Jump to content

scmesser

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I am very happy with Malwarebytes. However, I encountered a problem with spigot which has been around for a number of years. I would think that Malwarebytes would either 1) have their support staff prepared with a ready protocol to clean the problem, or 2) prevent the problem outright! Fortunately, a Forum expert helped me over two days, working through the weekend (many of us do work weekends) to clean spigot from my computer for "free" though I provided a donation, while 2) your tech support made a few attempts, apparently only recognizing what the problem was after some initial scans (though I provided that info upfront). Clean this sort of problem up either proactively or as "viruses" do they will adapt and change making that difficult or impossible, so be prepared by keeping abreast and ensuring your Tech support have efficient protocols ready to know these toxins out. Keep up the overall outstanding work!
  2. MrC. I apologize for the confusion. IE and FFox are running fine. No sign of the hijacker. Thank you again. One of the IT guys came in while FRST was running and ran the zeok program. I did not even realize that I copied and pasted the incorrect log, if I did. Between the work you did and these logs, do you see some toxic lines? Here is the FRST.txt file. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02 Ran by sm1851 (administrator) on MESSER1073 on 26-01-2014 13:01:36 Running from C:\Users\sm1851\Desktop Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe (Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Everything\Everything.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\pcAnywhere\pcaevents.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\pcAnywhere\AwHProbe.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Sysinternals - www.sysinternals.com) C:\Users\sm1851\AppData\Local\Temp\autorun\autorunsc.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe (Sysinternals - www.sysinternals.com) C:\Users\sm1851\Desktop\Utilities\Process Explorer.exe (Sysinternals - www.sysinternals.com) C:\Users\sm1851\AppData\Local\Temp\Process Explorer64.exe (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [32344 2013-09-09] (Microsoft Corporation) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [Everything] - C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] () HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM Group Policy restriction on software: %SystemRoot%\system32\winmine.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\MSN Gaming Zone <====== ATTENTION HKLM Group Policy restriction on software: %SystemRoot%\system32\sol.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Windows NT\Pinball\PINBALL.EXE <====== ATTENTION HKLM Group Policy restriction on software: %SystemRoot%\system32\spider.exe <====== ATTENTION HKLM Group Policy restriction on software: %SystemRoot%\system32\freecell.exe <====== ATTENTION HKLM Group Policy restriction on software: %SystemRoot%\system32\mshearts.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\PCANotify-x32: PCANotify.dll [X] HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKCU\...\Policies\Explorer: [NoAddPrinter] 0 AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [74576 2013-08-21] (Altiris Inc) AppInit_DLLs-x32: AMINIT32.DLL => File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.nova.edu/dana-cached/sc/JuniperSetupClient.cab Tcpip\Parameters: [DhcpNameServer] 137.52.128.11 137.52.10.10 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [310608 2013-11-13] (Symantec Corporation) R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2766160 2013-11-13] (Symantec Corporation) S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [624464 2013-11-13] (Symantec Corporation) R2 awhost32; C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe [798320 2013-03-04] (Symantec Corporation) R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation) R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation) S4 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\ConfigService.exe [271432 2013-09-12] () R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [80448 2013-09-09] (Microsoft Corporation) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-23] (IObit) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-24] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) S2 OracleMTSRecoveryService; C:\Oracle\product\11.2.0\client_1\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation) R2 SCCommService; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe [130048 2013-04-23] (Malwarebytes Corporation) S3 smstsmgr; C:\Windows\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S1 aucsbrnv; C:\Windows\system32\drivers\aucsbrnv.sys [56616 2014-01-25] (Microsoft Corporation) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 awecho; C:\Windows\SysWow64\drivers\awechomd.sys [16432 2013-03-04] (Symantec Corporation) R1 AW_HOST; C:\Windows\SysWow64\drivers\aw_host5.sys [23864 2013-03-04] (Symantec Corporation) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation) R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) S1 ihddttlr; C:\Windows\system32\drivers\ihddttlr.sys [56616 2014-01-26] (Microsoft Corporation) S1 imugeswt; C:\Windows\system32\drivers\imugeswt.sys [56616 2014-01-26] (Microsoft Corporation) S1 ineueikg; C:\Windows\system32\drivers\ineueikg.sys [56616 2014-01-26] (Microsoft Corporation) S1 ivebghmp; C:\Windows\system32\drivers\ivebghmp.sys [56616 2014-01-26] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-01-22] () S1 bnzytjci; \??\C:\Windows\system32\drivers\bnzytjci.sys [x] S1 czaemfar; \??\C:\Windows\system32\drivers\czaemfar.sys [x] S1 frsgaevn; \??\C:\Windows\system32\drivers\frsgaevn.sys [x] S1 hlzqiomo; \??\C:\Windows\system32\drivers\hlzqiomo.sys [x] S1 jgfaztzy; \??\C:\Windows\system32\drivers\jgfaztzy.sys [x] S1 olzytgin; \??\C:\Windows\system32\drivers\olzytgin.sys [x] S1 pgvipjge; \??\C:\Windows\system32\drivers\pgvipjge.sys [x] S1 pwgefpwc; \??\C:\Windows\system32\drivers\pwgefpwc.sys [x] S1 qcpjxmrz; \??\C:\Windows\system32\drivers\qcpjxmrz.sys [x] S1 qfacffiu; \??\C:\Windows\system32\drivers\qfacffiu.sys [x] S1 qfhengin; \??\C:\Windows\system32\drivers\qfhengin.sys [x] S1 rlstjafy; \??\C:\Windows\system32\drivers\rlstjafy.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x] S1 xiiwnasr; \??\C:\Windows\system32\drivers\xiiwnasr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-26 12:52 - 2014-01-26 13:01 - 02078208 _____ (Farbar) C:\Users\sm1851\Desktop\FRST64.exe 2014-01-26 12:49 - 2014-01-26 13:01 - 00015766 _____ C:\Users\sm1851\Desktop\FRST.txt 2014-01-26 12:46 - 2014-01-26 12:46 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64 (1).exe 2014-01-26 12:35 - 2014-01-26 12:35 - 00000000 ____D C:\Program Files (x86)\HiJackThis 2014-01-26 12:20 - 2014-01-26 12:20 - 00000021 _____ C:\folders.log 2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D C:\zoek 2014-01-26 11:47 - 2014-01-26 12:35 - 00085606 _____ C:\zoek-results.log 2014-01-26 11:47 - 2014-01-26 11:47 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ivebghmp.sys 2014-01-26 11:46 - 2014-01-26 12:35 - 00004176 _____ C:\runcheck.txt 2014-01-26 11:46 - 2014-01-26 11:46 - 00003136 _____ C:\Windows\System32\Tasks\{E9988C34-146A-48B2-89EC-833FFF0017D9} 2014-01-26 11:45 - 2014-01-26 12:22 - 00000000 ____D C:\zoek_backup 2014-01-26 11:30 - 2014-01-26 11:30 - 00029901 _____ C:\Users\sm1851\Desktop\Addition.txt 2014-01-26 11:26 - 2014-01-26 11:26 