Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my ex-boyfriend installed a keylogger, listens to microphone, etc.


  • This topic is locked This topic is locked
11 replies to this topic

#1 tchuckdonny

tchuckdonny

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 07 April 2015 - 01:00 PM

He is a sysadmin and very high level so I know he is capable of this.  He has mentioned conversations I had while near my laptop and TV shows I watch, I'm positive he has done something.  its super obvious. The resource monitor shows a bunch of processes running that are associated with malware/spyware but all of my scans show nothing.  The CPU usage jumps around like crazy. Remote desktop keeps gettin re-enabled after I enable it..  I stopped all non essential windows processes at startup and the webcam and audio sfotware keeps getting re-enables, plus a bunch of wacky stuff is running and hogging the memory and maxing out the CPU.  Hijackthis does show some missing files but I am stuck there and have not deleted them because I read that 64bit can cause false positives  So I left it and hope you guys can help me.  I know some stuff about all of this but not enough. 
 
Please help!

Edited by Queen-Evie, 07 April 2015 - 01:38 PM.
moved from Am I Infected to Malware Removal Logs


BC AdBot (Login to Remove)

 


#2 shival

shival

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 April 2015 - 01:04 PM

What is your operating system? Most keyloggers stop working when "user account control" is set to max in win 7, so propably vista and 8 too.

What scanners were you using?



#3 tchuckdonny

tchuckdonny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 07 April 2015 - 01:20 PM

Oh sorry. It's Windows 7 SP1.  A few weeks ago my user account became corrupted too. I had to make a new admin account and migrate all of my files over.  I used malware bytes, adaware, kapersky online and trend micro online and hijackthis, which does show some 'missing files' in system folder. 


Edited by tchuckdonny, 07 April 2015 - 01:21 PM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 AM

Posted 07 April 2015 - 01:37 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 tchuckdonny

tchuckdonny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 07 April 2015 - 01:43 PM

Ok here they are. Thanks much!
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Cathryn at 2015-04-07 14:43:03
Running from C:\Users\Cathryn\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Angry Birds Space (HKLM-x32\...\{FA4E4BC2-335B-4453-A381-0D111937E748}) (Version: 2.0.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars II (HKLM-x32\...\{F2901A5D-DB84-4E40-AD63-F8DFB239DD86}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
Auto FX Free (HKLM-x32\...\{ABE4D060-5260-453F-A742-933194AEB045}) (Version: 2.00.0002 - Auto FX Software)
Bad Piggies (HKLM-x32\...\{6A062CC2-747A-455F-9892-5CF7F86EA451}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.1 - Lenovo)
Energy Management (x32 Version: 6.0.1.1 - Lenovo) Hidden
EnergyCut (HKLM-x32\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - Lenovo)
FanSpeedControl (HKLM-x32\...\InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo)
FanSpeedControl (x32 Version: 1.00.00.13 - Lenovo) Hidden
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Filter Forge Freepack 2 - Photo Effects 2.013 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version:  - Filter Forge, Inc.)
Fotomatic version 1.4 (HKLM-x32\...\{6022299E-440C-43DA-825F-B58BCCB570B9}_is1) (Version: 1.4 - Cybia)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Keylogger Detector (HKLM-x32\...\Keylogger Detector) (Version:  - )
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7128.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.29 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Security Task Manager 2.0d (HKLM-x32\...\Security Task Manager) (Version: 2.0d - Neuber Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
The Works version 3.2 (HKLM-x32\...\{839CA7E5-5956-487D-8138-682907C5D576}_is1) (Version: 3.2 - Cybia)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
virtualPhotographer 1.5.6 (HKLM-x32\...\virtualPhotographer_is1) (Version:  - optikVerve Labs)
virtualStudio 1.0.38 (HKLM-x32\...\virtualStudio_is1) (Version:  - optikVerve Labs)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (10/25/2010 6.1.0.1) (HKLM\...\EA8853A03D537A97526088F978DEB040DF596301) (Version: 10/25/2010 6.1.0.1 - Lenovo)
Wise Registry Cleaner 8.31 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
21-03-2015 16:33:43 Windows Update
27-03-2015 12:44:39 AA11
27-03-2015 13:09:27 Removed DeVeDe
03-04-2015 22:52:22 Configured YouCam
04-04-2015 00:48:42 c
07-04-2015 07:57:13 Installed Microsoft Fix it 50267
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2A66863F-872F-4E9B-9E88-32441D7A8BFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {420CE2B8-1448-4BE6-BB27-F19FA2CC66B6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5E42D96F-7C87-401E-BCA3-9BFB6DAD1423} - System32\Tasks\{A4C1C803-2C0B-4D00-8FFB-C20B492B93B8} => pcalua.exe -a "C:\Users\Cathryn\Downloads\dsl-win-v365\dsl-win-v365\Install DSL v365.exe" -d C:\Users\Cathryn\Downloads\dsl-win-v365\dsl-win-v365
Task: {6A2AB2E5-7821-4519-B77F-08B5835752B7} - System32\Tasks\{2967A4F7-C3D9-4DDF-95F3-3B94770ED279} => pcalua.exe -a "C:\Users\me\Desktop\lenovo\INSTALLED DRIVERS\IN1WLN113WW5.exe" -d "C:\Users\me\Desktop\lenovo\INSTALLED DRIVERS"
Task: {9EFC23E6-D20A-4181-AEA0-FC4A148A1EC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {A7D51BCD-C102-4BE6-A6D9-23773A309C6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {ADF9F691-D581-43CD-B5C4-7198234497C3} - System32\Tasks\Norton Security Scan for me => C:\PROGRA~2\NORTON~2\Engine\410~1.29\Nss.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for me.job => C:\PROGRA~2\NORTON~2\Engine\410~1.29\Nss.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-08 06:10 - 2014-12-08 06:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-25 17:28 - 2011-03-25 17:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 03:20 - 2014-06-21 16:36 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 03:20 - 2014-06-21 16:36 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2015-03-13 08:43 - 2005-06-24 19:05 - 00045056 _____ () C:\Program Files (x86)\Lenovo\EnergyCut\HookLib.dll
2015-02-01 07:17 - 2015-02-01 07:17 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-04-03 23:08 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 23:08 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 23:08 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1273773371-3080841901-3651795515-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
 
==================== Accounts: =============================
 
Admin (S-1-5-21-1273773371-3080841901-3651795515-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1273773371-3080841901-3651795515-500 - Administrator - Disabled)
Cathryn (S-1-5-21-1273773371-3080841901-3651795515-1002 - Administrator - Enabled) => C:\Users\Cathryn
Guest (S-1-5-21-1273773371-3080841901-3651795515-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1273773371-3080841901-3651795515-1006 - Limited - Enabled)
Michael (S-1-5-21-1273773371-3080841901-3651795515-1001 - Administrator - Enabled) => C:\Users\Michael
NewUser (S-1-5-21-1273773371-3080841901-3651795515-1004 - Administrator - Enabled) => C:\Users\NewUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/07/2015 02:41:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64 (1).exe version 11.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 984
 
Start Time: 01d0716271e730dc
 
Termination Time: 4
 
Application Path: C:\Users\Cathryn\Desktop\FRST64 (1).exe
 
Report Id: b9588c44-dd55-11e4-91de-f0def190690a
 
Error: (04/07/2015 02:41:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/07/2015 01:56:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 08:37:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/07/2015 08:01:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:28:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 08:39:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 08:38:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/06/2015 08:16:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/07/2015 01:56:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (04/07/2015 01:56:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (04/07/2015 01:56:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (04/07/2015 01:56:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/07/2015 01:54:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:26:52 AM on ‎4/‎7/‎2015 was unexpected.
 
