Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop up ad virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 dorr4x4

dorr4x4

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 01 April 2015 - 01:42 PM

Need help removing. Have underlined text with green box and arrow that popup ads come out of.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MikeMaureen (administrator) on MIKEMAUREEN-PC on 01-04-2015 14:25:06
Running from C:\Users\MikeMaureen\Downloads
Loaded Profiles: MikeMaureen (Available profiles: MikeMaureen)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(Spotify Ltd) C:\Users\MikeMaureen\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\MikeMaureen\AppData\Roaming\Spotify\Spotify.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Spotify Ltd) C:\Users\MikeMaureen\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\MikeMaureen\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\MikeMaureen\AppData\Roaming\Spotify\Spotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2648125591-3791926558-3705767269-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2648125591-3791926558-3705767269-1000\...\Run: [Spotify Web Helper] => C:\Users\MikeMaureen\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-25] (Spotify Ltd)
HKU\S-1-5-21-2648125591-3791926558-3705767269-1000\...\Run: [Spotify] => C:\Users\MikeMaureen\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-25] (Spotify Ltd)
HKU\S-1-5-21-2648125591-3791926558-3705767269-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2648125591-3791926558-3705767269-1000] => Internet Explorer proxy is enabled.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-14] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 10.0.0.2

FireFox:
========
FF ProfilePath: C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658
FF DefaultSearchEngine.US: Google Default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2648125591-3791926558-3705767269-1000: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\MikeMaureen\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF SearchPlugin: C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658\searchplugins\google-default.xml [2015-03-31]
FF Extension: Test Pilot - C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658\Extensions\testpilot@labs.mozilla.com.xpi [2015-03-31]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1abc5dfe9f40e18244d596e53c84ad79 [2015-03-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 14:25 - 2015-04-01 14:25 - 00010949 _____ () C:\Users\MikeMaureen\Downloads\FRST.txt
2015-04-01 14:24 - 2015-04-01 14:25 - 00000000 ____D () C:\FRST
2015-04-01 14:24 - 2015-04-01 14:24 - 02095616 _____ (Farbar) C:\Users\MikeMaureen\Downloads\FRST64.exe
2015-04-01 13:51 - 2015-04-01 13:52 - 00000000 ____D () C:\AdwCleaner
2015-04-01 13:50 - 2015-04-01 13:50 - 02208768 _____ () C:\Users\MikeMaureen\Downloads\adwcleaner_4.200.exe
2015-04-01 13:41 - 2015-04-01 13:41 - 00001280 _____ () C:\Windows\system32\.crusader
2015-04-01 13:32 - 2015-04-01 13:43 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-04-01 13:31 - 2015-04-01 13:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-01 13:29 - 2015-04-01 13:31 - 11028616 _____ (SurfRight B.V.) C:\Users\MikeMaureen\Downloads\HitmanPro_x64.exe
2015-04-01 13:08 - 2015-04-01 14:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 13:06 - 2015-04-01 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-01 13:06 - 2015-04-01 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 13:06 - 2015-04-01 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-01 13:06 - 2015-03-17 06:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 13:06 - 2015-03-17 06:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 13:06 - 2015-03-17 06:24 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 13:02 - 2015-04-01 13:03 - 21540904 _____ (Malwarebytes Corporation ) C:\Users\MikeMaureen\Downloads\mbam-setup.exe
2015-04-01 12:41 - 2015-04-01 12:49 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player
2015-04-01 12:41 - 2015-04-01 12:41 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\DISH Anywhere
2015-04-01 12:37 - 2015-04-01 12:39 - 42642520 _____ (DISH Anywhere) C:\Users\MikeMaureen\Downloads\DISH_Anywhere_Video_Player_Installer_2.24.2.exe
2015-03-31 16:07 - 2015-03-31 16:07 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-31 16:06 - 2015-03-31 16:07 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Deployment
2015-03-31 16:06 - 2015-03-31 16:06 - 00417064 _____ () C:\Users\MikeMaureen\Downloads\DellSystemDetectLauncher.exe
2015-03-31 16:06 - 2015-03-31 16:06 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Apps\2.0
2015-03-31 15:39 - 2015-03-31 15:39 - 00000000 ____D () C:\Users\MikeMaureen\Desktop\Old Firefox Data
2015-03-31 15:26 - 2015-03-31 15:26 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\SUPERAntiSpyware.com
2015-03-31 15:25 - 2015-04-01 13:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-31 15:25 - 2015-03-31 15:25 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-03-31 15:25 - 2015-03-31 15:25 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-31 15:25 - 2015-03-31 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-31 15:23 - 2015-03-31 15:25 - 21552672 _____ (SUPERAntiSpyware) C:\Users\MikeMaureen\Downloads\SUPERAntiSpyware.exe
2015-03-31 15:19 - 2015-03-31 15:19 - 00003296 _____ () C:\Windows\System32\Tasks\Softcomp Software Schedualer
2015-03-31 14:29 - 2015-03-31 14:30 - 149401600 _____ () C:\Users\Public\EMIEarthMovers,Inc (Backup Mar 31,2015  02 28 PM).QBB
2015-03-31 14:18 - 2015-03-31 14:18 - 00000000 __SHD () C:\Users\MikeMaureen\AppData\Local\EmieUserList
2015-03-31 14:18 - 2015-03-31 14:18 - 00000000 __SHD () C:\Users\MikeMaureen\AppData\Local\EmieSiteList
2015-03-31 14:18 - 2015-03-31 14:18 - 00000000 __SHD () C:\Users\MikeMaureen\AppData\Local\EmieBrowserModeList
2015-03-31 14:11 - 2015-03-31 14:11 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2015-03-30 14:52 - 2015-03-30 14:27 - 10724302 _____ (The qBittorrent project) C:\Users\Public\Documents\qbittorrent_3.1.12_setup.exe
2015-03-30 14:50 - 2015-03-30 14:38 - 173721600 _____ () C:\Users\Public\Documents\Windows 7 64-bit Repair Disc.iso
2015-03-30 14:38 - 2015-03-30 14:38 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2015-03-30 14:28 - 2015-03-30 14:30 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\qBittorrent
2015-03-30 14:28 - 2015-03-30 14:28 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\qBittorrent
2015-03-30 14:28 - 2015-03-30 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-03-30 14:28 - 2015-03-30 14:28 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2015-03-30 14:27 - 2015-03-30 14:27 - 10724302 _____ (The qBittorrent project) C:\Users\MikeMaureen\Downloads\qbittorrent_3.1.12_setup.exe
2015-03-30 13:55 - 2015-04-01 13:17 - 00000000 ____D () C:\Program Files (x86)\Softcomp Software
2015-03-30 13:55 - 2015-03-30 13:55 - 00000000 _____ () C:\Users\MikeMaureen\AppData\Roaming\10A3.tmp
2015-03-30 13:54 - 2015-03-30 14:11 - 00003280 _____ () C:\Windows\System32\Tasks\Great Performance Ultimate
2015-03-29 12:00 - 2015-03-05 10:25 - 93224960 _____ () C:\Users\Public\mosstube (Backup Mar 05,2015  09 18 AM).QBB
2015-03-29 12:00 - 2014-09-12 06:34 - 15919416 _____ () C:\Users\Public\Maurmik61.QDF
2015-03-29 11:59 - 2015-03-26 07:41 - 149262336 _____ () C:\Users\Public\EMIEarthMovers,Inc (Backup Mar 26,2015  07 38 AM).QBB
2015-03-29 11:59 - 2004-05-20 22:21 - 00289368 _____ () C:\Users\Public\EMS Logo.bmp
2015-03-29 11:58 - 2015-03-29 11:58 - 00000000 ____D () C:\Users\Public\VEN DPW
2015-03-29 11:58 - 2015-03-23 10:49 - 00026112 _____ () C:\Users\Public\Document Scrap 'EMI Earth Movers...'.shs
2015-03-29 11:57 - 2015-03-29 11:58 - 00000000 ____D () C:\Users\Public\My Scans
2015-03-29 11:53 - 2015-03-29 11:53 - 00000000 ___SD () C:\Users\Public\My Data Sources
2015-03-29 11:53 - 2015-03-29 11:53 - 00000000 ____D () C:\Users\Public\My Books
2015-03-29 10:44 - 2015-03-29 10:44 - 00000000 ____D () C:\Users\Public\mikesoldoffice
2015-03-29 10:43 - 2015-03-30 14:47 - 00167936 ___SH () C:\Users\Public\Downloads\Thumbs.db
2015-03-29 10:43 - 2014-11-22 17:10 - 00044032 _____ () C:\Users\Public\Downloads\Kiwanis Holiday Fruit Gifts 11-10-14.xls
2015-03-29 10:43 - 2014-11-22 08:33 - 00017610 _____ () C:\Users\Public\Downloads\Kiwanis Holiday Fruit Gifts 11-10-14.xlsx
2015-03-29 10:43 - 2014-09-12 06:34 - 15919416 _____ () C:\Users\Public\Downloads\Maurmik61.QDF
2015-03-29 10:43 - 2014-06-25 06:28 - 00044032 _____ () C:\Users\Public\Downloads\Payment Requisition 7.xls
2015-03-29 10:43 - 2014-04-10 11:00 - 00126112 _____ (Spotify Ltd) C:\Users\Public\Downloads\SpotifySetup.exe
2015-03-29 10:43 - 2014-03-26 06:27 - 00044032 _____ () C:\Users\Public\Downloads\Payment Requisition 6.xls
2015-03-29 10:43 - 2014-02-12 06:40 - 00043008 _____ () C:\Users\Public\Downloads\Payment Requisition 5.xls
2015-03-29 10:43 - 2014-02-10 12:37 - 00009728 _____ () C:\Users\Public\Downloads\Cost_Breakdown_Worksheet HD West Island.xls
2015-03-29 10:43 - 2014-02-10 12:33 - 00010240 _____ () C:\Users\Public\Downloads\Cost_Breakdown_Worksheet.xls
2015-03-29 10:43 - 2014-02-10 12:05 - 00014602 _____ () C:\Users\Public\Downloads\Cost Breakdown Worksheet.xlsx
2015-03-29 10:43 - 2014-01-29 11:44 - 01069728 _____ (Solid State Networks) C:\Users\Public\Downloads\AdobeFlashPlayerActiveXSetup.exe
2015-03-29 10:43 - 2014-01-29 11:32 - 16617352 _____ (Bitberry Software ) C:\Users\Public\Downloads\FreeFileViewerSetup.exe
2015-03-29 10:43 - 2014-01-29 10:42 - 09993656 _____ (CoreDataTree Technology Pvt Ltd ) C:\Users\Public\Downloads\setup-eml-viewer.exe
2015-03-29 10:43 - 2014-01-29 10:30 - 00008100 _____ () C:\Users\Public\Downloads\Homedepotbidpack.mht.txt
2015-03-29 10:43 - 2014-01-29 07:57 - 02267328 _____ () C:\Users\Public\Downloads\6-bottle-download.zip
2015-03-29 10:43 - 2014-01-28 11:14 - 00043008 _____ () C:\Users\Public\Downloads\Payment Requisition 4.xls
2015-03-29 10:43 - 2014-01-28 08:06 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Public\Downloads\tdsskiller.exe
2015-03-29 10:43 - 2014-01-23 11:58 - 09452704 _____ (SurfRight B.V.) C:\Users\Public\Downloads\HitmanPro.exe
2015-03-29 10:43 - 2014-01-23 10:26 - 29543040 _____ (SUPERAntiSpyware) C:\Users\Public\Downloads\SUPERAntiSpyware.exe
2015-03-29 10:43 - 2014-01-23 10:12 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Public\Downloads\mbam-setup.exe
2015-03-29 10:43 - 2014-01-14 06:48 - 00043008 _____ () C:\Users\Public\Downloads\Payment Requisition 3.xls