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\imugeswt.sys 2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ineueikg.sys 2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ihddttlr.sys 2014-01-26 11:22 - 2014-01-26 11:25 - 00029901 _____ C:\Users\sm1851\Downloads\Addition.txt 2014-01-26 11:21 - 2014-01-26 12:49 - 00089144 _____ C:\Users\sm1851\Downloads\FRST.txt 2014-01-26 11:21 - 2014-01-26 11:23 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64.exe 2014-01-26 11:16 - 2014-01-26 11:16 - 00000000 ____D C:\FRST 2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2014-01-25 19:54 - 2014-01-25 19:54 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys.upd 2014-01-25 19:54 - 2014-01-25 19:54 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\aucsbrnv.sys 2014-01-25 19:29 - 2014-01-25 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-25 14:27 - 2014-01-25 14:28 - 00061168 _____ C:\Users\sm1851\Downloads\PGRJanuaryBill.html 2014-01-25 13:34 - 2014-01-25 13:37 - 00000000 ____D C:\AdwCleaner 2014-01-24 17:28 - 2014-01-24 17:30 - 00000000 ____D C:\Program Files\trend micro 2014-01-24 17:28 - 2014-01-24 17:28 - 00000000 ____D C:\rsit 2014-01-24 17:12 - 2014-01-24 17:12 - 00000000 ____D C:\Windows\ERUNT 2014-01-24 16:47 - 2014-01-24 16:47 - 00000000 ____D C:\Users\sm1851\AppData\Local\Apps\2.0 2014-01-24 14:20 - 2014-01-24 14:20 - 04380160 _____ C:\Users\sm1851\Downloads\RogueKillerX64 (1).exe 2014-01-24 10:30 - 2014-01-24 10:41 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Notepad++ 2014-01-23 17:07 - 2014-01-23 17:07 - 04406784 _____ C:\Users\sm1851\Downloads\RogueKillerX64.exe 2014-01-23 12:00 - 2014-01-23 12:00 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\apdmeowm.sys 2014-01-23 11:59 - 2014-01-23 11:59 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\olhkfnrz.sys 2014-01-23 11:31 - 2014-01-23 11:31 - 00000000 ____D C:\Users\sm1851\AppData\Local\Macromedia 2014-01-23 11:09 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-23 11:09 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-23 11:09 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-23 11:09 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-23 11:09 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-23 11:08 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-23 11:08 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-23 11:08 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-23 11:08 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-23 11:08 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-23 11:08 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-23 11:08 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-23 11:08 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-23 11:08 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-23 11:08 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-23 11:08 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-23 11:08 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-23 11:08 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-23 11:08 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-23 11:08 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-23 11:08 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-23 11:08 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-23 11:08 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-23 11:08 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-23 11:08 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-23 11:08 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-23 11:08 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-23 11:08 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-23 11:07 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-23 11:07 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-23 11:07 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-23 10:43 - 2014-01-23 10:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zekucqhq.sys 2014-01-23 10:42 - 2014-01-23 10:42 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pnkfccvq.sys 2014-01-23 10:38 - 2014-01-23 10:38 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\ProductData 2014-01-23 10:09 - 2014-01-23 10:10 - 00000000 ____D C:\Users\sm1851\Desktop\Printers 2014-01-23 00:00 - 2014-01-23 00:00 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard 2014-01-22 17:02 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2014-01-22 17:01 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2014-01-22 16:42 - 2014-01-22 16:42 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2014-01-22 16:41 - 2014-01-22 16:43 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Juniper Networks 2014-01-22 16:41 - 2014-01-22 16:41 - 00000000 ____D C:\Users\sm1851\AppData\Local\Juniper Networks 2014-01-22 16:29 - 2014-01-25 19:44 - 00000448 _____ C:\Windows\setupact.log 2014-01-22 16:29 - 2014-01-24 15:19 - 00010246 _____ C:\Windows\PFRO.log 2014-01-22 16:29 - 2014-01-22 16:29 - 00000000 _____ C:\Windows\setuperr.log 2014-01-22 16:17 - 2014-01-22 16:14 - 00000000 _____ C:\Windows\system32\Drivers\avchv.sys 2014-01-22 16:14 - 2014-01-22 16:14 - 00173897 _____ C:\ProgramData\1390425195.bdinstall.bin 2014-01-22 16:14 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-01-22 16:14 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2014-01-22 16:14 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-01-22 16:14 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-01-22 16:13 - 2014-01-22 16:13 - 00037618 _____ C:\ProgramData\1390425192.bdinstall.bin 2014-01-22 12:31 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe 2014-01-22 12:30 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104238.dll 2014-01-22 12:30 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104115.dll 2014-01-22 12:30 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll 2014-01-22 12:29 - 2014-01-22 12:29 - 00000000 ____D C:\Users\sm1851\AppData\Local\Google 2014-01-22 12:20 - 2014-01-23 11:01 - 00000000 ____D C:\ProgramData\IObit 2014-01-22 12:19 - 2014-01-26 11:03 - 00000000 ____D C:\Program Files (x86)\IObit 2014-01-22 12:19 - 2014-01-22 12:40 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\IObit 2014-01-22 12:16 - 2014-01-22 12:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-22 12:16 - 2014-01-22 12:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-22 12:16 - 2014-01-22 12:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-22 12:16 - 2014-01-22 12:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-22 12:16 - 2014-01-22 12:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-22 12:14 - 2014-01-22 12:14 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Softland 2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Program Files\doPDF 7 2014-01-22 10:49 - 2013-08-20 13:28 - 00025920 _____ (Softland) C:\Windows\system32\dopdfmn7.dll 2014-01-22 10:49 - 2013-08-20 13:28 - 00021312 _____ (Softland) C:\Windows\system32\dopdfmi7.dll 2014-01-22 10:49 - 2010-11-25 12:17 - 00007549 _____ C:\Windows\system32\dopdf7.ctm 2014-01-22 10:49 - 2010-02-05 15:00 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2014-01-22 10:46 - 2014-01-22 10:46 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\HP 2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2014-01-22 10:45 - 2013-04-26 09:55 - 00518432 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL 2014-01-22 10:45 - 2013-04-26 09:53 - 00438560 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn145.dll 2014-01-22 09:43 - 2014-01-22 09:43 - 00000000 ____H C:\Users\sm1851\Documents\Default.rdp 2014-01-21 