Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winn.exe has infected my computer, how to fix?


  • This topic is locked This topic is locked
7 replies to this topic

#1 WinnexeHurts

WinnexeHurts

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 26 March 2015 - 10:20 PM

I found Winn in my startup menu in task manager. When right clicked it only gave me the options to enable/disable and to look it up online. This brought me to this website: http://www.bleepingcomputer.com/startups/Winnexe-10958.html

Could someone help me figure out how to remove this from my computer? I am using windows 8.1. Thanks. 


Edited by hamluis, 27 March 2015 - 06:53 AM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:54 PM

Posted 27 March 2015 - 05:27 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 WinnexeHurts

WinnexeHurts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 27 March 2015 - 05:44 AM

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Matt (administrator) on MATT-PC on 27-03-2015 03:41:27
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt & UpdatusUser (Available profiles: Matt & UpdatusUser)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [winn] => c:\windows\winn.exe
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2014-11-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\MountPoints2: {f826f400-be0b-11e4-8271-2016d83526c0} - "D:\VerizonWirelessUpgradeAssistantSetup.exe" -a
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSpico v9.2.3 Final.lnk
ShortcutTarget: KMSpico v9.2.3 Final.lnk -> C:\ProgramData\{6d5cd84b-986c-043e-6d5c-cd84b986612e}\KMSpico v9.2.3 Final.exe ()
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US ♥ 007 ♥ [CTRG] Torrent - KickassTorrents.lnk
ShortcutTarget: Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US ♥ 007 ♥ [CTRG] Torrent - KickassTorrents.lnk -> C:\ProgramData\{9f5c67b0-643f-0042-9f5c-c67b06439ec1}\Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US ♥ 007 ♥ [CTRG] Torrent - KickassTorrents.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtheglobe.info/?pid=724&r=2015/01/16&hid=2233438249265994342&lg=EN&cc=US
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-3596638994-3219081638-1821768126-1002] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/01/16&hid=2233438249265994342&lg=EN&cc=US
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-15] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (reddit companion) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (synccit for reddit) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgggkkgpoeknlpdllmhdagbfnhaigmd [2015-01-02]
CHR Extension: (Reddit-upvote-display) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfobbbcbkffeghhiemeplhjaoeoeofh [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Stylish) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-01-02]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2015-01-02]
CHR Extension: (Hola Better Internet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-15]
CHR Extension: (Bookmark Manager) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-02]
CHR Extension: (Motorola Connect) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2015-01-02]
CHR Extension: (Reddit Anywhere) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldocbjabkdopnncieelmeokoigpnnilb [2015-01-02]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2015-01-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-02]
CHR Extension: (Facebook Notifications) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-06] (Electronic Arts)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-25] (@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 03:41 - 2015-03-27 03:42 - 00014637 _____ () C:\Users\Matt\Desktop\FRST.txt
2015-03-27 03:41 - 2015-03-27 03:41 - 00000000 ____D () C:\FRST
2015-03-27 03:40 - 2015-03-27 03:40 - 02095616 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2015-03-25 14:38 - 2015-03-25 14:38 - 00000000 ____D () C:\Users\Matt\AppData\Local\My Games
2015-03-25 14:37 - 2015-03-25 14:37 - 00000000 ____D () C:\ProgramData\ALI213
2015-03-25 14:36 - 2015-03-25 14:36 - 00001330 _____ () C:\Users\Matt\Desktop\Sid Meier's Civilization 5.lnk
2015-03-25 14:36 - 2015-03-25 14:36 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Sid Meier's Civilization 5
2015-03-25 14:36 - 2015-03-25 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-03-25 13:52 - 2015-03-25 14:22 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-03-15 18:07 - 2015-03-15 18:07 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-03-15 16:58 - 2013-11-14 19:50 - 00000301 _____ () C:\Users\Matt\Desktop\MyScript.vbs
2015-03-15 16:38 - 2015-03-15 20:41 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Audacity
2015-03-15 16:38 - 2015-03-15 16:38 - 00001035 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-15 16:38 - 2015-03-15 16:38 - 00001023 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-03-15 16:38 - 2015-03-15 16:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-03-10 23:12 - 2015-03-27 01:36 - 00004948 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATT-PC-Matt Matt-PC
2015-03-10 15:08 - 2015-01-23 00:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-10 15:08 - 2015-01-22 22:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-10 15:07 - 2015-02-19 20:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 15:07 - 2015-02-19 19:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 15:07 - 2015-02-19 19:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 15:07 - 2015-02-19 19:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 15:07 - 2015-02-07 16:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-10 15:07 - 2015-02-07 16:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-10 15:07 - 2015-02-06 16:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-10 15:07 - 2015-02-03 16:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 15:07 - 2015-02-03 16:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 15:07 - 2015-02-03 16:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 15:07 - 2015-02-02 16:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 15:07 - 2015-02-02 16:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 15:07 - 2015-01-28 18:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-10 15:07 - 2015-01-28 18:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-10 15:07 - 2015-01-27 16:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-10 15:07 - 2015-01-27 16:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-10 15:07 - 2015-01-26 20:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-10 15:07 - 2015-01-23 18:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-10 15:07 - 2014-10-28 19:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-10 15:07 - 2014-10-28 19:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-10 