API tools faq
paste
Advertisement
tifftriss

FARBAR RCPCSS.DLL

tifftriss
Apr 18th, 2014
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 67.65 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
  2. Ran by April Bowers Agency (administrator) on APRILBOWERSINS2 on 18-04-2014 09:52:43
  3. Running from C:\Users\April Bowers Agency\Downloads
  4. Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
  5. Internet Explorer Version 9
  6. Boot Mode: Normal
  7.  
  8. The only official download link for FRST:
  9. Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
  10. Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
  11. Download link from any site other than Bleeping Computer is unpermitted or outdated.
  12. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  13.  
  14. ==================== Processes (Whitelisted) =================
  15.  
  16. (AMD) C:\Windows\system32\atiesrxx.exe
  17. (AMD) C:\Windows\system32\atieclxx.exe
  18. (McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
  19. (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
  20. (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
  21. (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
  22. (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
  23. (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
  24. (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
  25. (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
  26. (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
  27. (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
  28. (ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\system32\PrintDisp.exe
  29. (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
  30. (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
  31. (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
  32. (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
  33. (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
  34. (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
  35. (ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
  36. (j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe
  37. (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
  38. () C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
  39. (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
  40. (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
  41. (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
  42. (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
  43. (ScanPoint, Inc.) C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe
  44. (j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe
  45. (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
  46. (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
  47. (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
  48. (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
  49. (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
  50. (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
  51. (Juniper Networks, Inc.) C:\Users\April Bowers Agency\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
  52. (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
  53. (Microsoft Corporation) C:\Windows\splwow64.exe
  54.  
  55.  
  56. ==================== Registry (Whitelisted) ==================
  57.  
  58. HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
  59. HKLM\...\Run: [CANON DR2510C SVC] => C:\Windows\system32\DR251SVC.dll [158720 2009-09-15] (Canon Electronics)
  60. HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [559752 2014-03-04] (ActMask Co.,Ltd - http://www.all2pdf.com)
  61. HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [256152 2011-09-12] (McAfee, Inc.)
  62. HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
  63. HKLM-x32\...\Run: [CDAServer] => C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe [311296 2010-07-29] ()
  64. HKLM-x32\...\Run: [EFUpdater] => C:\Program Files (x86)\ScanPoint\Easyfile\clientupdate.exe [81920 2012-11-29] (ScanPoint, Inc.)
  65. HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
  66. HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
  67. HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
  68. HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
  69. HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
  70. HKU\S-1-5-21-4234849188-1163541568-2843079188-1000\...\Run: [MetroFax 4.4] => C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe [95232 2013-12-10] (j2 Global, Inc.)
  71. AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
  72. Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hotfolder.lnk
  73. ShortcutTarget: Hotfolder.lnk -> C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe (ScanPoint, Inc.)
  74. Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MetroFax 4.4.lnk
  75. ShortcutTarget: MetroFax 4.4.lnk -> C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe (j2 Global, Inc.)
  76. Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netlogin.bat ()
  77.  
  78. ==================== Internet (Whitelisted) ====================
  79.  
  80. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
  81. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  82. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
  83. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
  84. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
  85. StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
  86. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  87. SearchScopes: HKLM - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
  88. SearchScopes: HKLM - {8A2A1F46-B256-4F42-BB7E-97F8A6A06F11} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
  89. SearchScopes: HKLM-x32 - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
  90. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  91. SearchScopes: HKCU - 197F8597FDE1425FA34FE4EB92076F5B URL = http://mysearch.avg.com/search?cid={43CE3F6A-E2FA-477D-8E0A-786FD9F12614}&mid=51294f39f16447d2bd4605cc2242a07b-acee7f0a0a68a23e1acdbc83359e9745286962de&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-08 15:49:18&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
  92. SearchScopes: HKCU - {31DCD56E-EB15-43F2-A979-C874D0B401C6} URL =
  93. SearchScopes: HKCU - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
  94. BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
  95. BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
  96. BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
  97. BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
  98. BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
  99. BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
  100. BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
  101. BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
  102. BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
  103. BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
  104. Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
  105. Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
  106. Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
  107. DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
  108. DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
  109. DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
  110. DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
  111. DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
  112. DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  113. DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
  114. DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
  115. Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
  116. Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
  117. Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
  118. Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
  119. Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  120. Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  121. Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  122. Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  123. Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  124. Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  125. Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  126. Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  127. Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  128. Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  129. Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  130. Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  131. Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  132. Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  133. Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  134. Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
  135. Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  136. Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  137. Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  138. Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  139. Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  140. Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  141. Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  142. Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  143. Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  144. Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  145. Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  146. Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  147. Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  148. Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  149. Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  150. Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
  151. Tcpip\Parameters: [DhcpNameServer] 10.1.10.1
  152.  