14:16 - 2014-01-21 14:16 - 00111536 _____ C:\Users\rvaldes-admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-21 14:16 - 2014-01-21 14:16 - 00001413 _____ C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Apple Computer 2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Adobe 2014-01-21 14:15 - 2014-01-21 14:16 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-21 14:15 - 2014-01-21 14:16 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-21 14:14 - 2014-01-21 14:14 - 00003168 __RSH C:\Users\rvaldes-admin\ntuser.pol 2014-01-21 14:14 - 2014-01-21 14:14 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Local\VirtualStore 2014-01-21 11:25 - 2014-01-21 11:25 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-21 11:25 - 2014-01-21 11:25 - 00000000 ____D C:\ProgramData\Sun 2014-01-21 11:25 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-21 11:25 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-21 11:25 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-21 11:25 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-21 11:24 - 2014-01-21 11:24 - 00000000 ____D C:\ProgramData\McAfee 2014-01-21 10:06 - 2014-01-21 10:06 - 00000000 ____D C:\ProgramData\Mozilla 2014-01-21 09:31 - 2014-01-23 10:11 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\EndNote 2014-01-21 08:15 - 2014-01-21 08:15 - 00000000 ____D C:\Users\sm1851\Documents\IBM 2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\SPSSInc 2014-01-21 08:14 - 2013-03-19 10:00 - 00047422 _____ C:\Users\sm1851\Desktop\PROBSET_1 (19MAR13).sav 2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\javasharedresources 2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\IBM 2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\.spss 2014-01-21 07:41 - 2014-01-21 07:41 - 00000856 _____ C:\Users\sm1851\Desktop\JAMA Network JAMA Preventing Suicides in US Service Members and Veterans Concerns After a Decade of War.website 2014-01-21 07:29 - 2014-01-21 07:29 - 00000712 _____ C:\Users\sm1851\Desktop\JAMA Network JAMA Suicides Among Military Personnel—Reply.website 2014-01-21 07:26 - 2014-01-21 07:26 - 00000317 _____ C:\Users\sm1851\Desktop\ecu.edu.website 2014-01-21 07:25 - 2014-01-21 07:25 - 00000470 _____ C:\Users\sm1851\Desktop\Mental health outcomes in US and UK military personnel returning from Iraq.website 2014-01-21 06:58 - 2014-01-21 06:58 - 00000000 ____D C:\Users\sm1851\AppData\Local\Adobe 2014-01-21 06:28 - 2014-01-21 06:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-01-21 06:27 - 2014-01-21 06:27 - 00000000 ____D C:\Users\sm1851\Documents\Outlook Files 2014-01-19 16:31 - 2014-01-19 16:53 - 742391808 _____ C:\Users\sm1851\Downloads\ubuntu-12.04.3-desktop-amd64.iso 2014-01-19 16:27 - 2014-01-26 12:54 - 00000000 ____D C:\Program Files (x86)\Everything 2014-01-19 16:27 - 2014-01-19 16:27 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything 2014-01-19 16:13 - 2014-01-19 16:13 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Macromedia 2014-01-17 11:05 - 2014-01-17 11:05 - 00177674 _____ C:\ProgramData\1389974602.bdinstall.bin 2014-01-17 10:57 - 2014-01-17 10:57 - 00059117 _____ C:\ProgramData\1389974205.bdinstall.bin 2014-01-17 10:56 - 2014-01-17 10:56 - 00037823 _____ C:\ProgramData\1389974173.bdinstall.bin 2014-01-17 10:54 - 2014-01-17 10:54 - 00000000 ____D C:\ProgramData\bdch 2014-01-17 10:50 - 2014-01-17 10:50 - 00171172 _____ C:\ProgramData\1389973795.bdinstall.bin 2014-01-17 10:50 - 2014-01-17 10:50 - 00000000 ____D C:\Program Files\Bitdefender 2014-01-17 10:50 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\SET7722.tmp 2014-01-17 10:50 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-01-17 10:49 - 2014-01-17 10:49 - 10447328 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition_x64.exe 2014-01-17 10:49 - 2014-01-17 10:49 - 00162208 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition.exe 2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\QuickScan 2014-01-17 10:48 - 2014-01-23 11:09 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Mozilla 2014-01-17 10:48 - 2014-01-21 10:06 - 00000000 ____D C:\Users\sm1851\AppData\Local\Mozilla 2014-01-17 10:31 - 2014-01-22 12:26 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Apple Computer 2014-01-17 10:20 - 2014-01-24 18:04 - 00000000 ____D C:\Users\sm1851\Desktop\Utilities 2014-01-17 10:20 - 2014-01-17 10:20 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer 2014-01-17 10:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-01-17 10:19 - 2014-01-17 10:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-17 10:19 - 2014-01-17 10:20 - 00000000 ____D C:\Program Files\iTunes 2014-01-17 10:19 - 2014-01-17 10:20 - 00000000 ____D C:\Program Files (x86)\iTunes 2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\ProgramData\Apple Computer 2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files\iPod 2014-01-17 10:19 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\ProgramData\Apple 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Common Files\Apple 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Bonjour 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files (x86)\Bonjour 2014-01-17 10:17 - 2014-01-17 10:31 - 00000000 ____D C:\Users\sm1851\Tracing 2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Malwarebytes 2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2014-01-17 10:16 - 2014-01-26 11:11 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers 2014-01-17 10:16 - 2014-01-26 11:11 - 00000000 ____D C:\Program Files (x86)\EndNote X7 2014-01-17 10:16 - 2014-01-17 10:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync 2014-01-17 10:16 - 2014-01-17 10:16 - 00000000 ____D C:\Users\Public\Documents\EndNote 2014-01-17 10:15 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\Google 2014-01-17 10:15 - 2014-01-17 10:15 - 00000000 ____D C:\Program Files (x86)\7-Zip 2014-01-17 10:14 - 2014-01-17 10:14 - 00002581 _____ C:\Users\Public\Desktop\KeePass.lnk 2014-01-17 10:14 - 2014-01-17 10:14 - 00000000 ____D C:\Program Files (x86)\KeePass2x 2014-01-17 10:11 - 2014-01-17 10:11 - 00002276 _____ C:\Users\sm1851\Desktop\IBM SPSS Statistics 22.lnk 2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SPSS 2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SafeNet Sentinel 2014-01-09 18:08 - 2014-01-09 18:08 - 00000000 ____D C:\Program Files (x86)\IBM 2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.tgz 2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.dll 2014-01-09 18:07 - 2014-01-09 18:07 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz 2014-01-09 18:07 - 2014-01-09 18:07 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll 2014-01-09 18:07 - 2014-01-09 18:07 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm 2014-01-09 10:21 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-09 10:21 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-09 10:08 - 2014-01-21 14:15 - 00000000 ____D C:\Users\rvaldes-admin 2014-01-09 10:08 - 2014-01-09 10:08 - 00000020 ___SH C:\Users\rvaldes-admin\ntuser.ini 2014-01-09 10:08 - 2013-10-09 14:49 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Local\Microsoft Help 2014-01-09 10:08 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-01-09 10:08 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-01-09 10:01 - 2014-01-26 11:11 - 00000000 ____D C:\Users\sm1851 2014-01-09 10:01 - 2014-01-25 19:46 - 00003168 __RSH C:\Users\sm1851\ntuser.pol 2014-01-09 10:01 - 2014-01-25 13:13 - 00111536 _____ C:\Users\sm1851\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-09 10:01 - 2014-01-22 