2015-03-29 10:43 - 2013-12-31 08:14 - 00043008 _____ () C:\Users\Public\Downloads\Payment Requisition 2.xls
2015-03-29 10:43 - 2013-12-06 09:51 - 00042496 _____ () C:\Users\Public\Downloads\Payment Requisition 1.xls
2015-03-29 10:43 - 2013-12-02 10:07 - 00014158 _____ () C:\Users\Public\Downloads\Cost Breakdown mcdonalds.xlsx
2015-03-29 10:43 - 2013-12-02 09:30 - 00040960 ____R () C:\Users\Public\Downloads\Payment Requisition.xls
2015-03-29 10:43 - 2013-11-28 08:35 - 77738888 _____ (Microsoft Corporation) C:\Users\Public\Downloads\ExcelViewer.exe
2015-03-29 10:43 - 2013-11-20 18:19 - 00158720 _____ () C:\Users\Public\Downloads\Sterns Bank Tundra-Skid Steer Loan.xls
2015-03-29 10:43 - 2013-11-19 19:32 - 98633040 _____ (Apple Inc.) C:\Users\Public\Downloads\iTunesSetup.exe
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\12-16-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\12-13-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\12-06-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\12-04-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\12-03-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\12-02-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\11-25-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\11-20-2013
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\02-27-2014
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\02-23-2014
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\02-21-2014
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\02-13-2014
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\01-28-2014
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\Users\Public\01-17-2014
2015-03-25 15:20 - 2015-04-01 14:09 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Spotify
2015-03-25 15:20 - 2015-03-25 15:20 - 00001849 _____ () C:\Users\MikeMaureen\Desktop\Spotify.lnk
2015-03-25 15:20 - 2015-03-25 15:20 - 00001835 _____ () C:\Users\MikeMaureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-25 15:17 - 2015-04-01 14:10 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Spotify
2015-03-25 15:16 - 2015-03-25 15:16 - 00155296 _____ (Spotify Ltd) C:\Users\MikeMaureen\Downloads\SpotifySetup.exe
2015-03-25 11:33 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 11:33 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 11:33 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 11:33 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 11:33 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 11:33 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 11:33 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 11:33 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 11:15 - 2015-03-23 11:15 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\OpenOffice
2015-03-23 11:03 - 2015-03-23 11:03 - 00000000 _____ () C:\Users\MikeMaureen\Sti_Trace.log
2015-03-23 10:59 - 2015-03-23 10:59 - 00000045 _____ () C:\Windows\WF-3540.ini
2015-03-23 10:59 - 2015-03-23 10:59 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Leadertech
2015-03-23 10:56 - 2015-03-23 10:56 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\ABBYY
2015-03-23 10:55 - 2015-03-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-03-23 10:52 - 2015-03-23 10:57 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2015-03-23 10:52 - 2015-03-23 10:52 - 00000000 ____D () C:\ProgramData\ABBYY
2015-03-23 10:47 - 2015-03-26 03:20 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Epson
2015-03-23 10:45 - 2015-03-23 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-03-23 10:44 - 2015-03-25 14:39 - 00000941 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-03-23 10:44 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2015-03-23 10:44 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2015-03-23 10:42 - 2015-03-25 14:38 - 00000000 ____D () C:\Program Files (x86)\EPSON
2015-03-23 10:42 - 2015-03-23 10:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-23 10:42 - 2015-03-23 10:47 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-03-23 10:42 - 2015-03-23 10:42 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-23 10:42 - 2015-03-23 10:42 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\InstallShield
2015-03-23 10:42 - 2015-03-23 10:42 - 00000000 ____D () C:\Program Files\EpsonNet
2015-03-23 10:42 - 2015-03-23 10:42 - 00000000 ____D () C:\Program Files\EPSON
2015-03-23 10:42 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2015-03-23 10:42 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2015-03-23 10:42 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2015-03-23 10:42 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2015-03-23 10:42 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2015-03-23 10:42 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2015-03-23 10:18 - 2015-03-23 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-03-23 09:22 - 2015-03-23 09:25 - 00000000 ____D () C:\Users\Public\Documents\EMI Backup
2015-03-22 14:59 - 2015-03-25 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-22 14:59 - 2015-03-25 14:31 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-22 14:59 - 2015-03-22 14:59 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-03-22 14:57 - 2012-09-27 11:02 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMJHE.DLL
2015-03-22 14:57 - 2012-09-27 11:02 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BJHE.DLL
2015-03-22 14:57 - 2012-09-27 11:02 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-03-22 13:10 - 2015-03-22 13:14 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Apple Computer
2015-03-22 13:10 - 2015-03-22 13:10 - 00001760 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-22 13:10 - 2015-03-22 13:10 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Apple Computer
2015-03-22 13:10 - 2015-03-22 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-22 13:10 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-03-22 13:08 - 2015-03-22 13:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-22 13:08 - 2015-03-22 13:10 - 00000000 ____D () C:\Program Files\iTunes
2015-03-22 13:08 - 2015-03-22 13:08 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-22 13:08 - 2015-03-22 13:08 - 00000000 ____D () C:\Program Files\iPod
2015-03-22 13:08 - 2015-03-22 13:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-22 13:06 - 2015-03-22 13:06 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-22 13:06 - 2015-03-22 13:06 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-22 13:06 - 2015-03-22 13:06 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Apple
2015-03-22 13:06 - 2015-03-22 13:06 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-22 13:05 - 2015-03-22 13:05 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-22 13:05 - 2015-03-22 13:05 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-22 13:04 - 2015-03-22 13:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-22 13:03 - 2015-03-22 13:06 - 00000000 ____D () C:\ProgramData\Apple
2015-03-22 12:43 - 2015-03-22 12:50 - 152428336 _____ (Apple Inc.) C:\Users\MikeMaureen\Downloads\itunes6464setup.exe
2015-03-22 11:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-03-22 11:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-03-22 11:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-03-22 11:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-03-22 11:26 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-03-22 11:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-03-22 11:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-03-22 11:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-03-22 11:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-03-22 11:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-03-22 05:35 - 2015-03-26 03:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-22 05:35 - 2015-03-26 03:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-22 05:07 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-22 05:07 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-22 03:15 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-22 03:15 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-03-22 03:04 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-22 03:04 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-03-22 03:04 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-22 03:04 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-22 03:04 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-03-22 03:04 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-03-22 03:03 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-03-22 03:03 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-21 20:54 - 2015-03-31 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 14:09 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-21 14:09 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-21 14:09 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-03-21 14:09 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-21 14:09 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-03-21 14:09 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-21 09:17 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-21 09:17 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-21 09:17 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-21 09:17 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-21 09:17 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-21 09:17 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-21 09:17 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-21 09:17 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-21 09:17 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-21 09:17 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-21 09:17 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-21 09:17 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-21 09:17 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-21 09:17 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-21 09:17 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-21 09:16 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-21 09:16 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-21 09:16 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-21 09:16 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-21 09:16 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-21 09:16 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-21 09:16 