  153. FireFox:
  154. ========
  155. FF Plugin: @microsoft.com/GENUINE - disabled No File
  156. FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
  157. FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
  158. FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
  159. FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
  160. FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
  161. FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
  162. FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  163. FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} [2013-02-26]
  164. FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
  165. FF Extension: McAfee SiteAdvisor Enterprise - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ []
  166. FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
  167. FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-02-21]
  168.  
  169. Chrome:
  170. =======
  171. CHR HomePage: hxxp://www.google.com/
  172. CHR StartupUrls: "hxxp://www.google.com/"
  173. CHR Extension: (Docs) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
  174. CHR Extension: (Google Drive) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
  175. CHR Extension: (YouTube) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
  176. CHR Extension: (Google Search) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
  177. CHR Extension: (Google Wallet) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
  178. CHR Extension: (Gmail) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
  179.  
  180. ==================== Services (Whitelisted) =================
  181.  
  182. R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [641336 2011-09-12] (McAfee, Inc.)
  183. S4 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
  184. S4 LkWebLink; C:\Users\April Bowers Agency\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [32768 2007-09-20] (Inter-Tel (Delaware), Inc)
  185. R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
  186. R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
  187. R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.)
  188. R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
  189. S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
  190. R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-07-10] (McAfee, Inc.)
  191. R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
  192. R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-08-09] (McAfee, Inc.)
  193. R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-07-10] (McAfee, Inc.)
  194. R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
  195.  
  196. ==================== Drivers (Whitelisted) ====================
  197.  
  198. U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
  199. R3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes)
  200. S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [48840 2011-10-07] (McAfee, Inc.)
  201. S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [195024 2011-09-12] (McAfee, Inc.)
  202. R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
  203. R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
  204. R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
  205. R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-07-10] (McAfee, Inc.)
  206. R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-07-10] (McAfee, Inc.)
  207. U3 mfeavfk01; No ImagePath
  208. R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481504 2011-08-16] (McAfee, Inc.)
  209. R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-07-10] (McAfee, Inc.)
  210. R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-08-16] (McAfee, Inc.)
  211. S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-07-10] (McAfee, Inc.)
  212. R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-07-10] (McAfee, Inc.)
  213. R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
  214. S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
  215. S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
  216. S3 Firehk; system32\DRIVERS\firehk.sys [X]
  217. S3 FirehkMP; system32\DRIVERS\firehk.sys [X]
  218. S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
  219.  
  220. ========================== Drivers MD5 =======================
  221.  
  222. C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
  223. C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
  224. C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
  225. C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
  226. C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
  227. C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
  228. C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
  229. C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
  230. C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
  231. C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
  232. C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
  233. C:\Windows\System32\DRIVERS\atikmdag.sys 75E4BACA583AE02C11E9AC8747E2ABE0
  234. C:\Windows\System32\DRIVERS\atikmpag.sys B765CF4B32F347BE747B21AE22641025
  235. C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
  236. C:\Windows\System32\DRIVERS\amdsata.sys F747497A0EE5498F79B207F215B3D2D8
  237. C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
  238. C:\Windows\System32\DRIVERS\amdxata.sys 2946D695E158615BAAA16248E63C7ADB
  239. C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
  240. C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
  241. C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
  242. C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
  243. C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
  244. C:\Windows\System32\DRIVERS\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
  245. C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
  246. C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
  247. C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
  248. C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
  249. C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
  250. C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
  251. C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
  252. C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
  253. C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
  254. C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
  255. C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
  256. C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
  257. C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
  258. C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
  259. C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
  260. C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
  261. C:\Windows\System32\CLFS.sys ==> MD5 is legit
  262. C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
  263. C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
  264. C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
  265. C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
  266. C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
  267. C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
  268. C:\Windows\System32\DRIVERS\ctxusbm.sys C20E2A7A29F06A69C40E949255257B01
  269. C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
  270. C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
  271. C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
  272. C:\Windows\System32\DRIVERS\DM150Drv.sys F2BD97B3AF9557F8B17AD9FA831BFE11
  273. C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
  274. C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
  275. C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
  276. C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
  277. C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
  278. C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
  279. C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
  280. C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
  281. C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
  282. C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
  283. C:\Windows\System32\drivers\FireNfcp.sys 528EB2FCEBA6B12E28159DCD2DE97763
  284. C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
  285. C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
  286. C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
  287. C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
  288. C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
  289. C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
  290. C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
  291. C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
  292. C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
  293. C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
  294. C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
  295. C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
  296. C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
  297. C:\Windows\System32\drivers\HipShieldK.sys B18B4AB7012EF2304546DF6D0D6C656D
  298. C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
  299. C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
  300. C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
  301. C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
  302. C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
  303. C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
  304. C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
  305. C:\Windows\System32\drivers\RTKVHD64.sys 2B888BBDF6962E608A5E1A1D7A626ADF
  306. C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
  307. C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
  308. C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
  309. C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
  310. C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
  311. C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
  312. C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
  313. C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
  314. C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
  315. C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
  316. C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
  317. C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
  318. C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
  319. C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
  320. C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