16:32 - 00001413 _____ C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-09 10:01 - 2014-01-21 06:58 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Adobe 2014-01-09 10:01 - 2014-01-09 10:01 - 00000020 ___SH C:\Users\sm1851\ntuser.ini 2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851\AppData\Local\VirtualStore 2014-01-09 10:01 - 2013-10-09 14:49 - 00000000 ____D C:\Users\sm1851\AppData\Local\Microsoft Help 2014-01-09 10:01 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-01-09 10:01 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-01-06 15:53 - 2014-01-06 15:53 - 00000000 ____D C:\Program Files\Microsoft Forefront Identity Manager 2014-01-06 15:48 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-06 15:48 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-06 15:47 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-06 15:47 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-06 15:47 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-06 15:47 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-01-06 15:47 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-01-06 15:47 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-01-06 15:47 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-01-06 15:47 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-01-06 15:47 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-01-06 15:47 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-01-06 15:47 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-01-06 15:47 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-01-06 15:47 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-01-06 15:47 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-01-06 15:47 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-01-06 15:47 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-01-06 15:47 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-01-06 15:44 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-06 15:44 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-06 15:42 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-06 15:42 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-06 15:42 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-01-06 15:42 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-01-06 15:42 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-01-06 15:42 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-06 15:42 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2014-01-06 15:42 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-06 15:42 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-01-06 15:42 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-06 15:42 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-06 15:42 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-06 15:42 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-06 15:41 - 2014-01-06 15:41 - 00111536 _____ C:\Users\ackerman-admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-06 15:40 - 2014-01-26 12:23 - 00000840 _____ C:\Users\Public\Desktop\NSU App Store.lnk 2014-01-06 15:40 - 2014-01-06 15:41 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 15:40 - 2014-01-06 15:41 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-06 15:40 - 2014-01-06 15:40 - 00001413 _____ C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-06 15:40 - 2014-01-06 15:40 - 00000782 __RSH C:\Users\ackerman-admin\ntuser.pol 2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Roaming\Adobe 2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Local\VirtualStore 2014-01-06 15:39 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin 2014-01-06 15:39 - 2014-01-06 15:39 - 00004764 _____ C:\Windows\system32\CcmFramework.ini 2014-01-06 15:39 - 2014-01-06 15:39 - 00000621 _____ C:\Windows\system32\CcmFramework.h 2014-01-06 15:39 - 2014-01-06 15:39 - 00000020 ___SH C:\Users\ackerman-admin\ntuser.ini 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429} 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\ms 2014-01-06 15:39 - 2013-10-09 14:49 - 00000000 ____D C:\Users\ackerman-admin\AppData\Local\Microsoft Help 2014-01-06 15:39 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-01-06 15:39 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-01-06 15:19 - 2014-01-06 15:19 - 00000000 ____D C:\ProgramData\GroupPolicy 2014-01-06 15:14 - 2014-01-06 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia 2014-01-06 15:13 - 2014-01-06 15:13 - 00111536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-06 15:12 - 2014-01-06 15:12 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2014-01-06 15:11 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Administrator 2014-01-06 15:11 - 2014-01-06 15:11 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2014-01-06 15:11 - 2013-10-09 14:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help 2014-01-06 15:11 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-01-06 15:11 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-01-06 14:50 - 2014-01-06 14:50 - 00000000 ____D C:\Program Files\Symantec 2014-01-06 12:16 - 2014-01-06 12:16 - 00004096 _____ C:\temp-config.xml 2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-06 12:08 - 2014-01-06 12:09 - 00000000 ____D C:\9893828c203bd8b591 2014-01-06 12:08 - 2014-01-06 12:08 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini 2014-01-06 12:08 - 2014-01-06 12:08 - 00000000 ____D C:\Users\GhostUser\AppData\Local\VirtualStore 2014-01-06 12:08 - 2013-10-09 14:49 - 00000000 ____D C:\Users\GhostUser\AppData\Local\Microsoft Help 2014-01-06 12:08 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-01-06 12:08 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\system32\atiicdxx.dat 2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\ativpsrm.bin 2014-01-06 10:54 - 2014-01-26 12:28 - 01968268 _____ C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= 2014-01-26 13:01 - 2014-01-26 12:52 - 02078208 _____ (Farbar) C:\Users\sm1851\Desktop\FRST64.exe 2014-01-26 13:01 - 2014-01-26 12:49 - 00015766 _____ C:\Users\sm1851\Desktop\FRST.txt 2014-01-26 12:58 - 2013-10-04 08:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-26 12:54 - 2014-01-19 16:27 - 00000000 ____D C:\Program Files (x86)\Everything 2014-01-26 12:49 - 2014-01-26 11:21 - 00089144 _____ C:\Users\sm1851\Downloads\FRST.txt 2014-01-26 12:46 - 2014-01-26 12:46 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64 (1).exe 2014-01-26 12:46 - 2013-10-04 23:02 - 00000000 ____D C:\ProgramData\sccomm 2014-01-26 12:35 - 2014-01-26 12:35 - 00000000 ____D C:\Program Files (x86)\HiJackThis 2014-01-26 12:35 - 2014-01-26 11:47 - 00085606 _____ C:\zoek-results.log 2014-01-26 12:35 - 2014-01-26 11:46 - 00004176 _____ C:\runcheck.txt 2014-01-26 12:28 - 2014-01-06 10:54 - 01968268 _____ C:\Windows\WindowsUpdate.log 2014-01-26 12:28 - 2013-10-04 07:49 - 00073576 __RSH C:\ProgramData\ntuser.pol 2014-01-26 12:23 - 2014-01-06 15:40 - 00000840 _____ C:\Users\Public\Desktop\NSU App Store.lnk 2014-01-26 12:23 - 2013-10-04 07:47 - 00001400 _____ C:\Windows\system32\config\netlogon.ftl 2014-01-26 12:22 - 2014-01-26 11:45 - 00000000 ____D C:\zoek_backup 2014-01-26 12:20 - 2014-01-26 12:20 - 00000021 _____ C:\folders.log 2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D C:\zoek 2014-01-26 11:47 - 2014-01-26 11:47 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ivebghmp.sys 2014-01-26 11:46 - 2014-01-26 11:46 - 00003136 _____ C:\Windows\System32\Tasks\{E9988C34-146A-48B2-89EC-833FFF0017D9} 2014-01-26 11:30 - 2014-01-26 11:30 - 00029901 _____ C:\Users\sm1851\Desktop\Addition.txt 