Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unico rogue browser, i-cinema and others infected this machine - have they gone?


  • This topic is locked This topic is locked
2 replies to this topic

#1 trentham666

trentham666

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 01 May 2015 - 05:09 AM

I've been working on this laptop which had a number of infections removed by malwarebytes anti-malware.  Having got it to what I thought was a clean state, on startup the Chrome default browser was replaced by unico browser and various ad-related things kept happening.  On inspection I found that i-cinema was installed as well as a number of other programs which seem to have been installed there and then.

 

All these uninstalled using the control panel uninstall mechanism but I don't trust it and would be grateful if an expert could look over the logs and see what bits remain as I suspect there will still be stuff lurking!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Ralph (administrator) on RALPH-PC on 01-05-2015 10:57:14
Running from C:\Users\Ralph\Downloads
Loaded Profiles: Ralph (Available profiles: Ralph & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Hefei Hejunzhengce Info Tech Co., Ltd.) C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1956592371-2019347335-3144278246-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1956592371-2019347335-3144278246-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
Startup: C:\Users\Administrator.Ralph-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-06-11]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-30]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{070860dd-1586-9413-0708-860dd1588374}\hqghumeaylnlf.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1956592371-2019347335-3144278246-1000] => http=127.0.0.1:49598;https=127.0.0.1:49598
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1956592371-2019347335-3144278246-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-03-05]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR HKU\S-1-5-21-1956592371-2019347335-3144278246-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaoiagmlcohkmjodefppbmpjdiocmh] - C:\Users\Ralph\AppData\Local\APN\GoogleCRXs\aaaaoiagmlcohkmjodefppbmpjdiocmh_7.15.15.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.)
S3 IEEtwCollectorService; C:\windows\system32\IEEtwCollector.exe [111616 2014-03-01] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
R2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-15] (Hefei Hejunzhengce Info Tech Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 bodocifu; C:\Users\Ralph\AppData\Roaming\4AB0F996-1430144998-E111-829C-B888E3400972\jnsc4B3.tmp [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
S2 jyqyculo; C:\Users\Ralph\AppData\Roaming\4AB0F996-1429440023-E111-829C-B888E3400972\jnsj7954.tmp [X]
S2 nuxodiru; C:\Users\Ralph\AppData\Roaming\4AB0F996-1429440023-E111-829C-B888E3400972\nsuCAC9.tmp [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-19] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-01 10:57 - 2015-05-01 10:57 - 00019391 _____ () C:\Users\Ralph\Downloads\FRST.txt
2015-05-01 10:56 - 2015-05-01 10:57 - 00000000 ____D () C:\FRST
2015-05-01 10:56 - 2015-05-01 10:56 - 02101248 _____ (Farbar) C:\Users\Ralph\Downloads\FRST64.exe
2015-04-30 19:33 - 2015-04-30 19:40 - 00002156 _____ () C:\Users\Ralph\Desktop\chrome.lnk
2015-04-30 19:22 - 2015-05-01 10:49 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-30 19:22 - 2015-04-30 19:27 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-30 19:22 - 2015-04-30 19:22 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-04-30 19:22 - 2015-04-30 19:22 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-04-30 19:22 - 2015-04-30 19:22 - 00000000 ____D () C:\Users\Ralph\AppData\Local\globalUpdate
2015-04-30 19:21 - 2015-04-30 19:21 - 00003164 _____ () C:\Windows\System32\Tasks\Run_Browser
2015-04-30 19:20 - 2015-04-30 19:21 - 00008368 _____ () C:\claraInstaller.txt
2015-04-30 19:20 - 2015-04-30 19:20 - 00000000 ____D () C:\ProgramData\89349d54000044bc
2015-04-30 19:19 - 2015-04-30 19:19 - 00004324 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2015-04-30 19:19 - 2015-04-30 19:19 - 00003538 _____ () C:\Windows\System32\Tasks\RocketTab
2015-04-30 19:19 - 2015-04-30 19:19 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2015-04-30 19:09 - 2015-04-30 19:09 - 00000000 ____D () C:\ProgramData\{070860dd-1586-9413-0708-860dd1588374}
2015-04-29 20:26 - 2015-04-29 20:26 - 00000000 ____D () C:\Users\Ralph\Desktop\Lynne
2015-04-29 18:09 - 2015-04-29 18:16 - 00000000 ____D () C:\AdwCleaner
2015-04-28 22:01 - 2015-04-29 06:02 - 00000000 ____D () C:\Users\Ralph\AppData\Local\Microsoft Games
2015-04-27 15:34 - 2015-04-27 15:34 - 00000000 ____D () C:\Users\Ralph\AppData\Local\4AB0F996-1430148842-E111-829C-B888E3400972
2015-04-27 12:39 - 2015-04-27 12:39 - 00000000 ____D () C:\Users\Ralph\Documents\DreamVideoSoft
2015-04-27 11:38 - 2015-04-27 11:38 - 00001065 _____ () C:\MalScan270415.txt
2015-04-27 11:26 - 2015-04-27 11:26 - 00613255 _____ (CMI Limited) C:\Users\Ralph\AppData\Local\nsrE8ED.tmp
2015-04-27 11:25 - 2015-04-29 17:31 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-27 11:25 - 2015-04-27 11:25 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-27 11:24 - 2015-04-27 12:39 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Local Temperature