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-21 09:16 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-21 09:16 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-21 09:16 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-21 09:16 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-21 09:16 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-21 09:16 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-21 09:16 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-21 09:16 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-21 09:16 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-21 09:16 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-21 09:16 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-21 09:16 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-21 09:16 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-21 09:16 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-21 09:16 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-21 09:16 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-21 09:16 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-21 09:16 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-21 09:16 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-21 09:16 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-21 09:16 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-03-21 09:16 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-21 09:16 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-21 09:16 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-03-21 09:16 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-03-21 09:15 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-21 09:12 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-21 09:12 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-21 09:12 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-21 09:12 - 2014-10-13 22:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-21 09:12 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-21 09:12 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-03-21 09:11 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-21 09:11 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-21 09:11 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-21 09:11 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-21 09:11 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-21 09:11 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-21 09:11 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-21 09:11 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-21 09:11 - 2014-11-10 21:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-03-21 09:11 - 2014-08-21 02:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-21 09:11 - 2014-08-21 02:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-21 09:11 - 2014-08-21 02:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-03-21 09:11 - 2014-08-21 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-03-21 09:11 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-21 09:11 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-03-21 09:11 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-03-21 09:11 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-03-21 09:11 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-03-21 09:11 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-03-21 09:11 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-03-21 09:11 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-03-21 09:11 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-03-21 09:11 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-03-21 09:11 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-03-21 09:11 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-03-21 09:11 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-03-21 09:11 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-03-21 09:11 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-03-21 09:11 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-03-21 09:11 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-03-21 09:11 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-03-21 09:11 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-03-21 09:11 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-03-21 09:11 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-03-21 09:11 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-03-21 09:11 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-03-21 09:11 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-03-21 09:11 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-03-21 09:11 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-03-21 09:11 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-03-21 09:10 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-21 09:10 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-21 09:10 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-21 09:10 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-21 09:10 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-21 09:10 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-21 09:10 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-21 09:10 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-21 09:10 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-21 09:10 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-21 09:10 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-21 09:10 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-21 09:10 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-21 09:10 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-21 09:10 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-21 09:10 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-21 09:10 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-21 09:10 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-21 09:10 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-21 09:10 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-21 09:10 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-03-21 09:10 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-21 09:10 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-03-21 09:10 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-03-21 09:10 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-03-21 09:10 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-03-21 09:10 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-03-21 09:10 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-03-21 09:10 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-03-21 09:09 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-21 09:09 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-21 09:09 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-21 09:09 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-21 09:09 - 2014-11-07 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-21 09:09 - 2014-11-07 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-03-21 09:09 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-21 09:09 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-03-21 09:09 - 2014-10-24 21:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-21 09:09 - 2014-10-24 21:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-03-21 09:09 - 2014-10-02 22:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-21 09:09 - 2014-10-02 22:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-21 09:09 - 2014-10-02 22:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-21 09:09 - 2014-10-02 22:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-21 09:09 - 2014-10-02 22:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-21 09:09 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-03-21 09:09 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-03-21 09:09 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-03-21 09:09 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-03-21 09:09 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-03-21 09:09 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-21 09:09 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-03-21 09:08 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-21 09:08 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-21 09:08 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-21 09:08 - 2014-10-13 22:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-21 09:08 - 2014-10-13 21:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-03-21 09:08 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-21 09:08 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-21 09:08 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-21 09:08 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-03-21 09:08 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-21 09:08 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-21 09:08 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-21 09:08 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-03-21 09:08 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-03-21 09:08 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-21 09:08 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-03-21 09:08 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-03-21 09:08 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-03-21 09:08 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-03-21 09:08 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-03-21 09:08 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-03-21 09:08 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-03-21 09:08 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-03-21 09:08 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-03-21 09:08 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-03-21 09:08 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-03-21 09:08 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-03-21 09:08 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-03-21 09:05 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-21 09:05 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-21 09:05 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-03-21 09:05 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-03-21 09:04 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-21 09:04 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-21 09:04 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-21 09:04 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-21 09:04 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-21 