15:07 - 2014-10-28 19:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-10 15:07 - 2014-10-28 19:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-10 15:07 - 2014-10-28 19:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-10 15:07 - 2014-10-28 19:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-10 15:06 - 2015-03-05 19:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 15:06 - 2015-03-05 19:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 15:06 - 2015-02-25 16:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 15:06 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 15:06 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 15:06 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 15:06 - 2015-02-20 17:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 15:06 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 15:06 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 15:06 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 15:06 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 15:06 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 15:06 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 15:06 - 2015-02-19 19:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 15:06 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 15:06 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 15:06 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 15:06 - 2015-02-19 19:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 15:06 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 15:06 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 15:06 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 15:06 - 2015-02-19 18:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 15:06 - 2015-02-19 18:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 15:06 - 2015-02-19 18:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 15:06 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 15:06 - 2015-02-19 18:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 15:06 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 15:06 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 15:06 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 15:06 - 2015-02-19 18:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 15:06 - 2015-02-19 18:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 15:06 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 15:06 - 2015-02-19 18:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 15:06 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 15:06 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 15:06 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 15:06 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 15:06 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 15:06 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 15:06 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 15:06 - 2015-02-12 10:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 15:06 - 2015-02-12 10:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 15:06 - 2015-02-05 18:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-10 15:06 - 2015-02-05 18:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-10 15:06 - 2015-02-05 13:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-10 15:06 - 2015-02-02 17:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-10 15:06 - 2015-02-02 17:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-10 15:06 - 2015-01-30 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-10 15:06 - 2015-01-30 16:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-10 15:06 - 2015-01-30 16:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 15:06 - 2015-01-29 20:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 15:06 - 2015-01-29 20:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-10 15:06 - 2015-01-29 19:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-10 15:06 - 2015-01-29 19:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-10 15:06 - 2015-01-29 19:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-10 15:06 - 2015-01-29 18:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-10 15:06 - 2015-01-29 18:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-10 15:06 - 2015-01-29 18:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-10 15:06 - 2015-01-29 18:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-10 15:06 - 2015-01-29 18:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-10 15:06 - 2015-01-29 18:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-10 15:06 - 2015-01-29 18:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-10 15:06 - 2015-01-29 18:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-10 15:06 - 2015-01-29 18:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-10 15:06 - 2015-01-29 18:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-10 15:06 - 2015-01-29 11:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 15:06 - 2015-01-29 11:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 15:06 - 2015-01-28 18:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 15:06 - 2015-01-28 18:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-10 15:06 - 2015-01-28 18:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-10 15:06 - 2015-01-28 18:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 15:06 - 2015-01-28 17:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-10 15:06 - 2015-01-28 17:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-10 15:06 - 2015-01-28 17:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-10 15:06 - 2015-01-28 17:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-10 15:06 - 2015-01-28 08:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 15:06 - 2015-01-28 08:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 15:06 - 2015-01-28 08:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 15:06 - 2015-01-27 19:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-10 15:06 - 2015-01-27 18:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-10 15:06 - 2015-01-27 18:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 15:06 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 15:06 - 2015-01-26 21:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 15:06 - 2015-01-26 19:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 15:06 - 2015-01-20 22:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 15:06 - 2015-01-20 22:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 15:06 - 2014-12-10 22:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-10 15:06 - 2014-10-28 20:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-10 15:06 - 2014-10-28 19:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-10 15:06 - 2014-10-28 19:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-10 15:06 - 2014-10-28 19:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-10 15:06 - 2014-10-28 19:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-10 15:06 - 2014-10-28 19:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-10 15:06 - 2014-10-28 19:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-10 15:06 - 2014-10-28 19:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-10 15:06 - 2014-10-28 19:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-10 15:06 - 2014-10-28 19:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-10 15:06 - 2014-10-28 19:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-10 15:06 - 2014-10-28 18:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-10 15:06 - 2014-10-28 18:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-10 15:06 - 2014-10-28 18:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-10 15:06 - 2014-10-28 18:48 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2015-03-10 15:06 - 2014-10-28 18:45 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2015-03-10 15:06 - 2014-10-28 18:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-10 15:06 - 2014-10-28 18:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-10 15:06 - 2014-10-28 18:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-10 15:06 - 2014-10-28 18:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-10 15:06 - 2014-10-28 18:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-10 15:06 - 2014-10-28 18:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-10 15:06 - 2014-10-28 18:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-10 15:06 - 2014-10-28 17:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-10 15:06 - 2014-10-28 17:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-10 15:06 - 2014-10-28 17:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-10 15:06 - 2014-10-28 17:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-10 15:06 - 2014-10-28 17:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-10 15:06 - 2014-10-28 17:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-09 17:41 - 2015-03-09 17:41 - 451162630 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-09 17:41 - 2015-03-09 17:41 - 00524768 _____ () C:\WINDOWS\Minidump\030915-20812-01.dmp
2015-03-09 17:41 - 2015-03-09 17:41 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-04 12:42 - 2015-03-04 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-04 12:42 - 2015-03-04 12:42 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-03-04 12:41 - 2015-03-05 12:48 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-04 12:41 - 2014-11-27 02:17 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMIBE.DLL
2015-03-04 12:41 - 2014-11-27 02:17 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMIBA.DLL
2015-03-04 12:41 - 2014-11-27 02:17 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BIBE.DLL
2015-03-04 12:41 - 2014-11-27 02:17 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BIBA.DLL
2015-03-04 12:41 - 2014-11-27 02:17 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2015-02-26 22:08 - 2015-02-26 22:36 - 00000000 ____D () C:\Users\Matt\Desktop\[R.G. Mechanics] Civilization 5 GOTY
2015-02-26 16:13 - 2015-02-26 16:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-02-25 04:43 - 2014-12-13 14:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 04:43 - 2014-12-13 14:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 04:43 - 2014-10-28 18:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 04:43 - 2014-10-28 18:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 04:43 - 2014-10-28 18:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 04:43 - 2014-10-28 18:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 03:40 - 2015-01-02 20:35 - 01275360 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-27 03:23 - 2015-01-16 12:18 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 03:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-26 20:20 - 2015-01-02 21:15 - 00000000 __RDO () C:\Users\Matt\OneDrive
2015-03-26 20:10 - 2015-01-02 21:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3596638994-3219081638-1821768126-1001
2015-03-26 20:10 - 2014-03-18 03:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-26 20:05 - 2015-01-16 12:18 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 20:05 - 2013-08-22 07:46 - 00034576 _____ () C:\WINDOWS\setupact.log
2015-03-26 20:05 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 19:33 - 2015-01-15 13:03 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\uTorrent
2015-03-25 14:36 - 2015-02-14 17:48 - 00000000 ____D () C:\Users\Matt\Documents\my games
2015-03-21 19:35 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-19 15:42 - 2015-01-02 21:12 - 00000000 ____D () C:\Users\Matt\AppData\Local\Packages
2015-03-19 14:14 - 2015-01-02 21:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-15 16:42 - 2015-01-08 15:57 - 00000000 ____D () C:\Users\Matt\Documents\College
2015-03-15 11:39 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-13 20:37 - 2015-01-15 16:13 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\SSH
2015-03-12 15:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 15:02 - 2013-08-22 07:44 - 00482528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-12 15:00 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-12 14:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 14:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 14:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-12 14:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-12 14:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 14:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 17:57 - 2015-01-15 12:24 - 00000000 ____D () C:\Users\Matt\Documents\NetBeansProjects
2015-03-11 14:32 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-11 12:44 - 2015-01-16 11:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 12:44 - 2015-01-08 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 12:44 - 2013-08-22 08:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 12:33 - 2015-01-06 00:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 12:33 - 2013-08-22 06:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-11 12:30 - 2015-01-06 00:03 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-09 19:46 - 2015-01-02 21:12 - 00000000 ____D () C:\Users\Matt
2015-03-09 17:45 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-05 18:41 - 2015-01-15 15:44 - 00000000 ____D () C:\Users\Matt\.grasp_settings
2015-03-04 14:24 - 2015-01-06 22:03 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 14:24 - 2015-01-06 22:03 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 06:17 - 2015-01-05 00:51 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-27 03:21 - 2015-01-02 21:25 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F4A6BC41-7AA5-443E-81C5-68F325F76D7F}
 