2014-01-26 11:26 - 2014-01-26 11:26 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\imugeswt.sys 2014-01-26 11:25 - 2014-01-26 11:22 - 00029901 _____ C:\Users\sm1851\Downloads\Addition.txt 2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ineueikg.sys 2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ihddttlr.sys 2014-01-26 11:23 - 2014-01-26 11:21 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64.exe 2014-01-26 11:16 - 2014-01-26 11:16 - 00000000 ____D C:\FRST 2014-01-26 11:11 - 2014-01-17 10:16 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers 2014-01-26 11:11 - 2014-01-17 10:16 - 00000000 ____D C:\Program Files (x86)\EndNote X7 2014-01-26 11:11 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851 2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2014-01-26 11:03 - 2014-01-22 12:19 - 00000000 ____D C:\Program Files (x86)\IObit 2014-01-25 19:54 - 2014-01-25 19:54 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys.upd 2014-01-25 19:54 - 2014-01-25 19:54 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\aucsbrnv.sys 2014-01-25 19:53 - 2009-07-13 23:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-25 19:53 - 2009-07-13 23:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-25 19:48 - 2013-10-03 16:06 - 00000569 _____ C:\Windows\SMSCFG.ini 2014-01-25 19:46 - 2014-01-09 10:01 - 00003168 __RSH C:\Users\sm1851\ntuser.pol 2014-01-25 19:44 - 2014-01-22 16:29 - 00000448 _____ C:\Windows\setupact.log 2014-01-25 19:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-25 19:32 - 2013-10-04 07:58 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-25 19:29 - 2014-01-25 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-25 14:28 - 2014-01-25 14:27 - 00061168 _____ C:\Users\sm1851\Downloads\PGRJanuaryBill.html 2014-01-25 13:40 - 2009-07-13 23:45 - 00435800 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-25 13:38 - 2009-07-14 00:13 - 00783834 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-25 13:37 - 2014-01-25 13:34 - 00000000 ____D C:\AdwCleaner 2014-01-25 13:13 - 2014-01-09 10:01 - 00111536 _____ C:\Users\sm1851\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-24 18:04 - 2014-01-17 10:20 - 00000000 ____D C:\Users\sm1851\Desktop\Utilities 2014-01-24 17:30 - 2014-01-24 17:28 - 00000000 ____D C:\Program Files\trend micro 2014-01-24 17:28 - 2014-01-24 17:28 - 00000000 ____D C:\rsit 2014-01-24 17:12 - 2014-01-24 17:12 - 00000000 ____D C:\Windows\ERUNT 2014-01-24 16:47 - 2014-01-24 16:47 - 00000000 ____D C:\Users\sm1851\AppData\Local\Apps\2.0 2014-01-24 15:19 - 2014-01-22 16:29 - 00010246 _____ C:\Windows\PFRO.log 2014-01-24 14:20 - 2014-01-24 14:20 - 04380160 _____ C:\Users\sm1851\Downloads\RogueKillerX64 (1).exe 2014-01-24 10:41 - 2014-01-24 10:30 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Notepad++ 2014-01-23 17:07 - 2014-01-23 17:07 - 04406784 _____ C:\Users\sm1851\Downloads\RogueKillerX64.exe 2014-01-23 12:00 - 2014-01-23 12:00 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\apdmeowm.sys 2014-01-23 11:59 - 2014-01-23 11:59 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\olhkfnrz.sys 2014-01-23 11:31 - 2014-01-23 11:31 - 00000000 ____D C:\Users\sm1851\AppData\Local\Macromedia 2014-01-23 11:09 - 2014-01-17 10:48 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Mozilla 2014-01-23 11:01 - 2014-01-22 12:20 - 00000000 ____D C:\ProgramData\IObit 2014-01-23 10:43 - 2014-01-23 10:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zekucqhq.sys 2014-01-23 10:42 - 2014-01-23 10:42 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pnkfccvq.sys 2014-01-23 10:38 - 2014-01-23 10:38 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\ProductData 2014-01-23 10:11 - 2014-01-21 09:31 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\EndNote 2014-01-23 10:10 - 2014-01-23 10:09 - 00000000 ____D C:\Users\sm1851\Desktop\Printers 2014-01-23 00:00 - 2014-01-23 00:00 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard 2014-01-22 17:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2014-01-22 17:02 - 2013-10-04 08:19 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-22 16:43 - 2014-01-22 16:41 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Juniper Networks 2014-01-22 16:42 - 2014-01-22 16:42 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2014-01-22 16:41 - 2014-01-22 16:41 - 00000000 ____D C:\Users\sm1851\AppData\Local\Juniper Networks 2014-01-22 16:32 - 2014-01-09 10:01 - 00001413 _____ C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-22 16:31 - 2013-10-03 19:38 - 00000000 ____D C:\Windows\Panther 2014-01-22 16:29 - 2014-01-22 16:29 - 00000000 _____ C:\Windows\setuperr.log 2014-01-22 16:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2014-01-22 16:14 - 2014-01-22 16:17 - 00000000 _____ C:\Windows\system32\Drivers\avchv.sys 2014-01-22 16:14 - 2014-01-22 16:14 - 00173897 _____ C:\ProgramData\1390425195.bdinstall.bin 2014-01-22 16:13 - 2014-01-22 16:13 - 00037618 _____ C:\ProgramData\1390425192.bdinstall.bin 2014-01-22 12:40 - 2014-01-22 12:19 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\IObit 2014-01-22 12:29 - 2014-01-22 12:29 - 00000000 ____D C:\Users\sm1851\AppData\Local\Google 2014-01-22 12:26 - 2014-01-17 10:31 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Apple Computer 2014-01-22 12:16 - 2014-01-22 12:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-22 12:16 - 2014-01-22 12:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-22 12:16 - 2014-01-22 12:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-22 12:16 - 2014-01-22 12:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-22 12:16 - 2014-01-22 12:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-22 12:16 - 2014-01-22 12:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-22 12:16 - 2014-01-22 12:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-22 12:14 - 2014-01-22 12:14 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-22 12:14 - 2014-01-22 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-22 12:14 - 2014-01-22 12:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Softland 2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Program Files\doPDF 7 2014-01-22 10:48 - 2013-10-04 08:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-22 10:47 - 2013-10-04 08:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-22 10:47 - 2013-10-04 08:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-22 10:46 - 2014-01-22 10:46 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2014-01-22 10:46 - 2013-10-04 08:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2014-01-22 10:46 - 2013-10-03 16:06 - 00000000 ____D C:\Windows\ccmcache 2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\HP 2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2014-01-22 09:43 - 2014-01-22 09:43 - 00000000 ____H C:\Users\sm1851\Documents\Default.rdp 2014-01-21 14:16 - 2014-01-21 14:16 - 00111536 _____ C:\Users\rvaldes-admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-21 14:16 - 2014-01-21 14:16 - 00001413 _____ C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Apple Computer 2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Adobe 2014-01-21 14:16 - 2014-01-21 14:15 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-21 14:16 - 2014-01-21 14:15 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-21 14:15 - 2014-01-09 10:08 - 00000000 ____D C:\Users\rvaldes-admin 2014-01-21 14:14 - 2014-01-21 14:14 - 00003168 __RSH C:\Users\rvaldes-admin\ntuser.pol 2014-01-21 14:14 - 2014-01-21 14:14 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Local\VirtualStore 