09:04 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-21 09:04 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-21 09:04 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-21 09:04 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-21 09:04 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-21 09:04 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-21 09:04 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-21 09:04 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-21 09:04 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-21 09:04 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-21 09:04 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-21 09:04 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-21 09:04 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-21 09:04 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-21 09:04 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-21 09:04 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-21 09:04 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-21 09:04 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-21 09:04 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-21 09:04 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-21 09:04 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-21 09:04 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-21 09:04 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-21 09:04 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-21 09:04 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-21 09:04 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-21 09:04 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-21 09:04 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-21 09:04 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-21 09:04 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-21 09:04 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-21 09:04 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-21 09:04 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-21 09:04 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-21 09:04 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-21 09:04 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-21 09:04 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-21 09:04 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-21 09:04 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-21 09:04 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-21 09:04 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-21 09:04 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-21 09:04 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-21 09:04 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-21 09:04 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-21 09:04 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-21 09:04 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-21 09:04 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-21 09:04 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-21 09:04 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-21 09:04 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-21 09:01 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-21 09:01 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-21 09:01 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-03-21 09:01 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-03-21 08:37 - 2015-03-21 08:37 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Macromedia
2015-03-20 17:12 - 2015-03-31 15:07 - 00002246 ____H () C:\Users\MikeMaureen\Documents\Default.rdp
2015-03-20 16:21 - 2015-03-31 13:56 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-20 16:21 - 2015-03-31 13:56 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-20 16:21 - 2015-03-23 03:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-20 16:21 - 2015-03-20 16:21 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Mozilla
2015-03-20 16:21 - 2015-03-20 16:21 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Mozilla
2015-03-20 16:21 - 2015-03-20 16:21 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-20 16:16 - 2015-03-20 16:16 - 00000000 ____D () C:\Windows\SysWOW64\x64
2015-03-20 16:16 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2015-03-20 16:03 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-20 16:03 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-20 16:03 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-20 16:03 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-20 16:03 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-20 16:03 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-20 16:03 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-03-20 16:03 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-20 16:03 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-20 16:03 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-20 16:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-20 16:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-20 16:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-20 16:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-20 15:59 - 2015-03-31 13:56 - 00001366 _____ () C:\Users\MikeMaureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-20 15:59 - 2015-03-23 11:03 - 00000000 ____D () C:\Users\MikeMaureen
2015-03-20 15:59 - 2015-03-21 08:37 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\Adobe
2015-03-20 15:59 - 2015-03-20 16:07 - 00064024 _____ () C:\Users\MikeMaureen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-20 15:59 - 2015-03-20 15:59 - 00000000 __SHD () C:\Recovery
2015-03-20 15:59 - 2015-03-20 15:59 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Local\VirtualStore
2015-03-20 15:59 - 2014-03-14 12:20 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Canneverbe Limited
2015-03-20 15:59 - 2014-03-14 12:19 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Macromedia
2015-03-20 15:59 - 2014-03-14 12:19 - 00000000 ____D () C:\Users\MikeMaureen\AppData\Roaming\Adobe
2015-03-20 15:59 - 2010-11-20 22:50 - 00000020 ___SH () C:\Users\MikeMaureen\ntuser.ini
2015-03-20 15:59 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\MikeMaureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 15:59 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\MikeMaureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-17 17:10 - 2015-03-17 17:10 - 00000219 _____ () C:\model.bat
2015-03-17 17:10 - 2015-03-17 17:10 - 00000000 ___HD () C:\Tools
2015-03-17 16:33 - 2014-03-14 12:20 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Canneverbe Limited
2015-03-17 16:33 - 2014-03-14 12:20 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Canneverbe Limited
2015-03-17 16:33 - 2014-03-14 12:19 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-03-17 16:33 - 2014-03-14 12:19 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2015-03-17 16:33 - 2014-03-14 12:19 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-03-17 16:33 - 2014-03-14 12:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2015-03-17 16:33 - 2014-03-14 12:17 - 00058016 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-17 16:33 - 2014-03-14 12:17 - 00058016 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-17 16:32 - 2015-03-17 16:32 - 00000000 ____D () C:\Program Files (x86)\Analog Devices
2015-03-17 16:29 - 2015-04-01 13:57 - 01991246 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 16:29 - 2015-03-17 16:29 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 14:01 - 2009-07-14 01:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 14:01 - 2009-07-14 00:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 14:01 - 2009-07-14 00:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 13:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 13:54 - 2009-07-14 00:51 - 00038386 _____ () C:\Windows\setupact.log
2015-04-01 13:51 - 2014-03-14 12:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 13:43 - 2010-11-20 23:47 - 00011638 _____ () C:\Windows\PFRO.log
2015-04-01 13:18 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew
2015-03-29 18:27 - 2014-03-13 13:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-26 03:19 - 2009-07-14 00:45 - 00294496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-23 10:59 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-22 14:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 11:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-22 05:35 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-22 05:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-22 05:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-22 05:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-22 05:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-22 05:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-22 03:50 - 2014-03-13 14:52 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-22 03:35 - 2014-03-14 12:17 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-03-22 03:35 - 2014-03-14 12:17 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-22 03:33 - 2014-03-14 12:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-22 03:33 - 2014-03-14 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-03-21 08:37 - 2014-03-14 12:20 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-21 08:37 - 2014-03-14 12:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-21 08:37 - 2014-03-14 12:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-20 15:59 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\restore
2015-03-20 15:59 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-20 15:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-17 17:10 - 2009-07-14 01:38 - 00029696 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-03-17 17:10 - 2009-07-14 01:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2015-03-17 16:47 - 2014-03-13 16:08 - 00000000 ____D () C:\Windows\Panther
2015-03-17 16:47 - 2009-07-14 00:46 - 00004059 _____ () C:\Windows\DtcInstall.log
2015-03-17 16:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-03-17 16:33 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2015-03-17 16:32 - 2014-03-13 15:10 - 00003652 _____ () C:\Windows\TSSysprep.log
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-30 13:55 - 2015-03-30 13:55 - 0000000 _____ () C:\Users\MikeMaureen\AppData\Roaming\10A3.tmp
2015-03-31 14:13 - 2015-03-31 14:13 - 0009662 _____ () C:\Users\MikeMaureen\AppData\Roaming\em_64x64.ico