Some content of TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\2035842588d00.exe
C:\Users\Matt\AppData\Local\Temp\44b99A.exe
C:\Users\Matt\AppData\Local\Temp\537122cCf1.exe
C:\Users\Matt\AppData\Local\Temp\7e267A.exe
C:\Users\Matt\AppData\Local\Temp\IZArcSetup.exe
C:\Users\Matt\AppData\Local\Temp\ose00000.exe
C:\Users\Matt\AppData\Local\Temp\pidgenx.dll
C:\Users\Matt\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Matt\AppData\Local\Temp\System.Data.SQLiteea9b8183-160f-4cdc-86df-ab019afe6587.dll
C:\Users\Matt\AppData\Local\Temp\utt18C8.tmp.exe
C:\Users\Matt\AppData\Local\Temp\uttD17F.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 12:58
 
==================== End Of Log ============================
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Matt at 2015-03-27 03:42:22
Running from C:\Users\Matt\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
jGRASP (HKLM-x32\...\jGRASP) (Version: 2.0.1_01 - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
QtSpim (HKLM-x32\...\{D27DF00B-88A1-48ED-9343-15427D005C7B}) (Version: 9.1.12 - LarusStone)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3596638994-3219081638-1821768126-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
04-03-2015 17:33:30 Windows Update
10-03-2015 13:18:55 Windows Update
23-03-2015 03:58:27 Scheduled Checkpoint
25-03-2015 14:35:59 Installed DirectX
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {19360177-13C7-43B1-B758-E69BFA103186} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3FFEB845-2C1F-4CFD-BBF9-E506998FBB82} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5B0360C4-E50A-4763-A89E-4056375E3738} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5D49909F-0048-438E-9F72-3C6B504B2480} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {722B4A5C-1B27-4795-8B20-B4C7D55E6E41} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {97329232-C17B-4ADA-A880-BDCBC713A75B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MATT-PC-Matt Matt-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {AAC6BB15-087E-41C0-A27A-E2E7674CA685} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {BC8E4AC5-F909-449D-A87F-514F93D4B041} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FBCE469E-17C2-48CC-8527-3B25A53D4627} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-25] (@ByELDI)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-21 16:01 - 2015-01-21 16:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-21 16:01 - 2015-01-21 16:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-16 12:18 - 2015-01-08 17:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 12:18 - 2015-01-08 17:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 12:18 - 2015-01-08 17:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 12:18 - 2015-01-08 17:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-16 12:18 - 2015-01-08 17:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Matt\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\Pictures\long-way-down.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "winn"
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\StartupApproved\StartupFolder: => "KMSpico v9.2.3 Final.lnk"
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\StartupApproved\StartupFolder: => "Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US &#9829; 007 &#9829; [CTRG] Torrent - KickassTorrents.lnk"
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63"
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3596638994-3219081638-1821768126-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3596638994-3219081638-1821768126-500 - Administrator - Disabled)
Guest (S-1-5-21-3596638994-3219081638-1821768126-501 - Limited - Disabled)
Matt (S-1-5-21-3596638994-3219081638-1821768126-1001 - Administrator - Enabled) => C:\Users\Matt
UpdatusUser (S-1-5-21-3596638994-3219081638-1821768126-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2015 11:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoPico.exe, version: 13.0.0.6, time stamp: 0x544c78bd
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xe0434352
Fault offset: 0x000000000000606c
Faulting process id: 0x8ac
Faulting application start time: 0xAutoPico.exe0
Faulting application path: AutoPico.exe1
Faulting module path: AutoPico.exe2
Report Id: AutoPico.exe3
Faulting package full name: AutoPico.exe4
Faulting package-relative application ID: AutoPico.exe5
 