Error: (04/07/2015 08:03:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (04/07/2015 08:03:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (04/07/2015 08:03:12 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (04/07/2015 08:03:12 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/07/2015 07:57:49 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (04/07/2015 02:41:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64 (1).exe11.3.2015.098401d0716271e730dc4C:\Users\Cathryn\Desktop\FRST64 (1).exeb9588c44-dd55-11e4-91de-f0def190690a
 
Error: (04/07/2015 02:41:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cathryn\Downloads\esetsmartinstaller_enu.exe
 
Error: (04/07/2015 01:56:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 08:37:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cathryn\Downloads\esetsmartinstaller_enu.exe
 
Error: (04/07/2015 08:01:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:28:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 08:39:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 08:38:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cathryn\Downloads\esetsmartinstaller_enu.exe
 
Error: (04/06/2015 08:16:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 4010.14 MB
Available physical RAM: 2015.53 MB
Total Pagefile: 8018.47 MB
Available Pagefile: 5810.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:382.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4A4C36D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Cathryn (administrator) on ME-PC on 07-04-2015 14:42:06
Running from C:\Users\Cathryn\Desktop
Loaded Profiles: Cathryn (Available profiles: Michael & Cathryn & Admin & NewUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Cathryn\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9437600 2014-06-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5315488 2014-06-21] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LenovoFSC] => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1273773371-3080841901-3651795515-1002\...\Run: [GoogleChromeAutoLaunch_BAD5862F02D1ECE842BBD3B2CF17EB80] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1273773371-3080841901-3651795515-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1273773371-3080841901-3651795515-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1273773371-3080841901-3651795515-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1273773371-3080841901-3651795515-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1273773371-3080841901-3651795515-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Cathryn\AppData\Roaming\Mozilla\Firefox\Profiles\vpfc7uae.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF SearchPlugin: C:\Users\Cathryn\AppData\Roaming\Mozilla\Firefox\Profiles\vpfc7uae.default\searchplugins\avg-secure-search.xml [2015-01-30]
FF Extension: AVG Web TuneUp - C:\Users\Cathryn\AppData\Roaming\Mozilla\Firefox\Profiles\vpfc7uae.default\Extensions\avg@toolbar [2015-01-30]
FF Extension: Firebug - C:\Users\Cathryn\AppData\Roaming\Mozilla\Firefox\Profiles\vpfc7uae.default\Extensions\firebug@software.joehewitt.com.xpi [2015-01-13]
FF HKU\S-1-5-21-1273773371-3080841901-3651795515-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Cathryn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SEOquake) - C:\Users\Cathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2015-03-18]
CHR Extension: (AdBlock) - C:\Users\Cathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Cathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Cathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR Extension: (Hover Zoom) - C:\Users\Cathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-02-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-11-02] (Adobe Systems) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-05] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-06] (Malwarebytes Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-07 14:41 - 2015-04-07 14:42 - 00012686 _____ () C:\Users\Cathryn\Desktop\FRST.txt
2015-04-07 14:37 - 2015-04-07 14:37 - 00734000 _____ () C:\Users\Cathryn\Downloads\machine.pnf
2015-04-07 14:37 - 2015-04-07 14:37 - 00734000 _____ () C:\Users\Cathryn\Downloads\machine (1).pnf
2015-04-07 09:26 - 2015-04-07 09:26 - 00000000 ____D () C:\Users\Cathryn\Downloads\ProcessExplorer
2015-04-07 09:24 - 2015-04-07 09:24 - 01190415 _____ () C:\Users\Cathryn\Downloads\ProcessExplorer.zip
2015-04-07 07:56 - 2015-04-07 07:56 - 00991232 _____ () C:\Users\Cathryn\Downloads\MicrosoftFixit50267.msi
2015-04-07 07:40 - 2015-04-07 07:41 - 29836080 _____ (Wireshark development team) C:\Users\Cathryn\Downloads\Wireshark-win64-1.12.4.exe
2015-04-07 07:40 - 2015-04-07 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-04-07 07:40 - 2015-04-07 07:40 - 00000000 ____D () C:\Program Files\Sandboxie
2015-04-07 07:39 - 2015-04-07 07:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Cathryn\Downloads\HijackThis (1).exe
2015-04-07 00:20 - 2015-04-07 00:20 - 06980616 _____ (Sandboxie Holdings, LLC) C:\Users\Cathryn\Downloads\SandboxieInstall.exe
2015-04-06 22:00 - 2015-04-06 22:00 - 00000000 ____D () C:\ProgramData\Keylogger Detector
2015-04-06 20:38 - 2015-04-06 20:38 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Cathryn\Downloads\iExplore64.exe
2015-04-06 03:07 - 2015-04-06 20:38 - 00001444 _____ () C:\Users\Cathryn\Desktop\Rkill.txt
2015-04-06 03:07 - 2015-04-06 03:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cathryn\Downloads\iExplore.exe
2015-04-05 22:05 - 2015-04-05 22:05 - 02095616 _____ (Farbar) C:\Users\Cathryn\Desktop\FRST64 (1).exe
2015-04-05 22:04 - 2015-04-05 22:04 - 01135104 _____ (Farbar) C:\Users\Cathryn\Downloads\FRST.exe
2015-04-05 15:27 - 2015-04-05 15:27 - 00716896 _____ (Kaspersky Lab) C:\Users\Cathryn\Downloads\setup.exe
2015-04-05 09:40 - 2015-04-05 09:40 - 02347384 _____ (ESET) C:\Users\Cathryn\Downloads\esetsmartinstaller_enu.exe
2015-04-04 19:12 - 2015-04-04 19:12 - 00017715 _____ () C:\Users\Cathryn\Desktop\dds.txt
2015-04-04 19:12 - 2015-04-04 19:12 - 00004812 _____ () C:\Users\Cathryn\Desktop\attach.txt
2015-04-04 19:10 - 2015-04-04 19:10 - 00688992 ____R (Swearware) C:\Users\Cathryn\Downloads\dds.scr
2015-03-31 22:26 - 2015-03-31 22:28 - 16748632 _____ () C:\Users\Cathryn\Downloads\RogueKiller.exe
2015-03-31 21:31 - 2015-03-31 21:31 - 00002355 _____ () C:\Users\Cathryn\Downloads\FSS.txt
2015-03-31 20:50 - 2015-04-06 21:21 - 00024631 _____ () C:\Users\Cathryn\Downloads\Result.txt
2015-03-31 20:32 - 2015-03-31 20:32 - 00171257 _____ () C:\Users\Cathryn\AppData\Local\census.cache
2015-03-31 20:31 - 2015-03-31 20:31 - 00077529 _____ () C:\Users\Cathryn\AppData\Local\ars.cache
2015-03-31 20:29 - 2015-03-31 20:29 - 00000010 _____ () C:\Users\Cathryn\AppData\Local\sponge.last.runtime.cache
2015-03-31 20:25 - 2015-03-31 20:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Cathryn\Downloads\tdsskiller (1).exe
2015-03-31 20:23 - 2015-03-31 20:23 - 00415232 _____ (Farbar) C:\Users\Cathryn\Downloads\FSS.exe
2015-03-31 20:21 - 2015-03-31 20:21 - 00000036 _____ () C:\Users\Cathryn\AppData\Local\housecall.guid.cache
2015-03-31 20:19 - 2015-03-31 20:20 - 02073112 _____ (Trend Micro Inc.) C:\Users\Cathryn\Downloads\HousecallLauncher.exe
2015-03-31 19:28 - 2015-03-31 19:29 - 00448512 _____ (OldTimer Tools) C:\Users\Cathryn\Downloads\TFC.exe
2015-03-31 19:27 - 2015-03-31 19:27 - 00402944 _____ (Farbar) C:\Users\Cathryn\Downloads\MiniToolBox.exe
2015-03-31 08:08 - 2015-03-31 08:11 - 145745656 _____ (Microsoft Corporation) C:\Users\Cathryn\Downloads\msert (1).exe
2015-03-31 08:07 - 2015-03-31 08:07 - 00133936 _____ () C:\Users\Cathryn\Downloads\msert.exe
2015-03-31 08:05 - 2015-03-31 08:05 - 00602112 _____ (OldTimer Tools) C:\Users\Cathryn\Downloads\OTL.exe
2015-03-30 20:44 - 2015-03-30 20:44 - 00711160 _____ (Microsoft Corporation) C:\Users\Cathryn\Downloads\Windows2000-KB842773-x86-ENU.EXE
2015-03-30 19:38 - 2015-03-30 21:30 - 00024001 _____ () C:\Users\Cathryn\Downloads\Addition.txt
2015-03-30 19:36 - 2015-04-07 14:42 - 00000000 ____D () C:\FRST
2015-03-30 19:36 - 2015-04-06 20:45 - 00046747 _____ () C:\Users\Cathryn\Downloads\FRST.txt
2015-03-30 19:35 - 2015-03-30 19:35 - 00380416 _____ () C:\Users\Cathryn\Downloads\5mfhm7oz.exe
2015-03-30 19:35 - 2015-03-30 19:35 - 00080384 _____ () C:\Users\Cathryn\Downloads\MBRCheck.exe
2015-03-30 19:33 - 2015-03-30 19:34 - 02095616 _____ (Farbar) C:\Users\Cathryn\Downloads\FRST64.exe
2015-03-28 17:08 - 2015-03-28 17:08 - 02631261 _____ () C:\Users\Cathryn\Downloads\wordpress_77hmo7fh4h.sql (4).zip
2015-03-28 09:57 - 2015-03-28 09:57 - 09500144 _____ () C:\Users\Cathryn\Downloads\My stuff. - Imgur.zip
2015-03-27 12:46 - 2015-03-27 12:46 - 00000000 ____D () C:\Users\Cathryn\AppData\Roaming\LavasoftStatistics
2015-03-27 11:25 - 2015-03-27 11:25 - 00000000 ____D () C:\Users\Cathryn\Desktop\TCPView
2015-03-27 11:24 - 2015-03-27 11:25 - 00291606 _____ () C:\Users\Cathryn\Downloads\TCPView.zip
2015-03-27 10:37 - 2015-03-27 10:37 - 00000005 _____ () C:\Users\Cathryn\Downloads\download
2015-03-27 10:35 - 2015-03-27 11:07 - 00000000 ____D () C:\Users\Cathryn\Desktop\cports
2015-03-27 10:34 - 2015-03-27 10:34 - 00086813 _____ () C:\Users\Cathryn\Downloads\cports.zip
2015-03-27 10:26 - 2015-04-06 02:11 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-03-27 10:26 - 2015-03-27 10:26 - 00000000 ____D () C:\Users\Cathryn\AppData\Local\SecTaskMan
2015-03-27 10:25 - 2015-03-27 10:25 - 02931056 _____ () C:\Users\Cathryn\Downloads\SecurityTaskManager_Setup.exe
2015-03-27 10:25 - 2015-03-27 10:25 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-03-27 10:25 - 2015-03-27 10:25 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-03-27 10:25 - 2015-03-27 10:25 - 00001139 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-03-27 10:25 - 2015-03-27 10:25 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-03-26 20:47 - 2015-03-26 20:47 - 01121208 _____ () C:\Users\Cathryn\Downloads\ProcessMonitor.zip
2015-03-26 18:09 - 2015-03-26 18:10 - 39401336 _____ (Apple Inc.) C:\Users\Cathryn\Downloads\QuickTimeInstaller.exe
2015-03-16 23:20 - 2015-03-16 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-16 23:20 - 2015-03-16 23:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-16 23:20 - 2015-03-16 23:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-16 23:08 - 2015-03-16 23:10 - 13087456 _____ (Microsoft Corporation) C:\Users\Cathryn\Downloads\Silverlight_x64.exe
2015-03-16 21:27 - 2015-03-16 21:27 - 00000749 _____ () C:\Users\Cathryn\Desktop\Documents\HTACCESSS.txt
2015-03-16 21:15 - 2015-03-16 21:15 - 00003384 _____ () C:\Users\Cathryn\Downloads\wp-config-backup.txt
2015-03-16 19:43 - 2015-03-16 19:44 - 04836434 _____ () C:\Users\Cathryn\Desktop\Documents\bookmarks_3_16_15.html
2015-03-16 19:30 - 2015-03-16 19:30 - 00000000 ____D () C:\Users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keylogger Detector
2015-03-16 19:30 - 2015-03-16 19:30 - 00000000 ____D () C:\Program Files\Keylogger Detector
2015-03-16 19:28 - 2015-03-16 19:28 - 00613868 _____ () C:\Users\Cathryn\Downloads\inst_antispy.exe
2015-03-15 08:30 - 2015-03-15 08:30 - 02484502 _____ () C:\Users\Cathryn\Downloads\wordpress_77hmo7fh4h.sql (3).zip
2015-03-14 19:30 - 2015-03-14 19:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Cathryn\Downloads\tdsskiller.exe
2015-03-13 14:22 - 2015-03-13 14:22 - 00001071 _____ () C:\Users\Cathryn\Desktop\Documents\.htaccess
2015-03-13 11:45 - 2015-03-13 11:46 - 06786996 _____ () C:\Users\Cathryn\Downloads\skarro.wordpress.2015-03-13.xml
2015-03-13 11:41 - 2015-03-13 11:41 - 03743807 _____ () C:\Users\Cathryn\Downloads\wordpress_77hmo7fh4h.sql (2).zip
2015-03-13 11:39 - 2015-03-13 11:39 - 00000000 ____D () C:\Users\Cathryn\Downloads\wordpress-4.1.1
2015-03-13 11:14 - 2015-03-13 11:14 - 06208736 _____ (Tim Kosse) C:\Users\Cathryn\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-13 11:12 - 2015-03-13 11:12 - 00003787 _____ () C:\Users\Cathryn\Downloads\wordpress_77hmo7fh4h.sql (1).zip
2015-03-13 09:41 - 2015-03-13 09:41 - 02745531 _____ () C:\Users\Cathryn\Downloads\Santa Monica's mountain lions caught on camera - Imgur.zip