Some content of TEMP:
====================
C:\Users\MikeMaureen\AppData\Local\Temp\4CC8.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\5E26.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\D1B.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\D2B.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\FA95.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\GPUpd551AE3BA2.exe
C:\Users\MikeMaureen\AppData\Local\Temp\Quarantine.exe
C:\Users\MikeMaureen\AppData\Local\Temp\sqlite3.dll
C:\Users\MikeMaureen\AppData\Local\Temp\tasks.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 12:07

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 01 April 2015 - 01:49 PM

Hello dorr4x4 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 01 April 2015 - 03:41 PM

Hi dorr4x4,

 

C:\Users\Public\02-13-2014
C:\Users\Public\01-28-2014
C:\Users\Public\01-17-2014
C:\Users\Public\EMIEarthMovers,Inc (Backup Mar 31,2015  02 28 PM).QBB
C:\Users\Public\mosstube (Backup Mar 05,2015  09 18 AM).QBB
C:\Users\Public\Maurmik61.QDF
C:\Users\Public\Document Scrap 'EMI Earth Movers...'.shs
C:\Users\Public\mikesoldoffice
C:\Users\Public\Downloads\Maurmik61.QDF

Do you have any information about these files ?

-------------------------------------------------------------------------------------------------------------------------------

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:
Scan with Malwarebytes Antimalware:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 01 April 2015 - 08:51 PM

The files are ones that I brought over from an old computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.0 (03.31.2015:2)
OS: Windows 7 Professional x64
Ran by MikeMaureen on Wed 04/01/2015 at 21:31:32.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/01/2015 at 21:36:00.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 01 April 2015 - 08:56 PM

# AdwCleaner v4.200 - Logfile created 01/04/2015 at 21:53:36
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : MikeMaureen - MIKEMAUREEN-PC
# Running from : C:\Users\MikeMaureen\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1302 bytes] - [01/04/2015 13:51:11]
AdwCleaner[R1].txt - [897 bytes] - [01/04/2015 17:13:33]
AdwCleaner[R2].txt - [1013 bytes] - [01/04/2015 21:52:26]
AdwCleaner[S0].txt - [1350 bytes] - [01/04/2015 13:52:30]
AdwCleaner[S1].txt - [960 bytes] - [01/04/2015 17:15:02]
AdwCleaner[S2].txt - [940 bytes] - [01/04/2015 21:53:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [998  bytes] ##########
 



#6 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 02 April 2015 - 05:59 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/2/2015
Scan Time: 6:50:38 AM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.01.11
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MikeMaureen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348386
Time Elapsed: 7 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 02 April 2015 - 11:42 AM

Hi dorr4x4,
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   2.4KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

Please be sure to run our tools with administrator rights.

ComboFix run:

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 02 April 2015 - 12:44 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MikeMaureen at 2015-04-02 13:22:17 Run:1
Running from C:\Users\MikeMaureen\Downloads
Loaded Profiles: MikeMaureen (Available profiles: MikeMaureen)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Softcomp Software
Task: {0AF1D20E-25A4-44CF-BDA6-15DCDADE835E} - System32\Tasks\Softcomp Software Schedualer => C:\Program Files (x86)\Softcomp Software\swjob.exe [2015-03-30] (SecureSoft)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658
FF DefaultSearchEngine.US: Google Default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658\searchplugins\google-default.xml
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1abc5dfe9f40e18244d596e53c84ad79
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys
2015-04-01 13:32 - 2015-04-01 13:43 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-04-01 13:31 - 2015-04-01 13:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-01 13:29 - 2015-04-01 13:31 - 11028616 _____ (SurfRight B.V.) C:\Users\MikeMaureen\Downloads\HitmanPro_x64.exe
2015-03-31 15:19 - 2015-03-31 15:19 - 00003296 _____ () C:\Windows\System32\Tasks\Softcomp Software Schedualer
2015-03-29 10:43 - 2014-01-28 08:06 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Public\Downloads\tdsskiller.exe
2015-03-29 10:43 - 2014-01-23 11:58 - 09452704 _____ (SurfRight B.V.) C:\Users\Public\Downloads\HitmanPro.exe
2015-03-22 13:08 - 2015-03-22 13:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-29 10:43 - 2015-03-30 14:47 - 00167936 ___SH () C:\Users\Public\Downloads\Thumbs.db
C:\Users\MikeMaureen\AppData\Local\Temp\4CC8.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\5E26.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\D1B.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\D2B.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\FA95.tmp.exe
C:\Users\MikeMaureen\AppData\Local\Temp\GPUpd551AE3BA2.exe
C:\Users\MikeMaureen\AppData\Local\Temp\Quarantine.exe
C:\Users\MikeMaureen\AppData\Local\Temp\sqlite3.dll
C:\Users\MikeMaureen\AppData\Local\Temp\tasks.dll
end