Error: (03/22/2015 11:59:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoPico.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
   at System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding)
   at AutoPico.Logging.FileLogger.ᜀ(System.String ByRef)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (03/13/2015 08:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SshClient.exe, version: 3.2.9.0, time stamp: 0x3f83b454
Faulting module name: SshClient.exe, version: 3.2.9.0, time stamp: 0x3f83b454
Exception code: 0xc0000005
Fault offset: 0x000570fd
Faulting process id: 0x12e4
Faulting application start time: 0xSshClient.exe0
Faulting application path: SshClient.exe1
Faulting module path: SshClient.exe2
Report Id: SshClient.exe3
Faulting package full name: SshClient.exe4
Faulting package-relative application ID: SshClient.exe5
 
Error: (03/12/2015 03:02:22 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (03/12/2015 03:02:22 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (03/26/2015 08:05:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/26/2015 08:05:06 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (03/26/2015 08:05:06 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/26/2015 08:04:58 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/26/2015 08:04:17 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/26/2015 08:04:14 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/26/2015 08:04:14 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/26/2015 08:04:14 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/26/2015 08:04:14 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/26/2015 08:04:14 PM) (Source: DCOM) (EventID: 10005) (User: MATT-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office Sessions:
=========================
Error: (03/22/2015 11:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoPico.exe13.0.0.6544c78bdKERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c8ac01d06536d74985b4C:\Program Files\KMSpico\AutoPico.exeC:\WINDOWS\system32\KERNELBASE.dll16b14e41-d12a-11e4-8284-2016d83526c0
 
Error: (03/22/2015 11:59:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoPico.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
   at System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding)
   at AutoPico.Logging.FileLogger.ᜀ(System.String ByRef)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (03/13/2015 08:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SshClient.exe3.2.9.03f83b454SshClient.exe3.2.9.03f83b454c0000005000570fd12e401d05e0811ff2ad3C:\Program Files (x86)\SSH Communications Security\SSH Secure Shell\SshClient.exeC:\Program Files (x86)\SSH Communications Security\SSH Secure Shell\SshClient.exe7fcc0615-c9fb-11e4-827e-2016d83526c0
 
Error: (03/12/2015 03:02:22 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (03/12/2015 03:02:22 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/subscription
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root
 
Error: (03/12/2015 03:00:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root/CIMV2
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-25 13:10:29.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-23 20:50:28.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-18 03:50:30.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 03:24:25.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-12 16:21:05.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 20:34:51.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-05 03:14:15.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-01 16:14:55.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-27 02:39:36.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-26 16:04:08.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8080.58 MB
Available physical RAM: 5680.65 MB
Total Pagefile: 16272.58 MB
Available Pagefile: 13582.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.29 GB) (Free:606.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34B2A236)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:54 PM

Posted 27 March 2015 - 03:48 PM

Hi,

 
warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.