2015-03-13 08:41 - 2015-03-13 08:42 - 03429528 _____ (Lenovo Group ) C:\Users\Cathryn\Downloads\l1egc02us24.exe
2015-03-12 17:24 - 2015-03-12 17:24 - 00000000 ____D () C:\Users\Cathryn\Desktop\mr thoms
2015-03-10 17:03 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 17:03 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 17:03 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 17:03 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 17:03 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 17:03 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 17:03 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 17:03 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 17:03 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 17:03 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 17:03 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 17:03 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 17:03 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 17:03 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 17:03 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 17:03 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 17:03 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 17:03 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 17:03 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 17:03 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 17:03 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 17:03 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 17:03 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 17:02 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 17:02 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 17:02 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 17:02 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 17:02 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 17:02 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 17:02 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 17:02 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 17:02 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 17:02 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 17:02 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 17:02 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 17:02 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 17:02 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 17:02 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 17:02 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 17:02 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 17:02 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 17:02 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 17:02 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 17:02 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 17:02 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 17:02 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 17:02 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 17:02 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 17:02 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 17:02 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 17:02 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 17:02 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 17:02 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 17:02 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 17:01 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 17:01 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 17:01 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 17:01 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 17:01 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 17:01 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 17:01 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 17:01 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 17:01 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 17:01 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 17:01 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 17:01 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 17:01 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 17:01 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 17:01 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 17:01 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 17:01 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 17:01 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 17:01 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 17:01 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 17:01 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 17:01 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 17:01 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 17:01 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 17:01 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 17:01 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 17:01 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 17:01 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 17:01 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 17:01 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 17:01 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 17:01 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 17:01 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 17:01 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 17:01 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 17:01 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 17:01 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 17:01 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 17:01 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 17:01 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 17:01 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 17:01 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 17:01 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 17:01 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 17:01 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 17:01 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 17:01 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 17:01 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 17:01 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 17:01 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 17:01 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 17:01 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 17:01 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 17:01 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 17:01 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 17:01 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 17:01 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 17:01 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 17:01 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 17:01 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 17:01 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 17:01 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 17:01 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 17:01 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 17:01 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 17:01 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 17:01 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 17:01 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 17:01 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 17:01 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 17:01 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 17:01 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 17:01 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 17:01 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:01 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 17:01 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 17:01 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 17:01 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 17:01 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 16:07 - 2015-03-10 16:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SPORE
2015-03-09 20:02 - 2015-03-09 20:07 - 251925982 _____ () C:\Users\Michael\Downloads\PokePackv1.0.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-07 14:39 - 2014-06-21 18:08 - 01777701 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 14:36 - 2015-01-14 09:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-07 14:06 - 2014-06-21 17:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-07 13:54 - 2014-06-21 17:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-07 13:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 13:54 - 2009-07-14 00:51 - 00031528 _____ () C:\Windows\setupact.log
2015-04-07 09:26 - 2015-01-31 09:14 - 00007603 _____ () C:\Users\Cathryn\AppData\Local\resmon.resmoncfg
2015-04-07 09:04 - 2009-07-14 00:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 09:04 - 2009-07-14 00:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 08:37 - 2014-12-29 20:14 - 00007786 _____ () C:\Users\Cathryn\Downloads\hijackthis.log
2015-04-06 22:00 - 2014-10-20 20:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 21:40 - 2014-10-15 19:58 - 00000000 ____D () C:\Users\Cathryn\Desktop\wordpress skarro
2015-04-05 15:15 - 2014-07-13 23:06 - 00000446 ____H () C:\Windows\Tasks\Norton Security Scan for me.job
2015-04-03 23:08 - 2014-06-21 17:15 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 23:01 - 2014-06-21 16:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-03 22:53 - 2014-06-21 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-03 22:53 - 2014-06-21 16:28 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-01 23:27 - 2009-07-14 01:13 - 00782164 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 13:50 - 2015-02-25 08:58 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.crazycraft2
2015-03-31 13:49 - 2015-02-25 08:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.fellowship2.0
2015-03-31 13:49 - 2015-02-25 08:07 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.jurassiccraft
2015-03-31 13:48 - 2015-02-26 15:49 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.dreamcraft
2015-03-31 13:48 - 2015-02-26 11:37 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.pokepack
2015-03-31 13:48 - 2015-02-25 08:07 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.voidswrath
2015-03-28 16:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-27 12:46 - 2015-01-31 20:05 - 00000000 ____D () C:\Users\NewUser\AppData\Roaming\Lavasoft
2015-03-27 11:29 - 2015-01-31 12:14 - 00000632 __RSH () C:\Users\NewUser\ntuser.pol
2015-03-22 09:44 - 2015-03-05 15:06 - 00000000 ____D () C:\ProgramData\Origin
2015-03-22 09:43 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 07:33 - 2009-07-14 00:45 - 00271992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-22 07:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-22 07:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-21 17:32 - 2014-07-16 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-03-21 17:32 - 2014-06-22 22:52 - 00798516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-21 17:23 - 2014-06-22 23:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-21 16:42 - 2014-06-22 23:07 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-21 13:57 - 2014-06-23 12:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft
2015-03-16 19:33 - 2014-12-28 20:55 - 00000000 ____D () C:\Users\Cathryn\AppData\Roaming\FileZilla
2015-03-15 18:16 - 2014-06-23 11:37 - 00001236 __RSH () C:\Users\Michael\ntuser.pol
2015-03-15 18:16 - 2014-06-23 11:37 - 00000000 ____D () C:\Users\Michael
2015-03-15 09:09 - 2014-12-28 20:43 - 00000632 __RSH () C:\Users\Cathryn\ntuser.pol
2015-03-15 09:09 - 2014-12-28 20:16 - 00000000 ____D () C:\Users\Cathryn
2015-03-14 21:05 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-10 16:06 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-08 08:48 - 2015-03-05 15:21 - 00000000 ____D () C:\Program Files (x86)\Origin Games
 