2014-01-21 11:25 - 2014-01-21 11:25 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-21 11:25 - 2014-01-21 11:25 - 00000000 ____D C:\ProgramData\Sun 2014-01-21 11:24 - 2014-01-21 11:24 - 00000000 ____D C:\ProgramData\McAfee 2014-01-21 10:06 - 2014-01-21 10:06 - 00000000 ____D C:\ProgramData\Mozilla 2014-01-21 10:06 - 2014-01-17 10:48 - 00000000 ____D C:\Users\sm1851\AppData\Local\Mozilla 2014-01-21 08:15 - 2014-01-21 08:15 - 00000000 ____D C:\Users\sm1851\Documents\IBM 2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\SPSSInc 2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\javasharedresources 2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\IBM 2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\.spss 2014-01-21 07:41 - 2014-01-21 07:41 - 00000856 _____ C:\Users\sm1851\Desktop\JAMA Network JAMA Preventing Suicides in US Service Members and Veterans Concerns After a Decade of War.website 2014-01-21 07:29 - 2014-01-21 07:29 - 00000712 _____ C:\Users\sm1851\Desktop\JAMA Network JAMA Suicides Among Military Personnel—Reply.website 2014-01-21 07:26 - 2014-01-21 07:26 - 00000317 _____ C:\Users\sm1851\Desktop\ecu.edu.website 2014-01-21 07:25 - 2014-01-21 07:25 - 00000470 _____ C:\Users\sm1851\Desktop\Mental health outcomes in US and UK military personnel returning from Iraq.website 2014-01-21 06:58 - 2014-01-21 06:58 - 00000000 ____D C:\Users\sm1851\AppData\Local\Adobe 2014-01-21 06:58 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Adobe 2014-01-21 06:28 - 2014-01-21 06:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-01-21 06:27 - 2014-01-21 06:27 - 00000000 ____D C:\Users\sm1851\Documents\Outlook Files 2014-01-19 16:53 - 2014-01-19 16:31 - 742391808 _____ C:\Users\sm1851\Downloads\ubuntu-12.04.3-desktop-amd64.iso 2014-01-19 16:27 - 2014-01-19 16:27 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything 2014-01-19 16:13 - 2014-01-19 16:13 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Macromedia 2014-01-19 02:33 - 2013-10-03 16:11 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-01-17 11:05 - 2014-01-17 11:05 - 00177674 _____ C:\ProgramData\1389974602.bdinstall.bin 2014-01-17 10:57 - 2014-01-17 10:57 - 00059117 _____ C:\ProgramData\1389974205.bdinstall.bin 2014-01-17 10:56 - 2014-01-17 10:56 - 00037823 _____ C:\ProgramData\1389974173.bdinstall.bin 2014-01-17 10:54 - 2014-01-17 10:54 - 00000000 ____D C:\ProgramData\bdch 2014-01-17 10:50 - 2014-01-17 10:50 - 00171172 _____ C:\ProgramData\1389973795.bdinstall.bin 2014-01-17 10:50 - 2014-01-17 10:50 - 00000000 ____D C:\Program Files\Bitdefender 2014-01-17 10:49 - 2014-01-17 10:49 - 10447328 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition_x64.exe 2014-01-17 10:49 - 2014-01-17 10:49 - 00162208 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition.exe 2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\QuickScan 2014-01-17 10:36 - 2014-01-17 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync 2014-01-17 10:36 - 2013-10-04 09:24 - 00000000 ____D C:\Windows\system32\appmgmt 2014-01-17 10:31 - 2014-01-17 10:17 - 00000000 ____D C:\Users\sm1851\Tracing 2014-01-17 10:20 - 2014-01-17 10:20 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer 2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer 2014-01-17 10:20 - 2014-01-17 10:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-17 10:20 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files\iTunes 2014-01-17 10:20 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\ProgramData\Apple Computer 2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files\iPod 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\ProgramData\Apple 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Common Files\Apple 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Bonjour 2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files (x86)\Bonjour 2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Malwarebytes 2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2014-01-17 10:17 - 2014-01-17 10:15 - 00000000 ____D C:\Program Files (x86)\Google 2014-01-17 10:16 - 2014-01-17 10:16 - 00000000 ____D C:\Users\Public\Documents\EndNote 2014-01-17 10:15 - 2014-01-17 10:15 - 00000000 ____D C:\Program Files (x86)\7-Zip 2014-01-17 10:14 - 2014-01-17 10:14 - 00002581 _____ C:\Users\Public\Desktop\KeePass.lnk 2014-01-17 10:14 - 2014-01-17 10:14 - 00000000 ____D C:\Program Files (x86)\KeePass2x 2014-01-17 10:11 - 2014-01-17 10:11 - 00002276 _____ C:\Users\sm1851\Desktop\IBM SPSS Statistics 22.lnk 2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SPSS 2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SafeNet Sentinel 2014-01-09 18:08 - 2014-01-09 18:08 - 00000000 ____D C:\Program Files (x86)\IBM 2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.tgz 2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.dll 2014-01-09 18:07 - 2014-01-09 18:07 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz 2014-01-09 18:07 - 2014-01-09 18:07 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll 2014-01-09 18:07 - 2014-01-09 18:07 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm 2014-01-09 10:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2014-01-09 10:24 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2014-01-09 10:23 - 2013-10-04 13:24 - 00000000 ____D C:\Windows\system32\MRT 2014-01-09 10:08 - 2014-01-09 10:08 - 00000020 ___SH C:\Users\rvaldes-admin\ntuser.ini 2014-01-09 10:01 - 2014-01-09 10:01 - 00000020 ___SH C:\Users\sm1851\ntuser.ini 2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851\AppData\Local\VirtualStore 2014-01-08 17:05 - 2013-10-03 16:06 - 00000000 ____D C:\Windows\CCM 2014-01-08 15:54 - 2014-01-22 12:30 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104238.dll 2014-01-08 15:54 - 2014-01-22 12:30 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104115.dll 2014-01-08 15:54 - 2014-01-22 12:30 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll 2014-01-06 15:53 - 2014-01-06 15:53 - 00000000 ____D C:\Program Files\Microsoft Forefront Identity Manager 2014-01-06 15:52 - 2013-10-03 16:07 - 00001945 _____ C:\Windows\epplauncher.mif 2014-01-06 15:52 - 2013-10-03 16:07 - 00000000 ____D C:\Program Files\Microsoft Security Client 2014-01-06 15:51 - 2013-10-03 16:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2014-01-06 15:41 - 2014-01-06 15:41 - 00111536 _____ C:\Users\ackerman-admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-06 15:41 - 2014-01-06 15:40 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 15:41 - 2014-01-06 15:40 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-06 15:40 - 2014-01-06 15:40 - 00001413 _____ C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-06 15:40 - 2014-01-06 15:40 - 00000782 __RSH C:\Users\ackerman-admin\ntuser.pol 2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Roaming\Adobe 2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Local\VirtualStore 2014-01-06 15:40 - 2014-01-06 15:39 - 00000000 ____D C:\Users\ackerman-admin 2014-01-06 15:40 - 2013-10-03 16:06 - 00001745 _____ C:\Windows\system32\InstallUtil.InstallLog 2014-01-06 15:39 - 2014-01-06 15:39 - 00004764 _____ C:\Windows\system32\CcmFramework.ini 2014-01-06 15:39 - 2014-01-06 15:39 - 00000621 _____ C:\Windows\system32\CcmFramework.h 2014-01-06 15:39 - 2014-01-06 15:39 - 00000020 ___SH C:\Users\ackerman-admin\ntuser.ini 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429} 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\ms 2014-01-06 15:19 - 2014-01-06 15:19 - 00000000 ____D C:\ProgramData\GroupPolicy 2014-01-06 15:14 - 2014-01-06 