If you wish to keep it, please do not use it until your computer is cleaned.


goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses: 
    File: "c:\windows\winn.exe"
    HKLM\...\Run: [winn] => c:\windows\winn.exe
    c:\windows\winn.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Hosts:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.
    URLSearchHook: [S-1-5-21-3596638994-3219081638-1821768126-1002] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/
    SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 WinnexeHurts

WinnexeHurts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 28 March 2015 - 12:49 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Matt at 2015-03-27 22:24:07 Run:1
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt & UpdatusUser (Available profiles: Matt & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses: 
File: "c:\windows\winn.exe"
HKLM\...\Run: [winn] => c:\windows\winn.exe
c:\windows\winn.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.
URLSearchHook: [S-1-5-21-3596638994-3219081638-1821768126-1002] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.
*****************
 
Processes closed successfully.
 
========================= File: "c:\windows\winn.exe" ========================
 
"c:\windows\winn.exe" not found.
====== End Of File: ======
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\winn => value deleted successfully.
"c:\windows\winn.exe" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Hosts was reset successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Error setting Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:24:08 ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/27/2015
Scan Time: 10:30:37 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.03.28.01
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matt
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388172
Time Elapsed: 16 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 WinnexeHurts

WinnexeHurts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 28 March 2015 - 02:49 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ab28b71250fe90418c41161e9b4d9e38
# engine=23124
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-28 07:46:32
# local_time=2015-03-28 12:46:32 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 4524784 0 0
# scanned=177859
# found=27
# cleaned=0
# scan_time=6488
sh=B587CD69863BC305DB18D5A2388F6528794B05D0 ft=1 fh=324ba5f6807a18ae vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\KMSpico\KMSpico_setup.exe"
sh=908C676F406C09A7ADDBCBA0E7362AAC9DC370EA ft=1 fh=65ccea1a11b98144 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Program Files\KMSpico\AutoPico.exe"
sh=E67416783053BF96EFCCE6BC71E818135BE6733B ft=1 fh=e46d751a5893e89c vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Program Files\KMSpico\KMSELDI.exe"
sh=EA55FFD3D467F08F4038940DD70A69A37B78E5BE ft=1 fh=55ab4f1244050699 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Program Files\KMSpico\Service_KMS.exe"
sh=7B8FA2B4B0E1AED70DE2008BC6CAA3B66A7DF13F ft=1 fh=fa0c8154e828e812 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\ProgramData\{9f5c67b0-643f-0042-9f5c-c67b06439ec1}\Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US &#9829; 007 &#9829; [CTRG] Torrent - KickassTorrents.exe"
sh=7B8FA2B4B0E1AED70DE2008BC6CAA3B66A7DF13F ft=1 fh=fa0c8154e828e812 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\Users\All Users\{9f5c67b0-643f-0042-9f5c-c67b06439ec1}\Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US &#9829; 007 &#9829; [CTRG] Torrent - KickassTorrents.exe"
sh=518C2EB63630BA51097E7038156A14DB737B92C0 ft=1 fh=01f77a4940f0fd61 vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\2035842588d00.exe"
sh=518C2EB63630BA51097E7038156A14DB737B92C0 ft=1 fh=01f77a4940f0fd61 vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\44b99A.exe"