==================== Files in the root of some directories =======
 
2015-03-31 20:31 - 2015-03-31 20:31 - 0077529 _____ () C:\Users\Cathryn\AppData\Local\ars.cache
2015-03-31 20:32 - 2015-03-31 20:32 - 0171257 _____ () C:\Users\Cathryn\AppData\Local\census.cache
2015-03-31 20:21 - 2015-03-31 20:21 - 0000036 _____ () C:\Users\Cathryn\AppData\Local\housecall.guid.cache
2015-01-31 09:14 - 2015-04-07 09:26 - 0007603 _____ () C:\Users\Cathryn\AppData\Local\resmon.resmoncfg
2015-03-31 20:29 - 2015-03-31 20:29 - 0000010 _____ () C:\Users\Cathryn\AppData\Local\sponge.last.runtime.cache
2014-07-24 13:41 - 2014-07-24 13:47 - 0000392 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Cathryn\AppData\Local\Temp\SandboxieInstall-64-bit-33243220.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 20:18
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 AM

Posted 07 April 2015 - 02:14 PM

The resource monitor shows a bunch of processes running that are associated with malware/spyware...

What do you mean exactly?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 tchuckdonny

tchuckdonny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 07 April 2015 - 02:29 PM

system interupts with no PID running very high and audiodg.exe eating up CPU and memory. svchost.exe (HPz12) svchost.exe (Dcomlaunch), (imgsvc), (RPCSS) all running high

 

I really don't know much about this stuff but when I google it sends red flags my way. Seems bad. 

 

I don't have an HP.


Edited by tchuckdonny, 07 April 2015 - 02:30 PM.


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 AM

Posted 07 April 2015 - 02:38 PM

Step 1

webheader.png

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 tchuckdonny

tchuckdonny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 07 April 2015 - 06:42 PM

Saved date:   4/7/2015 7:42:19 PM
Files detected: 129
Files scanned: 8,105
Processes scanned: 69
Modules scanned: 566
ASEPs scanned: 414
Downloads scanned: 24
Deep analysis: 53/11
---------------------------------------------------------------------------------
 