*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Softcomp Software => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AF1D20E-25A4-44CF-BDA6-15DCDADE835E} => Key not found.
C:\Windows\System32\Tasks\Softcomp Software Schedualer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softcomp Software Schedualer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
FF ProfilePath: C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658 => Should not be moved.
Firefox DefaultSearchEngine.US deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"FF SearchPlugin: C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658\searchplugins\google-default.xml" => not found.
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1abc5dfe9f40e18244d596e53c84ad79 not found.
hitmanpro37 => Service deleted successfully.
C:\Windows\system32\Drivers\hitmanpro37.sys => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\Users\MikeMaureen\Downloads\HitmanPro_x64.exe => Moved successfully.
"C:\Windows\System32\Tasks\Softcomp Software Schedualer" => File/Directory not found.
C:\Users\Public\Downloads\tdsskiller.exe => Moved successfully.
C:\Users\Public\Downloads\HitmanPro.exe => Moved successfully.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => Moved successfully.
C:\Users\Public\Downloads\Thumbs.db => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\4CC8.tmp.exe => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\5E26.tmp.exe => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\D1B.tmp.exe => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\D2B.tmp.exe => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\FA95.tmp.exe => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\GPUpd551AE3BA2.exe => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\MikeMaureen\AppData\Local\Temp\tasks.dll => Moved successfully.


The system needed a reboot.

==== End of Fixlog 13:22:58 ====



#9 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 02 April 2015 - 01:05 PM

