 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012/10/12 13:29:51 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012/10/12 13:29:50 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012/10/12 13:29:50 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012/10/12 13:29:49 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012/10/12 13:29:49 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012/10/12 13:29:48 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012/10/12 13:29:48 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012/10/12 13:29:47 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012/10/12 13:29:47 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012/10/12 13:29:46 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012/10/12 13:29:43 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012/10/12 13:29:42 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012/10/12 13:29:41 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012/10/12 13:29:39 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012/10/12 13:29:37 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012/10/12 13:26:55 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2012/10/12 13:26:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2012/10/12 13:26:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2012/10/12 13:26:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/10/12 13:26:52 | 000,851,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2012/10/12 13:26:47 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2012/10/12 13:26:47 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2012/10/12 13:26:46 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2012/10/12 13:26:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2012/10/12 13:26:45 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/10/12 13:26:45 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/10/12 13:26:45 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/10/12 13:26:44 | 001,135,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/10/12 13:26:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/10/12 13:26:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/10/12 13:26:43 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/10/12 13:26:43 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/10/12 13:26:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/10/12 13:26:43 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/10/12 13:26:42 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/10/12 13:26:34 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/10/12 13:26:34 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/10/12 13:26:33 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2012/10/12 13:26:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2012/10/12 13:26:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2012/10/12 13:26:27 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2012/10/12 13:26:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2012/10/12 13:26:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2012/10/12 13:26:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2012/10/12 13:26:26 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2012/10/12 13:26:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2012/10/12 13:26:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2012/10/12 13:26:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2012/10/12 13:26:25 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2012/10/12 13:26:25 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2012/10/12 13:26:25 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2012/10/12 13:26:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2012/10/12 13:26:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2012/10/12 13:26:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2012/10/12 13:26:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2012/10/12 13:26:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2012/10/12 13:26:22 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012/10/12 13:26:22 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2012/10/12 13:26:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012/10/12 13:26:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2012/10/12 13:26:18 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2012/10/12 13:24:12 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2012/10/12 13:24:12 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2012/10/12 13:24:10 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/10/12 13:24:09 | 002,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2012/10/12 13:24:08 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2012/10/12 13:24:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2012/10/12 13:24:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2012/10/12 13:24:06 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2012/10/12 13:24:06 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2012/10/12 13:24:06 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2012/10/12 13:24:06 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2012/10/12 13:24:04 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2012/10/12 13:24:04 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2012/10/12 13:24:04 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2012/10/12 13:24:04 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2012/10/12 12:43:56 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/10/12 12:43:56 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/10/12 12:43:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/10/12 12:43:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/10/04 15:03:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/04 12:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/04 12:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2012/10/04 12:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 12:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/04 12:10:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/04 12:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/04 10:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/04 10:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/10/04 10:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012/10/04 10:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Start Menu\Programs\CleanUp!
[2012/10/04 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2012/10/04 10:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\U3
[2010/03/04 07:20:33 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/03/04 07:20:28 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/19 10:49:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/19 10:48:00 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/19 10:47:45 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/17 10:57:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC1BE4BC-E69F-4F67-AF16-9B88426FF8E6}.job
[2012/10/17 10:46:25 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2012/10/17 10:35:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 09:13:07 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/17 09:07:22 | 000,465,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/17 09:07:22 | 000,080,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/12 14:17:41 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/12 13:41:08 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/10/12 13:29:21 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/10/12 13:29:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/10/12 13:29:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/10/12 13:29:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/10/12 13:29:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/10/12 13:29:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/10/12 13:29:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/10/12 13:29:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/10/12 13:28:55 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/12 13:27:08 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/10/12 13:25:51 | 000,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/12 13:25:24 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/10/12 13:24:23 | 000,000,609 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/10/12 13:22:44 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/10/12 13:21:35 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/10/04 15:04:24 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/04 15:04:21 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/04 15:00:28 | 000,909,423 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012/10/04 14:57:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 12:10:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/04 12:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 10:35:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\housecall.guid.cache
[2012/10/04 10:28:15 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/10/04 10:25:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2012/10/04 10:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 13:43:07 | 2138,361,856 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/12 13:36:58 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/10/12 13:34:54 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/10/12 13:34:12 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/10/12 13:34:05 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/10/12 13:33:57 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/10/12 13:33:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/10/12 13:33:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/10/12 13:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/10/12 13:31:58 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/10/12 13:29:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/10/12 13:29:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/10/12 13:29:20 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/10/12 13:29:20 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/10/12 12:43:38 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2012/10/12 12:43:37 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/10/12 12:43:37 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/10/12 12:43:37 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/10/12 12:43:37 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/10/12 12:43:36 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/10/12 12:43:36 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/10/12 12:43:36 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/10/12 12:43:35 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/10/12 12:43:35 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/10/12 12:43:35 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/10/12 12:43:34 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/10/12 12:43:34 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/10/12 12:43:34 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/10/12 12:43:33 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/10/12 12:43:32 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/10/12 12:43:31 | 000,402,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/10/04 13:01:18 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/04 12:51:22 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/04 12:10:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/04 10:35:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\housecall.guid.cache
[2012/10/04 10:25:41 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2012/09/05 11:48:52 | 000,130,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/14 17:49:33 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\John\Application Data\result.db
[2012/02/17 13:17:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 11:24:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 12:39:31 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/05 16:23:10 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/05 16:17:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/06 11:25:34 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\John\GoToAssistDownloadHelper.exe
[2010/03/04 07:20:33 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/03/04 07:20:33 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/03/04 07:20:33 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/23 10:30:54 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/23 09:50:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/05 09:00:32 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/04/10 22:25:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/10 22:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/10 22:06:58 | 000,465,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/10 22:06:58 | 000,080,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/10 22:01:42 | 000,249,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/10 21:58:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/10 21:57:24 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 17:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 17:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/15 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 06:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 06:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 06:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2001/11/14 09:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/06/13 06:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MSNInstaller
[2012/09/05 10:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Research In Motion
[2010/03/04 18:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Tatara Systems
[2012/02/17 14:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Windows Desktop Search
[2012/03/23 08:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Windows Search
[2012/09/16 04:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/04/06 11:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/06/11 07:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/03/04 07:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2012/09/05 09:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/08/23 10:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/06/11 07:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/10/17 10:46:25 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
[2012/10/17 10:57:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC1BE4BC-E69F-4F67-AF16-9B88426FF8E6}.job

========== Purity Check ==========


< End of report >

 

[Jay Pfoutz]

Sorry this gets complicated. You're doing well.

FRST MBRFix

Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix application to the USB drive.

Also download the attached fixlist.txt and save it to the flash drive.

Now please enter OTLPE on the infected computer

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.

 

[Adam Snowball]

Hi. It has been running for 48 hours and did nothing, so I rebooted it. Then I realised I put the two files in different folders, and it ran straight away after that; oops.

#########

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-29 15:01:28 Run:4
Running from D:\Utilities\Cleanup Tools\Fabar

==============================================

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

 

[Jay Pfoutz]

Oh that sucks.

Any chance you can try to do the install procedure for Windows again?

Need backup help for personal data?