Files
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
Publisher: Intel Corporation
Signer: Intel Corporation
MD5: fdf92ec84fecee834fb10a2a0a19bcda
SHA-1: d856e15e87c835661bfc62803f65a58dc7074876
Created: 6/21/2014 4:30:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\appdata\local\google\chrome\user data\default\extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.7_0\manifest.json
Publisher:
MD5: 6cfe38e06000d0642ce2a3cfcebcbf57
SHA-1: eda233d815677bc819836af2e0b4d28b08282fc1
Created: 3/7/2015 11:29:16 PM
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Chrome.Extension.HoverZoom (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\frst.exe
Publisher: Farbar
MD5: 67d890e8da0a5db2846b6366172d15a0
SHA-1: a453cf4bb39819b288d814c475089aa89e3881e9
Created: 4/5/2015 10:04:30 PM
Detections: 2
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined)
- Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\minitoolbox.exe
Publisher: Farbar
MD5: 607e18df00ee732ef4a28a7021c13fd2
SHA-1: 2ff7f5294ebbdced8bc0f2424bd8572f452baedf
Created: 3/31/2015 7:27:45 PM
Detections: 5
Determination: UndefinedMalware
- McAfee as Artemis!607E18DF00EE (Undefined)
- Norman as DarkComet.CQ (Undefined)
- McAfee Web Gateway as BehavesLike.Win32.BadFile.fc (Undefined)
- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined)
- Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\otl.exe
Publisher: OldTimer Tools
MD5: 4adcfee16ee9978f06157634669d36fb
SHA-1: 30b37076552e49276836d02dd73d038c27dbbee9
Created: 3/31/2015 8:05:34 AM
Detections: 2
Determination: Ignore detections (false positive)
- Agnitum Outpost as Packed/PECompact
- Bkav FE as HW32.CDB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\mbrcheck.exe
Publisher:
MD5: cb2d120a4b72422a8141192831b1f500
SHA-1: 4f384c8d798dd0ee6c7ff12046db64e6cc05ccf0
Created: 3/30/2015 7:35:57 PM
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
- Jiangmin as Worm/Fipp.gho (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\5mfhm7oz.exe
Publisher:
MD5: 9a8336796a7c71e9f33de848b8320ed3
SHA-1: 6c184a3e18e29bdc7f834ce37ee54f0df6636fa8
Created: 3/30/2015 7:35:08 PM
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_FAKEALERT.BMH (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\frst64.exe
Publisher: Farbar
MD5: f58676de827dd9a5f3a44a698e8b4663
SHA-1: bc7834bdbca38477a8ccf4a3027487f8e18f6170
Created: 3/30/2015 7:33:56 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dds.scr
Publisher: Swearware
MD5: 8b968045d75783a09592c3105f2865da
SHA-1: 1d5b06567e19f72e77d52a32f5fa3a0e0c3c54b4
Created: 4/4/2015 7:10:52 PM
Detections: 3
Determination: Inconclusive
- Norman as Rootkit.FAQK (Undefined)
- Kingsoft AntiVirus as Win32.HeurC.KVM003.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.Win32.Generic.14BD2A08!347941384 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\hijackthis (1).exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 4/7/2015 7:39:56 AM
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\hijackthis.exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 12/29/2014 7:12:59 PM
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\apache\bin\ssleay32.dll
Publisher: The OpenSSL Project, http://www.openssl.org/
MD5: 591de1c7bf87596c701c4b6bce6183d2
SHA-1: 5f35db01d2add0c45c52e54da883856dcdb8222a
Created: 2/20/2013 9:07:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V0226 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\libs\split.exe
Publisher:
MD5: 5135c1a4506e852b5e7eed1a3b17a0aa
SHA-1: 588ef0c9956da7003b89fc522845ebf3a6e9f69f
Created: 6/20/2003 5:57:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\bin\libgcc_s_sjlj-1.dll
Publisher:
MD5: 5c3850e0880e7574a8832921517351ff
SHA-1: 28de7b85f833d415d72c40f6b6c210da2cc141cc
Created: 10/14/2012 9:16:04 AM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Trojan-Downloader.Win32.Gamarue.1!O (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\b\hooks\op\check\check.dll
Publisher:
MD5: 42e66070774c9b8764e300fc813ec5a8
SHA-1: fe41085ba4a39fd3a87ce40a3cbf5ce8c624d041
Created: 3/12/2013 5:30:08 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\class\load\xs\xs.dll
Publisher:
MD5: 10c68c94bdc9f61ee8baf96e3f6740db
SHA-1: def0efb4963d46dd30950e607349c3e941c8287c
Created: 3/12/2013 5:22:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\clone\clone.dll
Publisher:
MD5: c254a5de662ed6640095056ddcc8658d
SHA-1: 7b3ed717697510151e22ad091cd47a8cf9f22ebe
Created: 3/12/2013 5:31:42 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\compress\bzip2\bzip2.dll
Publisher:
MD5: 962592b43aff5f30dccfbd6f34d18635
SHA-1: c0dbba6cdf44b305b52029cbd1cb326414f64eb5
Created: 3/12/2013 5:12:02 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\compress\raw\lzma\lzma.dll
Publisher:
MD5: 64f62111a26f14d02497cfc2640339be
SHA-1: f3cf8034e5fe4d2233730891e102d28f9d034e30
Created: 3/12/2013 4:36:58 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\crypt\blowfish\blowfish.dll
Publisher:
MD5: 920c83c29c480ab4657707346dbac361
SHA-1: 43d5e48da82944aafd3ff59fb4cf147192c74ff9
Created: 3/12/2013 4:48:14 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\crypt\des\des.dll
Publisher:
MD5: b5e9978a9e595a663385218f24db1019
SHA-1: 820cf20b1874fc1167f63b4fc92f82bc5cbadf15
Created: 3/12/2013 4:48:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\crypt\idea\idea.dll
Publisher:
MD5: f89f4db236400b9616187f4e491b26ae
SHA-1: 806184c9bb18add9968de141ac6d205b1cab0009
Created: 3/12/2013 4:48:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\crypt\rijndael\rijndael.dll
Publisher:
MD5: f43ada08ad82be9158a11d0ac52d4d29
SHA-1: f4c6c971deb539a92f15305594341ba83c683c10
Created: 3/12/2013 4:52:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\crypt\ripemd160\ripemd160.dll
Publisher:
MD5: 2bf0948e50314ec085784eaccfc31ac0
SHA-1: 6119e4d0b0141cf95be333ab4613789516cc676f
Created: 3/12/2013 4:50:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\crypt\ssleay\ssleay.dll
Publisher:
MD5: 40cf0bcdb93a36577ad0a420e4cc86a1
SHA-1: f222bc31148ff9b24ee9c914e1cf30844ac1f749
Created: 3/12/2013 4:58:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\crypt\twofish\twofish.dll
Publisher:
MD5: bea62bfc6da153032984b05b1a641d96
SHA-1: 037581fcaf6cb2d8b22a3e64da361b1f459df316
Created: 3/12/2013 4:52:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\datetime\datetime.dll
Publisher:
MD5: f429f4bba8f35943ec2a671eb46be696
SHA-1: 3ee9d52c40a05096cb839b259d3156c68d934ab0
Created: 3/12/2013 5:28:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\dbd\mysql\mysql.dll
Publisher:
MD5: 2b4ca0a7f54db225730ef2e26caae0e5
SHA-1: 2e103c0cd7c9b4019ef79f0ddd7d371d99b7f67b
Created: 3/12/2013 4:43:32 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\dbd\odbc\odbc.dll
Publisher:
MD5: 02ffb0044bf6ebd6efec1907ce40ded4
SHA-1: e1b3fb63768988a228192d2bca676e4ce49d2fc7
Created: 3/12/2013 4:41:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\dbd\pg\pg.dll
Publisher:
MD5: b949c90ee289c3ac0dc1524f5e8a1c4b
SHA-1: 1a0b993ff6b08357654345b18b4b0e553d26a779
Created: 3/12/2013 4:42:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\dbi\dbi.dll
Publisher:
MD5: 67311ae534d96c17dd2484fd3bbb7bdf
SHA-1: 9168c6355ffee22a398b564b7c429d0883ed6832
Created: 3/12/2013 4:40:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\devel\declare\declare.dll
Publisher:
MD5: b66721f9d72f495d5c4d91068d784145
SHA-1: de130ef37a28b87ea94833a0b87b78b371a1cff9
Created: 3/12/2013 5:30:16 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\digest\md2\md2.dll
Publisher:
MD5: eb7a78b1b4e15cad6a389033b15663e6
SHA-1: d2d2619df8cc6a89229738f5f4b06e57bbd33ed4
Created: 3/12/2013 4:51:34 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\digest\sha1\sha1.dll
Publisher:
MD5: aa3068daeb50be305ae7d749245946a5
SHA-1: 824045536fe33a97baceb2f826d4cf1c5f3dd97b