ComboFix 15-04-01.01 - MikeMaureen 04/02/2015  13:50:33.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3957.2748 [GMT -4:00]
Running from: c:\users\MikeMaureen\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MikeMaureen\AppData\Roaming\10A3.tmp
E:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-02 to 2015-04-02  )))))))))))))))))))))))))))))))
.
.
2015-04-02 17:55 . 2015-04-02 17:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-04-02 12:56 . 2015-03-14 10:02    12002392    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6673EE7-0143-4D94-BE84-46767CD36664}\mpengine.dll
2015-04-02 01:58 . 2015-04-02 17:29    136408    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-02 01:58 . 2015-04-02 01:58    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-02 01:58 . 2015-03-17 10:15    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-04-02 01:58 . 2015-03-17 10:15    107736    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-04-02 01:58 . 2015-03-17 10:15    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-04-02 01:31 . 2015-04-02 01:31    --------    d-----w-    C:\RegBackup
2015-04-01 18:24 . 2015-04-02 17:22    --------    d-----w-    C:\FRST
2015-04-01 17:51 . 2015-04-02 01:53    --------    d-----w-    C:\AdwCleaner
2015-04-01 17:06 . 2015-04-01 17:06    --------    d-----w-    c:\programdata\Malwarebytes
2015-04-01 12:17 . 2015-03-27 12:56    1187344    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{628AFB64-1E15-4106-9B40-8D1B0238AA84}\gapaengine.dll
2015-04-01 12:17 . 2015-03-14 10:02    12002392    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-31 19:25 . 2015-04-02 17:29    --------    d-----w-    c:\program files\SUPERAntiSpyware
2015-03-31 19:25 . 2015-03-31 19:25    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2015-03-31 18:11 . 2015-03-31 18:11    73728    ----a-w-    c:\windows\SysWow64\tasks.dll
2015-03-30 18:38 . 2015-03-30 18:38    --------    d-----w-    c:\programdata\Canneverbe Limited
2015-03-30 18:28 . 2015-03-30 18:28    --------    d-----w-    c:\program files (x86)\qBittorrent
2015-03-29 15:58 . 2015-03-29 15:58    --------    d-----w-    c:\users\Public\VEN DPW
2015-03-29 15:58 . 2015-03-29 15:58    --------    d-----r-    c:\users\Public\My Videos
2015-03-29 15:57 . 2015-03-29 15:58    --------    d-----w-    c:\users\Public\My Scans
2015-03-29 15:57 . 2015-03-29 15:57    --------    d-----r-    c:\users\Public\My Pictures
2015-03-29 15:53 . 2015-03-29 15:55    --------    d-----r-    c:\users\Public\My Music
2015-03-29 15:53 . 2015-03-29 15:53    --------    d-s---w-    c:\users\Public\My Data Sources
2015-03-29 15:53 . 2015-03-29 15:53    --------    d-----w-    c:\users\Public\My Books
2015-03-29 14:44 . 2015-03-29 14:44    --------    d-----w-    c:\users\Public\mikesoldoffice
2015-03-25 15:33 . 2015-03-11 04:05    30720    ----a-w-    c:\windows\system32\acmigration.dll
2015-03-25 15:33 . 2015-03-11 04:06    677888    ----a-w-    c:\windows\system32\generaltel.dll
2015-03-25 15:33 . 2015-03-11 04:06    760832    ----a-w-    c:\windows\system32\invagent.dll
2015-03-25 15:33 . 2015-03-11 04:06    414720    ----a-w-    c:\windows\system32\devinv.dll
2015-03-25 15:33 . 2015-03-11 04:05    192000    ----a-w-    c:\windows\system32\aepic.dll
2015-03-25 15:33 . 2015-03-11 04:02    1107456    ----a-w-    c:\windows\system32\aeinv.dll
2015-03-25 15:33 . 2015-03-11 04:05    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-03-23 14:52 . 2015-03-23 14:57    --------    d-----w-    c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2015-03-23 14:52 . 2015-03-23 14:52    --------    d-----w-    c:\programdata\ABBYY
2015-03-23 14:52 . 2015-03-23 14:52    --------    d-----w-    c:\program files (x86)\Common Files\ABBYY
2015-03-23 14:44 . 2012-07-24 04:00    466432    ----a-w-    c:\windows\system32\esxw2ud.dll
2015-03-23 14:44 . 2011-12-12 04:00    135824    ----a-w-    c:\windows\system32\escsvc64.exe
2015-03-23 14:42 . 2015-03-25 18:38    --------    d-----w-    c:\program files (x86)\EPSON
2015-03-23 14:42 . 2015-03-23 14:42    --------    d-----w-    c:\program files (x86)\Common Files\EPSON
2015-03-23 14:42 . 2015-03-23 14:42    --------    d-----w-    c:\program files\EpsonNet
2015-03-23 14:42 . 2011-08-30 17:40    535040    ----a-w-    c:\windows\system32\ensppui.dll
2015-03-23 14:42 . 2011-08-30 17:40    535040    ----a-w-    c:\windows\system32\enppui.dll
2015-03-23 14:42 . 2011-08-30 17:38    558080    ----a-w-    c:\windows\system32\ensppmon.dll
2015-03-23 14:42 . 2011-08-30 17:38    558080    ----a-w-    c:\windows\system32\enppmon.dll
2015-03-23 14:42 . 2011-08-01 22:24    250880    ----a-w-    c:\windows\system32\enspres.dll
2015-03-23 14:42 . 2011-08-01 22:24    250880    ----a-w-    c:\windows\system32\enpres.dll
2015-03-23 14:42 . 2015-03-23 14:47    --------    d--h--w-    c:\program files (x86)\InstallShield Installation Information
2015-03-23 14:42 . 2015-03-23 14:42    --------    d-----w-    c:\program files\EPSON
2015-03-23 14:42 . 2015-03-23 14:47    --------    d-----w-    c:\program files (x86)\EPSON Software
2015-03-22 18:59 . 2015-03-22 18:59    --------    d-----w-    c:\program files\Common Files\EPSON
2015-03-22 18:59 . 2015-03-25 18:31    --------    d-----w-    c:\programdata\EPSON
2015-03-22 18:57 . 2012-09-27 15:02    10752    ----a-w-    c:\windows\system32\E_GCINST.DLL
2015-03-22 18:57 . 2012-09-27 15:02    83968    ----a-w-    c:\windows\system32\E_YD4BJHE.DLL
2015-03-22 18:57 . 2012-09-27 15:02    120320    ----a-w-    c:\windows\system32\E_YLMJHE.DLL
2015-03-22 17:10 . 2012-10-03 20:14    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2015-03-22 17:10 . 2015-03-22 17:10    --------    dc----w-    c:\windows\system32\DRVSTORE
2015-03-22 17:08 . 2015-03-22 17:08    --------    d-----w-    c:\program files (x86)\iTunes
2015-03-22 17:08 . 2015-03-22 17:08    --------    d-----w-    c:\program files\iPod
2015-03-22 17:08 . 2015-03-22 17:10    --------    d-----w-    c:\program files\iTunes
2015-03-22 17:08 . 2015-03-22 17:08    --------    d-----w-    c:\programdata\Apple Computer
2015-03-22 17:06 . 2015-03-22 17:06    --------    d-----w-    c:\program files (x86)\Apple Software Update
2015-03-22 17:05 . 2015-03-22 17:05    --------    d-----w-    c:\program files\Bonjour
2015-03-22 17:05 . 2015-03-22 17:05    --------    d-----w-    c:\program files (x86)\Bonjour
2015-03-22 17:04 . 2015-03-22 17:08    --------    d-----w-    c:\program files\Common Files\Apple
2015-03-22 17:03 . 2015-03-22 17:06    --------    d-----w-    c:\programdata\Apple
2015-03-22 17:03 . 2015-03-22 17:06    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2015-03-22 15:26 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2015-03-22 15:26 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2015-03-22 15:26 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2015-03-22 15:26 . 2014-07-09 02:03    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2015-03-22 15:26 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2015-03-22 15:26 . 2014-07-09 01:31    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2015-03-22 15:26 . 2014-07-09 01:31    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
2015-03-22 09:35 . 2015-03-26 07:17    --------    d-s---w-    c:\windows\system32\CompatTel
2015-03-22 09:35 . 2015-03-26 07:17    --------    d-----w-    c:\windows\system32\appraiser
2015-03-22 07:15 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2015-03-22 07:15 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2015-03-22 07:04 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2015-03-22 07:04 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2015-03-22 07:04 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2015-03-22 07:04 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2015-03-22 07:04 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2015-03-22 07:04 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2015-03-22 07:03 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2015-03-22 07:03 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2015-03-21 18:09 . 2014-06-18 22:23    73880    ----a-w-    c:\windows\system32\mscories.dll
2015-03-21 18:09 . 2014-06-18 22:23    1943696    ----a-w-    c:\windows\system32\dfshim.dll
2015-03-21 18:09 . 2014-06-18 22:23    156312    ----a-w-    c:\windows\system32\mscorier.dll
2015-03-21 18:09 . 2014-06-18 22:23    81560    ----a-w-    c:\windows\SysWow64\mscories.dll
2015-03-21 18:09 . 2014-06-18 22:23    156824    ----a-w-    c:\windows\SysWow64\mscorier.dll
2015-03-21 18:09 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll
2015-03-21 13:16 . 2014-06-03 10:02    1719296    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2015-03-21 13:15 . 2014-12-19 03:06    210432    ----a-w-    c:\windows\system32\profsvc.dll
2015-03-21 13:12 . 2015-01-31 03:48    3179520    ----a-w-    c:\windows\system32\rdpcorets.dll
2015-03-21 13:12 . 2015-01-31 03:48    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-21 13:12 . 2015-01-30 23:56    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2015-03-21 13:12 . 2014-04-05 02:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2015-03-21 13:12 . 2014-04-05 02:47    288192    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2015-03-21 13:12 . 2014-10-14 02:13    683520    ----a-w-    c:\windows\system32\termsrv.dll
2015-03-21 13:10 . 2014-08-12 02:02    878080    ----a-w-    c:\windows\system32\IMJP10K.DLL
2015-03-21 13:09 . 2014-10-30 02:03    165888    ----a-w-    c:\windows\system32\charmap.exe
2015-03-21 13:08 . 2014-07-17 02:07    455168    ----a-w-    c:\windows\system32\winlogon.exe
2015-03-21 13:05 . 2014-09-05 02:11    6584320    ----a-w-    c:\windows\system32\mstscax.dll
2015-03-21 13:05 . 2014-09-05 01:52    5703168    ----a-w-    c:\windows\SysWow64\mstscax.dll
2015-03-21 13:05 . 2014-08-23 02:07    404480    ----a-w-    c:\windows\system32\gdi32.dll
2015-03-21 13:05 . 2014-08-23 01:45    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2015-03-21 13:01 . 2015-02-04 03:16    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-03-21 13:01 . 2015-02-04 02:54    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2015-03-21 13:01 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2015-03-21 13:01 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2015-03-20 20:21 . 2015-03-23 07:19    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2015-03-20 20:16 . 2015-03-20 20:16    --------    d-----w-    c:\windows\SysWow64\x64
2015-03-20 20:16 . 2009-09-23 23:30    1002008    ----a-w-    c:\windows\SysWow64\igxpun.exe
2015-03-20 20:04 . 2015-03-27 12:56    1187344    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-20 20:03 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2015-03-20 20:03 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
2015-03-20 20:03 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
2015-03-20 20:03 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
2015-03-20 20:03 . 2014-05-14 16:23    38880    ----a-w-    c:\windows\system32\wups.dll
2015-03-20 20:03 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\SysWow64\wups.dll
2015-03-20 20:03 . 2014-05-14 16:23    700384    ----a-w-    c:\windows\system32\wuapi.dll
2015-03-20 20:03 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\SysWow64\wuapi.dll
2015-03-20 20:03 . 2014-05-14 16:20    97792    ----a-w-    c:\windows\system32\wudriver.dll
2015-03-20 20:03 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\SysWow64\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-21 12:37 . 2014-03-14 16:20    778928    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-21 12:37 . 2014-03-14 16:20    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-03 13:17 . 2010-11-21 03:27    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-27 01:14 . 2014-03-13 17:19    122905848    ----a-w-    c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE" [2012-09-27 283232]
"Spotify Web Helper"="c:\users\MikeMaureen\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-04-01 2018360]
"Spotify"="c:\users\MikeMaureen\AppData\Roaming\Spotify\Spotify.exe" [2015-04-01 7112248]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-03-25 7806232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1282048]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14 12:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1 10.0.0.2
FF - ProfilePath - c:\users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-02  13:57:26
ComboFix-quarantined-files.txt  2015-04-02 17:57
.
Pre-Run: 925,772,144,640 bytes free
Post-Run: 925,668,474,880 bytes free
.
- - End Of File - - 5D5148F035A2240AA2A1A7E0A2BAA06D
A36C5E4F47E84449FF07ED3517B43A31
 