2015-04-27 10:48 - 2015-04-27 10:48 - 00000000 ____D () C:\Users\Ralph\AppData\Local\Samsung
2015-04-27 10:48 - 2015-04-27 10:48 - 00000000 ____D () C:\Users\Ralph\AppData\Local\Cyberlink
2015-04-26 18:20 - 2015-04-28 21:04 - 00001625 _____ () C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-25 15:09 - 2015-04-25 15:09 - 00003152 _____ () C:\Windows\System32\Tasks\{A43F85A2-640A-4E5B-B328-6CB0E2BA4827}
2015-04-25 09:07 - 2015-04-29 20:22 - 00000000 ____D () C:\Users\Ralph\AppData\Local\Google
2015-04-25 09:07 - 2015-04-25 09:07 - 00073120 _____ () C:\Users\Ralph\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-25 09:07 - 2015-04-25 09:07 - 00000000 ____D () C:\Users\Ralph\AppData\Local\VirtualStore
2015-04-25 09:04 - 2015-04-30 18:17 - 00000336 _____ () C:\Windows\Tasks\IUGVR1.job
2015-04-25 09:04 - 2015-04-25 09:04 - 00003558 _____ () C:\Windows\System32\Tasks\AKNOTV
2015-04-25 09:04 - 2015-04-25 09:04 - 00002858 _____ () C:\Windows\System32\Tasks\IUGVR1
2015-04-25 09:04 - 2015-04-25 09:04 - 00000000 ____D () C:\ProgramData\c627139508014d4ea353bca46a83bc6f
2015-04-25 09:04 - 2015-04-25 09:04 - 00000000 ____D () C:\ProgramData\68611d6db0ec4622b5040bdd86bffee8
2015-04-24 21:50 - 2015-05-01 10:49 - 00000992 _____ () C:\Windows\Tasks\Le7EjZVTsr.job
2015-04-24 21:50 - 2015-04-24 21:50 - 00004018 _____ () C:\Windows\System32\Tasks\Le7EjZVTsr
2015-04-24 19:54 - 2015-04-24 19:54 - 00826776 _____ (Software Generic ) C:\Users\Ralph\Downloads\adobe_flash_setup.exe
2015-04-24 19:54 - 2015-04-24 19:54 - 00826776 _____ (Software Generic ) C:\Users\Ralph\Downloads\adobe_flash_setup (1).exe
2015-04-22 10:13 - 2015-04-24 15:24 - 00000057 _____ () C:\momotor.txt
2015-04-22 09:43 - 2015-04-22 09:43 - 00015360 _____ () C:\Users\Ralph\Downloads\Meal rota (2).xls
2015-04-22 09:43 - 2015-04-22 09:43 - 00015360 _____ () C:\Users\Ralph\Downloads\Meal rota (1).xls
2015-04-21 21:00 - 2015-04-21 21:00 - 00003592 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-04-21 20:59 - 2015-05-01 10:49 - 00001336 _____ () C:\Windows\Tasks\QJNFZ.job
2015-04-21 20:59 - 2015-04-24 21:50 - 00004362 _____ () C:\Windows\System32\Tasks\QJNFZ
2015-04-21 20:44 - 2015-04-21 20:44 - 00015360 _____ () C:\Users\Ralph\Downloads\Meal rota.xls
2015-04-20 20:16 - 2015-04-20 20:16 - 00000000 ____D () C:\ProgramData\ZombieNews
2015-04-20 09:11 - 2015-04-24 16:19 - 00000177 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-04-20 09:05 - 2015-04-24 15:42 - 00000045 _____ () C:\user.js
2015-04-20 09:05 - 2015-04-20 09:05 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\Mozilla
2015-04-20 03:39 - 2015-04-20 03:39 - 00000000 ____D () C:\Users\Ralph\Documents\Optimizer Pro
2015-04-20 02:30 - 2015-04-20 09:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-04-20 02:29 - 2015-04-20 20:20 - 00008672 _____ () C:\Windows\SysWOW64\CCLOff.ini
2015-04-20 02:29 - 2015-04-20 20:20 - 00008672 _____ () C:\Windows\system32\CCLOff.ini
2015-04-20 02:29 - 2015-04-16 08:20 - 00341696 _____ (CC Corporation) C:\Windows\SysWOW64\CCL.dll
2015-04-20 02:27 - 2015-04-20 02:27 - 00000000 _____ () C:\Windows\SysWOW64\Number of results
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Ralph\AppData\Roaming\Le7EjZVTsr
2015-04-18 21:48 - 2015-04-18 21:48 - 00003152 _____ () C:\Windows\System32\Tasks\{53616808-3373-4D16-B7BA-1E114ECAEE97}
2015-04-18 21:40 - 2015-04-30 19:22 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-18 21:38 - 2015-04-18 21:38 - 00003558 _____ () C:\Windows\System32\Tasks\KCXOIF
2015-04-18 21:37 - 2015-04-18 21:37 - 00000000 ____D () C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2
2015-04-18 21:37 - 2015-04-18 21:37 - 00000000 ____D () C:\ProgramData\5d027cc9a7cc4294a0da1eb9d4a04143
2015-04-18 21:35 - 2015-04-18 21:35 - 00003984 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-15 12:10 - 2015-04-15 12:10 - 00000972 _____ () C:\Users\Public\Desktop\National Burial Index.lnk
2015-04-15 12:10 - 2015-04-15 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Burial Index
2015-04-15 12:07 - 2015-04-15 12:07 - 00000000 ____D () C:\ProgramData\FFHS
2015-04-15 12:06 - 2015-04-15 12:07 - 00000000 ____D () C:\Program Files (x86)\NBI3
2015-04-14 23:00 - 2015-04-14 23:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 22:33 - 2015-04-14 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-14 20:07 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 20:07 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 20:07 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 20:07 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 20:07 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 20:07 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 20:07 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 20:07 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 20:07 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 20:07 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 20:07 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 20:07 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 20:07 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 20:07 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 20:07 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 20:07 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 20:07 