Created: 3/12/2013 4:49:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\gd\gd.dll
Publisher:
MD5: 0cb4f7e7044ef2f257ddb7e000a2d107
SHA-1: dcaac50ed342b0c61bba104fb75444512c35ed51
Created: 3/12/2013 5:02:32 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\html\parser\parser.dll
Publisher:
MD5: 59ec0dfcfb53a091c1213123fcefd9df
SHA-1: 57f61be4f634db49a6cb827d8fdfc36c6de3503a
Created: 3/12/2013 4:53:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\imager.dll
Publisher:
MD5: 4fb616d985baf11217ae9c443374a5d9
SHA-1: bc5882539089c0b488a10e921cbc7ebcc8f8fb80
Created: 3/12/2013 5:03:56 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\countcolor\countcolor.dll
Publisher:
MD5: 0cb8bd7ba210384e437b337b665c5bfc
SHA-1: 6a223e5ce4dacefd757b3a19351a887e3f4418fe
Created: 3/12/2013 5:02:54 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\file\gif\gif.dll
Publisher:
MD5: 658f3b4fbbefc360638d8caf389ad9aa
SHA-1: b5afdcea155ea2338e35423244e8930342901937
Created: 3/12/2013 5:03:08 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\file\ico\ico.dll
Publisher:
MD5: 10396288be9e60cc1d492a40f7aa4be8
SHA-1: d6747009683c9a3fa880a9da75ed544e4de6911a
Created: 3/12/2013 5:03:10 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\file\jpeg\jpeg.dll
Publisher:
MD5: ee6bced9501f389228eaa27d8fe3b8dd
SHA-1: 2238aa489b674d3fd456cdf6a6225de3f5c83bb7
Created: 3/12/2013 5:03:14 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\file\png\png.dll
Publisher:
MD5: 70a39fe2154a9b4f855cbda4591eaa0b
SHA-1: 7c144a4adf5c4cd4bbbf65ec3b5b1c9eb916fd05
Created: 3/12/2013 5:03:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\file\sgi\sgi.dll
Publisher:
MD5: 214afa7916bd3e06fc0b6537944e3a55
SHA-1: 8c45169fbfbba2ae13f39dfd9914f47e3733bd6a
Created: 3/12/2013 5:03:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\file\tiff\tiff.dll
Publisher:
MD5: 84525f5ba105ebd38d9b6d170533c32a
SHA-1: ab59fa32a71e9434576081fe718ad339bb0f25de
Created: 3/12/2013 5:03:30 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\filter\dyntest\dyntest.dll
Publisher:
MD5: e223fef079a1cfdf84dd7b69e1c7c942
SHA-1: 3e7666df76ac98928dfd09f15ff3930a020f0c8a
Created: 3/12/2013 5:02:56 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\filter\flines\flines.dll
Publisher:
MD5: 792ba53314de61795d4e25120d1d3dc2
SHA-1: cb65dbc56277df65352fbbf59d62d5bdf8c9090f
Created: 3/12/2013 5:03:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\filter\mandelbrot\mandelbrot.dll
Publisher:
MD5: 418e3845348b9d59e01d18ee455aa754
SHA-1: 52c05eedc1467edcbb4f0305a5c094a2a2842887
Created: 3/12/2013 5:03:18 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\font\ft2\ft2.dll
Publisher:
MD5: 9894705f42d17923235087b161e7ae78
SHA-1: 033ebd710023cf94e383c11acabefda64da619ef
Created: 3/12/2013 5:03:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\font\t1\t1.dll
Publisher:
MD5: 330f511ce9a96c11c62eab6e67b79959
SHA-1: 24d5bb905150f91d7861a59b62191e2077b07191
Created: 3/12/2013 5:03:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\imager\font\w32\w32.dll
Publisher:
MD5: dac8c0d99beac161fcfe8c0344f26617
SHA-1: db58b5c88300aa710e6d686feb15928cfb24971b
Created: 3/12/2013 5:03:34 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\json\xs\xs.dll
Publisher:
MD5: cfea5c189b5ed661662c63ba8303ac8e
SHA-1: 0f49d2d6064b458e07533afd43f42ef5f477aa04
Created: 3/12/2013 5:07:36 PM
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
- Rising Antivirus as Trojan.Win32.Generic.149FB16F (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\list\moreutils\moreutils.dll
Publisher:
MD5: f5c52d0f39bf90cd843606ebb0356695
SHA-1: 74b7234d1df75911da3dbce979e7ec68b243b43e
Created: 3/12/2013 5:19:34 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\math\bigint\gmp\gmp.dll
Publisher:
MD5: c425452bd95c8aba2a5fcf18d68537d5
SHA-1: 58a8c98ce947056a755a8d75dc7684a799a8cec4
Created: 3/12/2013 4:44:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\math\gmp\gmp.dll
Publisher:
MD5: 21407f3829bd3df9eb22b9efdb01647b
SHA-1: 609e71fc1cf63fc6eb78ddba9f772aed93af25da
Created: 3/12/2013 4:44:54 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\math\int64\int64.dll
Publisher:
MD5: ecdceba9ea7ad3096bdb38c02ed422b7
SHA-1: d02d03101e18fde421c419f2ae76e97fc0dc9381
Created: 3/12/2013 4:59:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\math\mpc\mpc.dll
Publisher:
MD5: b00b79b38313852a7171e2cb3c864d78
SHA-1: 2da9579cc9075054393059ce4936cf92dd2b21fb
Created: 3/12/2013 4:45:42 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\moose\moose.dll
Publisher:
MD5: d767015d959e4de95593e4888ca8f476
SHA-1: 0d89ac7bb86820a62d2827c2aa609dfc10e90277
Created: 3/12/2013 5:23:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\net\ssh2\ssh2.dll
Publisher:
MD5: 437c0b350fbfda5d48ffcb7593706ec5
SHA-1: 5a48e381267085c76d19f8d11c22d32a5d400b8a
Created: 3/12/2013 4:59:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\net\ssleay\ssleay.dll
Publisher:
MD5: 41fa69d7e60eca2965150a2844db8045
SHA-1: 7e4ba597ba013732d20e5b0803c6ea6fd6c3c298
Created: 3/12/2013 4:57:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\package\stash\xs\xs.dll
Publisher:
MD5: c40e078e66dec1864cce0d9487d21dc8
SHA-1: 9bf2c43102389cbafa9ddc8431541f70f75a762b
Created: 3/12/2013 5:20:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\params\util\util.dll
Publisher:
MD5: bdb15088c221a71987129c38d593de71
SHA-1: 37b0f44d93c53fba2c2d9dabd15c7b3029aca0ee
Created: 3/12/2013 5:13:26 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\share\dist\alien-tidyp\v1.4.7\bin\tidyp.exe
Publisher:
MD5: b3f21fbf4577364ab8871c27f742af2f
SHA-1: aea718dde942511deb173c0289870b6ac42221ec
Created: 3/12/2013 5:17:30 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\socket6\socket6.dll
Publisher:
MD5: 27ec69f9433000265ed4ffa3612b7a17
SHA-1: ca661aaeaf7671f6c19d2cdaedcd81c5b4594f81
Created: 3/12/2013 5:36:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\string\crc32\crc32.dll
Publisher:
MD5: 90ac9e7a12b57ac8bf9dcec77c1c6b66
SHA-1: d4d1610e2632a164c64a12ccb2a2c59516d97623
Created: 3/12/2013 5:18:16 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\sub\name\name.dll
Publisher:
MD5: 9ce8032d2f11f24f676d8e5c2a4ab18a
SHA-1: 4283e351bea5c54ae53c7b23fbecfc189e76552b
Created: 3/12/2013 5:22:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\template\stash\xs\xs.dll
Publisher:
MD5: 8caa75c8120b2ea299baec2b7b584ff1
SHA-1: 70bb30e5ee9ceee29f336d98dd353903c3468c7f
Created: 3/12/2013 5:39:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\term\readkey\readkey.dll
Publisher:
MD5: 609e396f14792962ef71dee9e60e9adc
SHA-1: 34574e74d40857c490227938142c7a361e1270fb
Created: 3/12/2013 4:36:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\variable\magic\magic.dll
Publisher:
MD5: 284f91e50cebe03abe3b5ce1f4ef614a
SHA-1: 5ba863d74143dafbd14401974aec3600403bf73b
Created: 3/12/2013 5:26:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\api\callback\callback.dll
Publisher:
MD5: 4f3c304f3a6f9d4e8e90bf113eba9548
SHA-1: b608e5224d2867e9498c9aa716a2cf1a1743124a
Created: 3/12/2013 4:59:54 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\eventlog\eventlog.dll
Publisher:
MD5: 3296a6b39a35330f1734a79b20b89fde
SHA-1: e0adcb8167492d958e87715eb5deb6423803af20
Created: 3/12/2013 5:00:10 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\exe\insertresourcesection\insertresourcesection.dll
Publisher:
MD5: b53423ec22bd0f1f7e479346b3f91584
SHA-1: 0dbd5554f56661d6a48c1d4b9d69288683bc6f3b
Created: 3/12/2013 5:01:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\file\file.dll
Publisher:
MD5: 64cae9fff029e9de17987a998940ed82
SHA-1: 324f32f40d8755d5548d1c27304098ab3af7e479
Created: 3/12/2013 5:02:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\ole\ole.dll
Publisher:
MD5: 1f095db867ca13e222d0e4e52f78a3d7