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 02 April 2015 - 01:22 PM

Please do the following,

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:
 

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
ielook;
firefoxlook;
chromelook;

ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

--------------------------------------------------------

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 02 April 2015 - 01:59 PM

Zoek.exe v5.0.0.0 Updated 31-March-2015
Tool run by MikeMaureen on Thu 04/02/2015 at 14:37:34.54.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\MikeMaureen\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4/2/2015 2:38:07 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Oracle deleted successfully
C:\Users\MikeMaureen\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\MikeMaureen\AppData\Roaming\em_64x64.ico deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\MIKEMA~1\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658
user_pref("browser.search.defaultenginename.US", "Google Default");

==== Firefox Extensions ======================

ProfilePath: C:\Users\MIKEMA~1\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Firefox Helper - %AppDir%\distribution\bundles\1abc5dfe9f40e18244d596e53c84ad79

==== Firefox Plugins ======================

Profilepath: C:\Users\MikeMaureen\AppData\Roaming\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658
5174E3BE46B2CCCDAF9CEB5B622CEA9B    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll -    Shockwave for Director / Shockwave for Director
43583AB4DFD406F4C188342F41B1F91C    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll -    Shockwave Flash
C1DCA8D9CBC838117E2AC80EB664224A    - C:\Users\MikeMaureen\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll -    NMP Browser Plugin


==== Deleted Firefox Extensions ======================

C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1abc5dfe9f40e18244d596e53c84ad79 deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D180F2F3-9CD4-4867-A221-D81C725D8045} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\3F2F081D4DC976842A128DC127D50854 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MikeMaureen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MikeMaureen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\MikeMaureen\AppData\Local\Mozilla\Firefox\Profiles\foyi35um.default-1427830773658\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8 folders=3 12913 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\MikeMaureen\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MIKEMA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 04/02/2015 at 14:54:20.25 ======================
 



#12 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 02 April 2015 - 02:03 PM

 Results of screen317's Security Check version 0.99.99  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.134  
 Adobe Reader XI  
 Mozilla Firefox (36.0.4)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 02 April 2015 - 02:08 PM

Hi dorr4x4,
 
Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt
 
Step 2:
 
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 02 April 2015 - 02:28 PM

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.02.05
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
MikeMaureen :: MIKEMAUREEN-PC [administrator]

4/2/2015 3:17:22 PM
mbar-log-2015-04-02 (15-17-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 359378
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4148805632, free: 2661093376

Downloaded database version: v2015.04.02.05
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
------------ Kernel report ------------
     04/02/2015 15:17:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1e6232e.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\user32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.02.05
  rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80047ab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80047abb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80047ab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004254680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B2C28801

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 16285696
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16287744  Numsec = 1937233920

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005858060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80058534d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005858060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005848060, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800588e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800588eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800588e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80056eb630, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8005890060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005858a50, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005890060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800585e060, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa8005c1a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80052b4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c1a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005c15060, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 32  Numsec = 127456
    Partition file system is FAT
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 65536000 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa8005c50790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005c502c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c50790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005c43060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 28352550

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204885504 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-4-0-32-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removal finished
 



#15 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 02 April 2015 - 02:40 PM

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MikeMaureen [Administrator]
Started from : C:\Users\MikeMaureen\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/02/2015  15:36:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.2 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.2 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.2 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE4EBDF4-4888-45C5-BF97-AD14B82CF857} | DhcpNameServer : 192.168.1.1 10.0.0.2 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EE4EBDF4-4888-45C5-BF97-AD14B82CF857} | DhcpNameServer : 192.168.1.1 10.0.0.2 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EE4EBDF4-4888-45C5-BF97-AD14B82CF857} | DhcpNameServer : 192.168.1.1 10.0.0.2 [(Private Address) (XX)]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2648125591-3791926558-3705767269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2648125591-3791926558-3705767269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HUA721010KLA330 ATA Device +++++
--- User ---
[MBR] adf61f28169522ca3fcaf0be5e841864
[BSP] a9f96c32e387bff50d5858481dce5c37 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: EPSON Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: EPSON Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: EPSON Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: 64MB HardDrive USB Device +++++
--- User ---
[MBR] 6dbae2f3edf26ecdddf656359b89ca3a
[BSP] 7208b105e661849d4a48c279d3177d8d : Legit.Unknown MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Dell Portable USB Device +++++
--- User ---
[MBR] 0033e987e585f27e44a16d2463d5bb2d
[BSP] 10fd2befc3f634b70ef651292bfc7c84 : Empty MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users