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 20:07 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 20:07 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 20:07 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 20:07 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 20:07 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 20:07 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 20:07 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 20:07 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-14 20:06 - 2015-03-27 04:25 - 01540096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 20:06 - 2015-03-27 04:25 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-04-14 20:06 - 2015-03-27 04:24 - 12298752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 20:06 - 2015-03-27 04:24 - 09064448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 20:06 - 2015-03-27 04:24 - 02469888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 20:06 - 2015-03-27 04:04 - 06030848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 20:06 - 2015-03-27 04:04 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-04-14 20:06 - 2015-03-27 04:03 - 11026944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 20:06 - 2015-03-27 04:03 - 02087936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 20:06 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 20:06 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 20:06 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 20:06 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 20:06 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 20:06 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 20:06 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 20:06 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 20:06 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 20:06 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 20:06 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 20:06 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 20:06 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 20:06 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 20:06 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 20:06 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 20:06 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 20:06 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 20:06 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 20:06 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 20:06 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 20:06 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 20:06 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 20:06 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 20:06 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 20:06 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 20:06 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 20:06 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 20:06 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:06 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:06 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 20:06 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 20:06 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 20:06 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 20:06 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 20:06 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 20:05 - 2015-03-27 04:25 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 20:05 - 2015-03-27 04:25 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 20:05 - 2015-03-27 04:25 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-04-14 20:05 - 2015-03-27 04:24 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-04-14 20:05 - 2015-03-27 04:23 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 20:05 - 2015-03-27 04:23 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 20:05 - 2015-03-27 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 20:05 - 2015-03-27 04:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 20:05 - 2015-03-27 04:04 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 20:05 - 2015-03-27 04:04 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-04-14 20:05 - 2015-03-27 04:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 20:05 - 2015-03-27 04:03 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 20:05 - 2015-03-27 04:03 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 20:05 - 2015-03-27 04:03 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-14 20:05 - 2015-03-27 04:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 20:05 - 2015-03-27 04:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2015-04-14 20:05 - 2015-03-27 04:02 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 20:05 - 2015-03-27 04:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 20:05 - 2015-03-27 04:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-14 20:05 - 2015-03-27 04:02 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-14 20:05 - 2015-03-27 03:46 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 20:05 - 2015-03-27 03:33 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 20:05 - 2015-03-27 03:22 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 20:05 - 2015-03-27 03:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 20:05 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 20:05 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 20:05 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 20:05 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-12 15:02 - 2015-04-12 15:02 - 00008047 _____ () C:\Users\Ralph\Desktop\slogon.odt