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia 2014-01-06 15:13 - 2014-01-06 15:13 - 00111536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-06 15:12 - 2014-01-06 15:12 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2014-01-06 15:12 - 2014-01-06 15:11 - 00000000 ____D C:\Users\Administrator 2014-01-06 15:11 - 2014-01-06 15:11 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2014-01-06 14:50 - 2014-01-06 14:50 - 00000000 ____D C:\Program Files\Symantec 2014-01-06 14:41 - 2013-10-04 14:21 - 00001413 _____ C:\Users\NSU_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-06 12:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore 2014-01-06 12:16 - 2014-01-06 12:16 - 00004096 _____ C:\temp-config.xml 2014-01-06 12:14 - 2013-10-03 16:04 - 00000000 ____D C:\Program Files\Common Files\Altiris 2014-01-06 12:11 - 2013-10-03 15:43 - 00000000 __SHD C:\Recovery 2014-01-06 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Recovery 2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-06 12:09 - 2014-01-06 12:08 - 00000000 ____D C:\9893828c203bd8b591 2014-01-06 12:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep 2014-01-06 12:08 - 2014-01-06 12:08 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini 2014-01-06 12:08 - 2014-01-06 12:08 - 00000000 ____D C:\Users\GhostUser\AppData\Local\VirtualStore 2014-01-06 10:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration 2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\system32\atiicdxx.dat 2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\ativpsrm.bin Some content of TEMP: ==================== C:\Users\sm1851\AppData\Local\Temp\7za.exe C:\Users\sm1851\AppData\Local\Temp\dsHostCheckerSetup.exe C:\Users\sm1851\AppData\Local\Temp\hijackthis.exe C:\Users\sm1851\AppData\Local\Temp\NirCmd.exe C:\Users\sm1851\AppData\Local\Temp\ntdll_dump.dll C:\Users\sm1851\AppData\Local\Temp\PEVZ.EXE C:\Users\sm1851\AppData\Local\Temp\Process Explorer64.exe C:\Users\sm1851\AppData\Local\Temp\Quarantine.exe C:\Users\sm1851\AppData\Local\Temp\remove.exe C:\Users\sm1851\AppData\Local\Temp\sed.exe C:\Users\sm1851\AppData\Local\Temp\shortcut.exe C:\Users\sm1851\AppData\Local\Temp\swreg.exe C:\Users\sm1851\AppData\Local\Temp\swxcacls.exe C:\Users\sm1851\AppData\Local\Temp\wget.exe C:\Users\sm1851\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 00:55 ==================== End Of Log ============================
  3. Outstanding! Please find the zoek-results.txt info below. Where was it hiding? Did the FRST64 tool provide the major fix? One last question. Should I be good to go with a Firefox install? Lastly, lastly.. what contribution would be not insult you?! Thanks much!! /steve Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 02 Ran by sm1851 at 2014-01-26 13:02:33 Running from C:\Users\sm1851\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: System Center Endpoint Protection (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: System Center Endpoint Protection (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x32 Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Reader XI (x32 Version: 11.0.00 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc) Altiris Agent Install Service (x32 Version: 7.0.0.1 - Altiris Inc.) Hidden Altiris Application Metering Agent (x32 Version: 7.5.1597.0 - Altiris Inc.) Hidden Altiris Inventory Agent (x32 Version: 7.5.1597.0 - Altiris Inc.) Hidden Apple Application Support (x32 Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Bitdefender Antivirus Free Edition (Version: 1.0.21.1099 - Bitdefender) Bonjour (Version: 3.0.0.10 - Apple Inc.) Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32 Version: - Microsoft) Deployment Solution Agent (Version: 7.5.1597.0 - Symantec) Hidden doPDF 7.3 printer (Version: 7.3.393 - Softland) EndNote X7 (x32 Version: 17.0.0.7072 - Thomson Reuters) Everything 1.2.1.371 (x32 Version: - ) Forefront Identity Manager Add-ins and Extensions (Version: 4.1.3419.0 - Microsoft Corporation) Google Earth (x32 Version: 7.0 - Google) Google Earth (x32 Version: 7.1.1.1888 - Google) Hidden IBM SPSS Statistics 22 (x32 Version: 22.0.0.0 - IBM Corp) iTunes (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Juniper Networks Host Checker (HKCU Version: 7.4.0.28485 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.8.42127 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1 - Juniper Networks, Inc.) KeePass 2.23 (x32 Version: 2.23.0 - Dominik Reichl) Malwarebytes' Managed Client (x32 Version: 1.2.1665 - Malwarebytes Corporation) MDOP MBAM (Version: 2.0.5301.1 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Endpoint Protection Management Components (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Lync 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Lync 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visio MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Visio Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visio Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Notepad++ (x32 Version: 6.5 - Notepad++ Team) ODBC 11g (x32 Version: 11.0 - Oracle) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Patch Management Agent (Version: 7.5.1597.0 - Altiris) Hidden Picasa (x32 Version: 39.0 - Google) Picasa 3 (x32 Version: 3.9 - Google, Inc.) Hidden Power Scheme Plug-in Setup (Version: 7.5.1597.0 - Altiris) Hidden ResearchSoft Direct Export Helper (x32 Version: - Thomson Reuters) Software Management Solution Plugin (Version: 7.5.1597.0 - Altiris Inc.) Hidden Symantec pcAnywhere (x32 Version: 12.5.4.8211 - Symantec Corporation) Symantec_pcAnywhere_plugin_installer_x64 (Version: 12.6.1.0 - Symantec) Hidden System Center Endpoint Protection (Version: 4.4.304.0 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition (x32 Version: - Microsoft) VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN) Windows Firewall Configuration Provider (Version: 1.2.3412.0 - Microsoft Corporation) ==================== Restore Points ========================= 23-01-2014 16:01:39 IObit Uninstaller restore point 23-01-2014 16:06:43 Windows Update 24-01-2014 19:16:41 Windows Backup 25-01-2014 02:06:07 Installed Microsoft Lync 2013 25-01-2014 02:07:22 LYNC 26-01-2014 00:27:47 Windows Update 26-01-2014 16:47:53 zoek.exe restore point ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1A05D8E0-E03B-4B33-988A-6A0EAE903C1C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {26FA2195-6601-4EC8-A91C-6D8AAA6A5144} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation) Task: {5EDF0CA2-85AB-4807-86C1-EF58FC3285D2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {7AA5EDCE-3A9E-49C1-B59E-187E5F26177B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated) Task: {8181B0A0-681D-42CB-83FF-F2197D01DC17} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {EDA40370-4986-4BBC-88CA-A31C9D83FA3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {F74E6B75-2D64-482A-91BA-C06DFA92A620} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-17 10:50 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2013-10-17 11:23 - 2013-10-17 11:23 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\system32\Drivers\apdmeowm.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\aucsbrnv.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\ihddttlr.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\imugeswt.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\ineueikg.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\ivebghmp.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\olhkfnrz.