sh=518C2EB63630BA51097E7038156A14DB737B92C0 ft=1 fh=01f77a4940f0fd61 vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\537122cCf1.exe"
sh=518C2EB63630BA51097E7038156A14DB737B92C0 ft=1 fh=01f77a4940f0fd61 vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\7e267A.exe"
sh=CE43AAEFE5B9BCF0F473564AD1166917DE5302F4 ft=1 fh=a75bd147ccbd3f31 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\IZArcSetup.exe"
sh=99B6318480B7AD8A6D7F972D6060012E74A98E56 ft=1 fh=e50e7000a5e337ed vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\utt18C8.tmp.exe"
sh=99B6318480B7AD8A6D7F972D6060012E74A98E56 ft=1 fh=e50e7000a5e337ed vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\uttD17F.tmp.exe"
sh=0EB4DD962A8FC0CF44B787B12B1055EF3C616A8F ft=1 fh=c71c0011082d4402 vn="a variant of Win32/Adware.MultiPlug.DX application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\DcC4127\temp\putfu.xyz"
sh=7B8FA2B4B0E1AED70DE2008BC6CAA3B66A7DF13F ft=1 fh=fa0c8154e828e812 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\e75a67E30A45\temp\Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US &#9829; 007 &#9829; [CTRG] Torrent - KickassTorrents.exe"
sh=0EB4DD962A8FC0CF44B787B12B1055EF3C616A8F ft=1 fh=c71c0011082d4402 vn="a variant of Win32/Adware.MultiPlug.DX application" ac=I fn="C:\Users\Matt\AppData\Local\Temp\e75a67E30A45\temp\putfu.xyz"
sh=59149D6354E20CBC8ED714A50369A0FBB254A5EE ft=1 fh=a00d6374346d750a vn="a variant of Win32/InstallCore.UF potentially unwanted application" ac=I fn="C:\Users\Matt\Desktop\microsoft-office-2010.exe"
sh=1C8C4B750B79064104F0901004E858E0A8BF26F5 ft=1 fh=4452116be591b062 vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Users\Matt\Documents\MICROSOFT OFFICE 2010 CRACK\IZArcInstall.exe"
sh=4317C067AAAD080DA9056C9788404E26FC979C0B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Matt\Documents\MICROSOFT OFFICE 2010 CRACK\MICROSOFT OFFICE 2010 CRACK.rar"
sh=EB272F23897110E7B2F856A257FF44C56D69168E ft=1 fh=b85c32e844bdf147 vn="Win32/TrojanClicker.VB.OBC trojan" ac=I fn="C:\Users\Matt\Documents\MICROSOFT OFFICE 2010 CRACK\MICROSOFT OFFICE 2010 CRACK\unistall.exe"
sh=2F6FD8CE7A0EE145B01C140DC22042D070E1E5A4 ft=1 fh=886fac54be770d5d vn="a variant of Win32/InstallCore.VW potentially unwanted application" ac=I fn="C:\Users\Matt\Documents\Roms\CR_Downloader_for_crash-bandicoot.exe"
sh=94C4F383C4AF4A977C420AAC9916AA00437A1818 ft=1 fh=886fac54a780f207 vn="a variant of Win32/InstallCore.VW potentially unwanted application" ac=I fn="C:\Users\Matt\Documents\Roms\CR_Downloader_for_digimon-world.exe"
sh=368B120E81FDA5D84FC2057572F85AC256E8522F ft=1 fh=886fac54c90b3464 vn="a variant of Win32/InstallCore.VW potentially unwanted application" ac=I fn="C:\Users\Matt\Documents\Roms\CR_Downloader_for_mega-man-x4.exe"
sh=518C2EB63630BA51097E7038156A14DB737B92C0 ft=1 fh=01f77a4940f0fd61 vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\Users\Matt\Downloads\Downloader_for_Crash Bandicoot.exe"
sh=7B8FA2B4B0E1AED70DE2008BC6CAA3B66A7DF13F ft=1 fh=fa0c8154e828e812 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\Users\Matt\Downloads\Microsoft Office 2013 Professional Plus x86 x64 With Microsoft Visio EN-US &#9829; 007 &#9829; [CTRG] Torrent - KickassTorrents.exe"
sh=6EF8310627537B1D24409574BC3C398CD97C474C ft=1 fh=8f545065e84edd76 vn="Win64/HackKMS.D potentially unsafe application" ac=I fn="C:\Windows\SECOH-QAD.dll"
sh=66C72019EAFA41BBF3E708CC3824C7C4447BDAB6 ft=1 fh=0a46a8abafa4da1b vn="Win64/HackKMS.C potentially unsafe application" ac=I fn="C:\Windows\SECOH-QAD.exe"


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:54 PM

Posted 28 March 2015 - 04:42 AM

No active malware hast been found.

Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 WinnexeHurts

WinnexeHurts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 28 March 2015 - 04:49 PM

Thats not really feasible for me to do. But thank you for your help. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users