2015-04-07 22:50 - 2015-04-07 22:50 - 00880208 _____ (Google Inc.) C:\Users\Ralph\Downloads\ChromeSetup.exe
2015-04-05 21:39 - 2015-04-19 21:44 - 00000000 ____D () C:\SUPERDelete
2015-04-05 21:34 - 2015-04-05 21:35 - 21580064 _____ (SUPERAntiSpyware) C:\Users\Ralph\Downloads\SUPERAntiSpyware.exe
2015-04-05 07:10 - 2015-04-05 07:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 07:09 - 2015-04-05 07:10 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 23:07 - 2015-04-03 23:07 - 00007772 _____ () C:\Users\Ralph\Downloads\generate_204
2015-04-03 22:03 - 2015-04-03 22:03 - 00411333 _____ () C:\Users\Ralph\Downloads\FileDownloaded20Successfully_downloader-Nezf34Jp9.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-01 10:56 - 2013-03-05 15:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 10:53 - 2009-07-14 06:13 - 00782228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 10:50 - 2013-03-05 15:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 10:49 - 2014-05-05 14:14 - 01419201 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 10:49 - 2013-09-09 13:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-30 19:49 - 2014-05-05 15:26 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-04-30 18:50 - 2009-07-14 05:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-30 18:50 - 2009-07-14 05:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 18:39 - 2014-05-04 17:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-30 18:15 - 2010-11-21 04:47 - 00828962 _____ () C:\Windows\PFRO.log
2015-04-30 18:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-30 18:15 - 2009-07-14 05:51 - 04415411 _____ () C:\Windows\setupact.log
2015-04-29 20:17 - 2012-05-28 07:15 - 00000000 ____D () C:\Windows\da
2015-04-29 18:13 - 2014-05-05 13:37 - 00000000 ____D () C:\Users\Ralph
2015-04-28 21:04 - 2014-05-05 14:35 - 00001643 _____ () C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-28 21:04 - 2013-03-05 15:04 - 00001635 _____ () C:\Users\Ralph\Desktop\Internet Explorer.lnk
2015-04-28 20:34 - 2014-05-05 22:28 - 00000000 ____D () C:\Windows\Panther
2015-04-27 15:23 - 2013-03-05 15:19 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-27 10:43 - 2013-09-08 17:30 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\SoftGrid Client
2015-04-26 18:33 - 2012-05-28 07:32 - 00000000 ____D () C:\ProgramData\WildTangent
2015-04-26 18:33 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-26 18:31 - 2013-05-04 22:28 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\WildTangent
2015-04-26 17:59 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 09:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-20 09:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 02:30 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-20 02:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-14 23:00 - 2014-05-15 22:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 23:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-14 22:35 - 2014-05-05 14:42 - 00766630 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 22:33 - 2013-03-09 17:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-14 22:33 - 2013-03-05 15:03 - 00000000 ____D () C:\ProgramData\Skype
2015-04-14 22:32 - 2013-08-14 13:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 22:21 - 2014-05-21 06:30 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-06 11:01 - 2013-03-09 17:08 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2013-03-05 15:19 - 2013-03-05 15:19 - 4126720 _____ () C:\Program Files (x86)\GUT46B1.tmp
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Ralph\AppData\Roaming\Le7EjZVTsr
2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Ralph\AppData\Roaming\QJNFZ
2013-05-01 21:30 - 2013-05-01 21:30 - 0000000 _____ () C:\Users\Ralph\AppData\Roaming\SharedSettings.ccs
2013-08-28 08:01 - 2013-09-06 13:01 - 0000051 _____ () C:\Users\Ralph\AppData\Roaming\WB.CFG
2013-08-28 08:01 - 2013-09-06 13:01 - 0000005 _____ () C:\Users\Ralph\AppData\Roaming\WBPU-TTL.DAT
2015-04-27 11:26 - 2015-04-27 11:26 - 0613255 _____ (CMI Limited) C:\Users\Ralph\AppData\Local\nsrE8ED.tmp
 
Some content of TEMP:
====================
C:\Users\Ralph\AppData\Local\Temp\389.exe
C:\Users\Ralph\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Ralph\AppData\Local\Temp\optprosetup.exe
C:\Users\Ralph\AppData\Local\Temp\Quarantine.exe
C:\Users\Ralph\AppData\Local\Temp\Setup_20528.exe
C:\Users\Ralph\AppData\Local\Temp\sqlite3.dll
C:\Users\Ralph\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ralph\AppData\Local\Temp\System.Data.SQLite6683d844-f450-4214-8f81-9144bdffb8b9.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-25 17:43
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 trentham666

trentham666
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 04 May 2015 - 04:08 AM

Please ignore this request.  My friend has taken his laptop back, though I did manage to remove quite a lot more before it went.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 05 May 2015 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users