SHA-1: a59617a147ae6149b470a61b0e243dd6a095b783
Created: 3/12/2013 4:43:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\pipe\pipe.dll
Publisher:
MD5: b9bb9693cb76796e786bea1d70ee8688
SHA-1: aec6b13d42af301e13a99c1a10d22cd1ed8d15c9
Created: 3/12/2013 5:21:12 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\process\process.dll
Publisher:
MD5: a508c0c373b88abf1509c5253ebc0331
SHA-1: 051eacdf340017d204dacab4fe389c8a307cf0b6
Created: 3/12/2013 4:55:06 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\utcfiletime\utcfiletime.dll
Publisher:
MD5: d86b53c0f5e5f5715b4ccf721a6343a3
SHA-1: 564b5c09fadd64e89dffa7bcecd74e2e81bb259f
Created: 3/12/2013 5:02:14 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32\winerror\winerror.dll
Publisher:
MD5: 21ee0b2789db0b31b5d76a8c0169021d
SHA-1: fb2c1508d39b3309b1bf9c70d9dbca5dabbb426a
Created: 3/12/2013 5:01:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\win32api\registry\registry.dll
Publisher:
MD5: fc0946bb67b477ed4119aaf1c551a91c
SHA-1: 83b491712146b1266dcf4475305b57a369a430a1
Created: 3/12/2013 4:59:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\xml\libxml\libxml.dll
Publisher:
MD5: 4ced12f280b18912360c2d6d0977d8b2
SHA-1: 49babef456c0627f5f6d2a9ea472b6c283939efb
Created: 3/12/2013 5:05:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\xml\libxslt\libxslt.xs.dll
Publisher:
MD5: 2bc21fbaa12ebdb1641fd7ebe3bdf9ad
SHA-1: a51de53e8607b855f56edcb5487a7b159fd36faa
Created: 3/12/2013 5:06:22 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\xml\parser\expat\expat.dll
Publisher:
MD5: 5402d13c09516683abe6c4147af0f354
SHA-1: f27a735421f9450080f6663e7f712e94705d4bcd
Created: 3/12/2013 5:00:30 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\yaml\syck\syck.dll
Publisher:
MD5: 455776099a4beeaf120022d4e87689bb
SHA-1: 3c3c09d25c8e876eab6683f76ca414df0ef5beb9
Created: 3/12/2013 5:08:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\perl\vendor\lib\auto\yaml\xs\libyaml\libyaml.dll
Publisher:
MD5: b3f5e8ad8b5e042aead4be3f2d84bb35
SHA-1: 7183772019f7e1999f15c1f7f366f411f4bea08c
Created: 3/12/2013 5:08:22 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\php\libenchant_ispell.dll
Publisher:
MD5: 02386bac8a64953316bcd4817289d35e
SHA-1: 6a1074c99549b08da3c2d7b3607e5dba01651142
Created: 8/21/2013 3:04:54 AM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\php\libenchant_myspell.dll
Publisher:
MD5: 3702745fd9589a5e25837315affa5f02
SHA-1: e3724bad034bcdfcbea06faf77ada6347d78f5da
Created: 8/21/2013 3:04:54 AM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\dsl-win-v365\dsl-win-v365\libs\xampplite\php\extras\openssl\openssl.exe
Publisher:
MD5: 6303df50210416bbdb603b32e0f9e46a
SHA-1: 02235a921c2aac74fc9ac7c7e37692c4c56741cc
Created: 4/16/2012 7:30:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Stranact (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\old downloads\fotomatic-setup.exe
Publisher: Cybia                                                       
MD5: 78e8413cadf3c68f7359f03bb236ecd7
SHA-1: 083425a35c3dc05c4d01d780d50b0614d95fa1f9
Created: 11/2/2014 10:14:08 AM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as AdWare.Win32.Agent!O (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\downloads\old downloads\theworks-setup.exe
Publisher: Cybia                                                       
MD5: 8388d21f1659866628a2361de969e1b5
SHA-1: 63d8bd3edde06263f2c2354aba57b54b9e785b1b
Created: 11/2/2014 10:14:55 AM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as AdWare.Win32.Agent!O (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\desktop\frst64 (1).exe
Publisher: Farbar
MD5: f58676de827dd9a5f3a44a698e8b4663
SHA-1: bc7834bdbca38477a8ccf4a3027487f8e18f6170
Created: 4/5/2015 10:05:15 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\desktop\herdprotectscan_portable.exe
Publisher: Reason Company Software Inc.
Signer: Reason Software Company Inc.
MD5: e8cd7d40ac25ab4e28df71ccb55b0579
SHA-1: ec3e8de5acaa62fc56f2f062847c00342116466d
Created: 4/7/2015 3:48:17 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.ArcadeWeb!6.727 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\syswow64\iglhsip32.dll
Publisher: Intel Corporation
MD5: 9b53cd10412f905d3391f530415dd7c8
SHA-1: d52456fc82acc6f7ad4b88ae86c5f55354d4d4b9
Created: 3/25/2011 5:28:22 PM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as JS:Exploit.BlackHole.HB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\syswow64\iscsicpl.dll
Publisher: Microsoft Corporation
MD5: f945adcef203e6104aec8ec9c337cfd0
SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created: 7/13/2009 7:46:13 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoA (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\application data\hp\installer\temp\hpzscr40.exe
Publisher: Hewlett-Packard
Signer: Hewlett Packard
MD5: 34fa6630b2e3ef62254ac4c5d5dafe65
SHA-1: 91e6aad6a0c72793eb334bd50bc5f029da8f26a6
Created: 4/7/2015 3:36:43 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Win32/Virut.bn
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\application data\temp\{01fb4998-33c4-4431-85ed-079e3eefe75d}\postbuild.exe
Publisher:
MD5: 11b0c4f03d271213ff01fe2a81bc7c6a
SHA-1: 03dd1973f24b6085a24487291876297ccd3e24d9
Created: 6/21/2014 4:27:18 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\hp\installer\temp\hpzscr40.exe
Publisher: Hewlett-Packard
Signer: Hewlett Packard
MD5: 34fa6630b2e3ef62254ac4c5d5dafe65
SHA-1: 91e6aad6a0c72793eb334bd50bc5f029da8f26a6
Created: 4/7/2015 3:36:43 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Win32/Virut.bn
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\temp\{01fb4998-33c4-4431-85ed-079e3eefe75d}\postbuild.exe
Publisher:
MD5: 11b0c4f03d271213ff01fe2a81bc7c6a
SHA-1: 03dd1973f24b6085a24487291876297ccd3e24d9
Created: 6/21/2014 4:27:18 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\psart.dll
Publisher: Adobe Systems, Incorporated
MD5: b2671f2ace3ecf8284e4ecdf972692c3
SHA-1: a1dfb82b1316c13099325be31cd22e8ea163f5a8
Created: 3/22/2005 4:48:16 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Stranfom (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\adobe bridge\browser\es262-32.dll
Publisher: Opera Software ASA
MD5: 20fe85c42cfe193cd41d4fc447d9b301
SHA-1: 068fe84436d4ce5935004b9a78c0da2ae7056779
Created: 3/24/2005 2:54:16 PM
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Packed.ASPack
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\adobe help center\browser\ouniansi.dll
Publisher:
MD5: 24aadd77ec18a865f15a0d8b7bcd6b63
SHA-1: 3bd26bd9bff56f0f8c33e5d9cbeae531c0c388de
Created: 3/15/2005 9:24:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Packed.ASPack
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\constrain 350, make jpg 30.exe
Publisher: Adobe Systems, Inc.
MD5: 5781ab3c6f99151f5ab92dba25b7a937
SHA-1: ef559bd2f7ba7417e17a5f50e70000c6430bfae5
Created: 6/11/2003 5:24:08 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\constrain to 200x200 pixels.exe
Publisher: Adobe Systems, Inc.
MD5: 135566f6de36f7dcfd3fcea507fb5f52
SHA-1: ab1eac69cf0638e9d991d4337e9eaf04d3e7134a
Created: 6/11/2003 5:25:50 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\constrain to 64x64 pixels.exe
Publisher: Adobe Systems, Inc.
MD5: 17a149ae9bc497af46ebc3e23152ca2d
SHA-1: 740ce611365a014980061d0da6406c2e12eaa249
Created: 6/11/2003 5:24:02 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\make button.exe
Publisher: Adobe Systems, Inc.
MD5: 0f37877a1f7ef4c64eff8b9243ff5c6f
SHA-1: 33ab5531fafd403eb16930868331e4df11148883
Created: 6/11/2003 5:25:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\make gif (128 colors).exe
Publisher: Adobe Systems, Inc.
MD5: 8561a4c086eb6d9a3f923baeedf97777
SHA-1: 5108003f72a5c6fd0bc039bcf472b596d18f05e2