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\pnkfccvq.sys:changelist AlternateDataStreams: C:\Windows\system32\Drivers\zekucqhq.sys:changelist AlternateDataStreams: C:\Users\sm1851\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\sm1851\Downloads\FRST64 (1).exe:BDU AlternateDataStreams: C:\Users\sm1851\Downloads\FRST64.exe:BDU AlternateDataStreams: C:\Users\sm1851\Downloads\RogueKillerX64 (1).exe:BDU AlternateDataStreams: C:\Users\sm1851\Downloads\RogueKillerX64.exe:BDU ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Serial Port Description: PCI Serial Port Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/26/2014 11:09:48 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/25/2014 03:19:07 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:18:37 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:18:07 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:17:37 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:17:07 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:16:37 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:16:07 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:15:37 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. Error: (01/25/2014 03:15:07 PM) (Source: Microsoft Security Client) (User: ) Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded. System errors: ============= Error: (01/26/2014 00:22:12 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2014 00:22:11 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2014 00:22:10 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2014 00:22:09 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2014 00:22:08 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2014 11:03:01 AM) (Source: Service Control Manager) (User: ) Description: The Advanced SystemCare Service 7 service terminated unexpectedly. It has done this 1 time(s). Error: (01/26/2014 11:00:51 AM) (Source: Kerberos) (User: ) Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fldvp-psmlt01$. The target name used was host/gemini.maltz.nova.edu. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AD.NOVA.EDU) is different from the client domain (AD.NOVA.EDU), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. Error: (01/25/2014 07:49:34 PM) (Source: BROWSER) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{406627FF-8226-4A82-8C5E-5A410CE7DA04}. The backup browser is stopping. Error: (01/25/2014 07:47:33 PM) (Source: Service Control Manager) (User: ) Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). Error: (01/25/2014 07:46:37 PM) (Source: Kerberos) (User: ) Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fldvp-psmlt01$. The target name used was host/gemini.maltz.nova.edu. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AD.NOVA.EDU) is different from the client domain (AD.NOVA.EDU), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. Microsoft Office Sessions: ========================= Error: (01/26/2014 11:09:48 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\sm1851\Downloads\SoftonicDownloader_for_spss.exe Error: (01/25/2014 03:19:07 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:18:37 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:18:07 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:17:37 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:17:07 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:16:37 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:16:07 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:15:37 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 Error: (01/25/2014 03:15:07 PM) (Source: Microsoft Security Client)(User: ) Description: 2510 ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 3037.61 MB Available physical RAM: 1271.43 MB Total Pagefile: 6073.39 MB Available Pagefile: 3509.27 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:231.24 GB) (Free:188.77 GB) NTFS Drive f: (OLDER WD My Passport Essentials) (Fixed) (Total:931.48 GB) (Free:295.38 GB) NTFS Drive g: (NEWER WD My Passport) (Fixed) (Total:931.48 GB) (Free:431.33 GB) NTFS Drive h: (NEWEST WD My Passport) (Fixed) (Total:931.48 GB) (Free:715.14 GB) NTFS Drive o: (Data) (Network) (Total:10239.99 GB) (Free:6521.46 GB) NTFS Drive p: (Data) (Network) (Total:10239.99 GB) (Free:6521.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9AB0C16E) Partition 1: (Not Active) - (Size=231 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: DFD01C12) Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA) Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00023F15) Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. Hello MrC. Please find the two FRST logs attached. I do not mean to be rude and as a rule I appreciate the professional stepwise approach we are proceeding. However, I would have thought that given spigot has been around for some time that its removal was, well, more straightforward. I do know these bugs do adapt and evolve. Sorry but I just feel mostly in the dark about what we are doing BUT I DO appreciate all of your time and assistance. I do not intend to sound like a whiny spoiled brat expecting something for nothing. I am also amazed the Malwarebytes did not catch this in the first place? One other item, please keep in mind that though not installed at present, I typically use FireFox. I deleted it since the infection followed soon after the Firefox install, and it was infected as well. Thanks again! Addition.txt FRST.txt
  5. Hi Mr. C, thanks for your continued help. Please find the AdwCleaner output below. Malwarebytes found no malware. IE still has the spigot homepage hijack? Output from AdwCleaner and Mbam logs below. I will not forget the donation! Thanks. /s # AdwCleaner v3.017 - Report created 25/01/2014 at 13:37:30 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Enterprise Service Pack 1 (64 bits) # Username : sm1851 - MESSER1073 # Running from : C:\Users\sm1851\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IEGNC92S\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v ************************* AdwCleaner[R0].txt - [1073 octets] - [25/01/2014 13:34:07] AdwCleaner[s0].txt - [1004 octets] - [25/01/2014 13:37:30] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1064 octets] ########## ------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes Anti-Malware (MEE) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.25.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 sm1851 :: MESSER1073 [administrator] Protection: Enabled 1/25/2014 1:56:42 PM mbam-log-2014-01-25 (13-56-42).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 480657 Time elapsed: 36 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. Hello Mr. Charlie, Thanks for taking this on. I am hopeful that your expertise can rid me of this hijacker! Please find the report attached. Again, thank you very much! Steve RKreport0_S_01242014_174623.txt
  7. Hello. I am following the directions from previous form post 9573 "I'm infected - What do I do now?" Please find the requested dds.txt and attach.txt reports generated from dds.com attached as a zip file. I apologize but for some reason (spigot?) I can not copy and paste here. I can to MS Notebook etc? I apologize for the inconvenience. Thank you so much for your assistance! Please confirm receipt and any further instructions. Btw, did not see an "immediate email notification" option... did I miss it? Dr Steve Messer P.S. We run Malwarebytes Enterprise here at my University. A little surprised this was not caught. Has apparently been around for years? attach.zip dds.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.