Created: 6/11/2003 5:25:32 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\make gif (32, no dither).exe
Publisher: Adobe Systems, Inc.
MD5: 6f993f4d390e14a86bf8366e8e94afee
SHA-1: 27ee4a66ac200922a0d1ad679cfd259c9b5665c9
Created: 6/11/2003 5:25:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\make gif (64 colors).exe
Publisher: Adobe Systems, Inc.
MD5: 98091e4c9e9e88a95f4a60ea42cf3d24
SHA-1: 4937ff48c9be196464cd9dc47e7ae6538d712e8b
Created: 6/11/2003 5:25:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\make jpeg (quality 10).exe
Publisher: Adobe Systems, Inc.
MD5: 013a41f5e0914430c2e2d6637141d3ff
SHA-1: 8c8b09215989e638d4ecd604a9ede1b687a4a2df
Created: 6/11/2003 5:25:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\make jpeg (quality 30).exe
Publisher: Adobe Systems, Inc.
MD5: c120bc417d2bb59d91ed8c844ea24513
SHA-1: 0f545d3819b3b9e1361bab26d3934f00d984288c
Created: 6/11/2003 5:25:04 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\make jpeg (quality 60).exe
Publisher: Adobe Systems, Inc.
MD5: 2a0a484b6781a5caabaff303e142ca04
SHA-1: a90c113054710ce4379d1dff30fd73a76a500bf0
Created: 6/11/2003 5:25:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\metal slide thumbnail.exe
Publisher: Adobe Systems, Inc.
MD5: c8d0d4d2170af4224ad2829c3b5358f6
SHA-1: 86a67730e57721724a4ad687d4ae43942d792d6e
Created: 7/18/2003 10:32:30 AM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\multi-size save.exe
Publisher: Adobe Systems, Inc.
MD5: 57d8e48ce195cd1bcf5c87c045f9a726
SHA-1: 5eee3d7a578e27e04f9a4c79e40db60b5dc22bbb
Created: 6/11/2003 5:24:52 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\rounded rect thumbnail.exe
Publisher: Adobe Systems, Inc.
MD5: b15ed2c7f677c99f6e44bd6dc7e8a0d8
SHA-1: 27c2b05d061c4f363d5f350a7da4697d3c9ceec7
Created: 6/11/2003 5:24:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\slide thumbnail.exe
Publisher: Adobe Systems, Inc.
MD5: a396669ecaeb8f883c3b5ef04e457e36
SHA-1: ff6647ba316fe9e35897343215a15a48446a5831
Created: 7/18/2003 10:32:42 AM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\imageready droplets\unsharp mask.exe
Publisher: Adobe Systems, Inc.
MD5: e8db4c793414ac825badf478ddfcd731
SHA-1: bbb7ec1aeea4f9273ac3295f09186c9eebf96bc0
Created: 6/11/2003 5:24:30 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Downloader.Boltolog.ldg (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\photoshop droplets\constrain to 64 pixels.exe
Publisher: Adobe Systems, Incorporated
MD5: 133c48ca0626ed6bc7e2f7ed1906fe22
SHA-1: 4fc6bfcbbb259f87996f3ceeb30ef0b3dede4137
Created: 11/16/2004 12:43:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\photoshop droplets\drop shadow frame.exe
Publisher: Adobe Systems, Incorporated
MD5: a67d4f141c89af3643583e9bbebe5ec6
SHA-1: 659a807f7c791a4edbac69b25f004f6b0457b3e2
Created: 11/16/2004 12:43:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\photoshop droplets\make button.exe
Publisher: Adobe Systems, Incorporated
MD5: b1e48203d3b500a92d56fa2ba75ae3fd
SHA-1: 2cf023b0ac771c1f42fbc50c0456841af097056d
Created: 11/16/2004 12:43:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\adobe\samples\droplets\photoshop droplets\save as jpeg medium.exe
Publisher: Adobe Systems, Incorporated
MD5: 9b1df1c2835364001270d021f203c2ba
SHA-1: 03c58f5521e75e3acaf262b829eb62d375457406
Created: 11/16/2004 12:43:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\auto fx software\auto fx free\afx.exe
Publisher: Auto FX Software
MD5: 9b8eeb14f03409139a80ec18d72018bf
SHA-1: 072ababc6febae7075b2b1f7abcca138a2039e5b
Created: 10/24/2013 10:54:46 AM
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
- McAfee Web Gateway as Heuristic.LooksLike.Win32.Suspicious.R (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\common files\adobe\calibration\adobe gamma loader.exe
Publisher: Adobe Systems, Inc.
MD5: c2ff17734176cd15221c10044ef0ba1a
SHA-1: c5b97dcd1ef1dd4a0fb5d7ce13e85fe1820cef47
Created: 3/16/2005 8:16:50 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Startup.AdobeSystems.S
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\common files\adobe\updater\adobeupdater.exe
Publisher: Adobe Systems Incorporated
MD5: af82432702ab794ff778276f20c1e920
SHA-1: 64594c82f30cb4eeaacfb62025b2064cf2567d6f
Created: 3/16/2005 8:16:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.AdobeSystemsorporated.M
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\hp\digital imaging\bin\hposvc08.exe
Publisher: Hewlett-Packard Co.
MD5: ec5038bcfe6deb725c503be5bca139aa
SHA-1: cc24ba91892f58e1db92436df457ce26a5ab3ef9
Created: 10/13/2009 12:48:20 AM
Detections: 1
Determination: Ignore detections (false positive)
- AVG as Generic25 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\hp\digital imaging\{e11448f2-0b44-4239-b04e-d88fe743e929}\setup\hpzscr40.exe
Publisher: Hewlett-Packard
Signer: Hewlett Packard
MD5: 34fa6630b2e3ef62254ac4c5d5dafe65
SHA-1: 91e6aad6a0c72793eb334bd50bc5f029da8f26a6
Created: 7/24/2014 1:42:18 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Win32/Virut.bn
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\lenovo\energycut\wdreg.exe
Publisher:
MD5: 1040f710f60ff633655ccaa23e6719a5
SHA-1: 5cc6d39e70043e870765a4272d1a0909b5e814e3
Created: 3/13/2015 8:43:02 AM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Agent.gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\security task manager\sqlite3.dll
Publisher:
MD5: da991d435930f6adc5c570e2284f73f6
SHA-1: d10ec559487a3db7f5073e54daa21a81f270b529
Created: 3/27/2015 10:25:40 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\wise\wise registry cleaner\liveupdate.dll
Publisher: WiseCleaner.com
Signer: Lespeed Technology Ltd.
MD5: 6037a05dd63e4b8c03596197279d3d30
SHA-1: 0f8c9a4c4930e6e1d0f8c78f6d241380204da742
Created: 12/28/2014 7:51:22 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.LespeedTechnology.K (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\wise\wise registry cleaner\unins000.exe
Publisher:
Signer: Lespeed Technology Ltd.
MD5: a7ad059307cb4f2b9784fee589157bae
SHA-1: 2f2c7a0bc488cc50667abb389bd2ce8764905a96
Created: 12/28/2014 7:51:22 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.Installer.LespeedTechnology.I (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\wise\wise registry cleaner\wiseregcleaner.exe
Publisher: WiseCleaner.com
Signer: Lespeed Technology Ltd.
MD5: fd58652f74a1d0fea3bde80a2351368f
SHA-1: f5f05e9340a3b8bfc05985868c2be9592a7b083d
Created: 12/28/2014 7:51:22 PM
Detections: 2
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.LespeedTechnology.O (Adware)
- Emsisoft Anti-Malware as Gen:Trojan.Heur.Oq0@uqjKLLd (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\cathryn\appdata\local\google\chrome\user data\default\extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.23_0\lib\md5-min.js
Publisher:
MD5: dedd633663392ea1cd04f0c3f30d46cf
SHA-1: 3734d0d0f8635fac3adba33b585c35faaa09ec40
Created: 3/18/2015 4:43:50 AM
Detections: 1
Determination: Inconclusive
- Dr.Web as JS.Siggen.243 (Undefined)


#10 tchuckdonny

tchuckdonny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 07 April 2015 - 06:49 PM

I found this link from herdprotect for the last entry. https://www.herdprotect.com/manifest.json-83779120c52162050554d3f60fa544d41341c2f0.aspx 

 

I do have SEOquake for Chrome and it looks like that is what it's from.  Everything else looks fine to me. 



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 AM

Posted 09 April 2015 - 09:40 AM

Everything else looks fine to me.


To me too.
I don't see any indication for a keylogger or RAT in your logs. However, if you want to be absolutely sure, you must reinstall the operating system.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 AM

Posted 12 April 2015 - 04:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users