  321. C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
  322. C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
  323. C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
  324. C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
  325. C:\Windows\system32\drivers\mbam.sys FD5465B876D55534117963FAAA4B9DFC
  326. C:\Windows\system32\drivers\MBAMSwissArmy.sys 6140163BFE9D8F2DFDBA088ED5521C13
  327. C:\Windows\system32\drivers\mwac.sys C49915271600CFC2305FAA4271D0002F
  328. C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
  329. C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
  330. C:\Windows\System32\drivers\mfeapfk.sys 581AFAFA23A61CE6C4D96EFB2A28DE8C
  331. C:\Windows\System32\drivers\mfeavfk.sys DCC7ACD0A249B0952A7C73BA85CF5DC4
  332. C:\Windows\System32\drivers\mfefirek.sys DF470D7B1F7E17998C352F8215AF2C37
  333. C:\Windows\System32\drivers\mfehidk.sys 3EF12141921EDEC8D83C644759AD7F00
  334. C:\Windows\System32\DRIVERS\mfenlfk.sys C18DDD3B83E941571634DB0D82A70023
  335. C:\Windows\System32\drivers\mferkdet.sys 92FD2EB7C52B4A8504BCE111F5810B55
  336. C:\Windows\System32\drivers\mfewfpk.sys 173751FF26D45B462D0D27E1561912C2
  337. C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
  338. C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
  339. C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
  340. C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
  341. C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
  342. C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
  343. C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
  344. C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
  345. C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
  346. C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
  347. C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
  348. C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
  349. C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
  350. C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
  351. C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
  352. C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
  353. C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
  354. C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
  355. C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
  356. C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
  357. C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
  358. C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
  359. C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
  360. C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
  361. C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
  362. C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
  363. C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
  364. C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
  365. C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
  366. C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
  367. C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
  368. C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS A35AE9B54B4C854E4B90940EF7FC0864
  369. C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
  370. C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
  371. C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
  372. C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
  373. C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
  374. C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
  375. C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
  376. C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
  377. C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
  378. C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
  379. C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
  380. C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
  381. C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
  382. C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
  383. C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
  384. C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
  385. C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
  386. C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
  387. C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
  388. C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
  389. C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
  390. C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
  391. C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
  392. C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
  393. C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
  394. C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
  395. C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
  396. C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
  397. C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
  398. C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
  399. C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
  400. C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
  401. C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
  402. C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
  403. C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
  404. C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
  405. C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
  406. C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A
  407. C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
  408. C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
  409. C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
  410. C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
  411. C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
  412. C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
  413. C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
  414. C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
  415. C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
  416. C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
  417. C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
  418. C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
  419. C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
  420. C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
  421. C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
  422. C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
  423. C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
  424. C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB
  425. C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
  426. C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
  427. C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
  428. C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
  429. C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
  430. C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
  431. C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
  432. C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
  433. C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
  434. C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
  435. C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
  436. C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
  437. C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
  438. C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
  439. C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
  440. C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
  441. C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
  442. C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
  443. C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
  444. C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
  445. C:\Windows\system32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
  446. C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
  447. C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
  448. C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
  449. C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
  450. C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
  451. C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
  452. C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
  453. C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
  454. C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
  455. C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
  456. C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
  457. C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
  458. C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
  459. C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
  460. C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
  461. C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
  462. C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
  463. C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
  464. C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
  465. C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
  466. C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
  467. C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
  468. C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
  469. C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
  470. C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
  471. C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
  472. C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
  473. C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
  474. C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
  475.  
  476. ==================== NetSvcs (Whitelisted) ===================
  477.  
  478.  
  479. ==================== One Month Created Files and Folders ========
  480.  
  481. 2014-04-18 09:29 - 2014-04-18 09:29 - 00000000 ____D () C:\Users\April Bowers Agency\Downloads\FRST-OlderVersion
  482. 2014-04-17 17:35 - 2014-04-18 09:25 - 00000086 _____ () C:\Windows\system32\tuflbf.xus
  483. 2014-04-17 17:28 - 2014-04-18 09:16 - 00037888 _____ () C:\Windows\system32\qjkhykp.ldz
  484. 2014-04-17 17:25 - 2014-04-18 09:16 - 00000109 _____ () C:\Windows\system32\uyhkvj.mnr
  485. 2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\liroxn.ase
  486. 2014-04-17 17:09 - 2014-04-17 17:09 - 00301959 ____S () C:\Windows\system32\jvfaz.ofr
  487. 2014-04-17 17:09 - 2014-04-17 17:09 - 00245760 _____ (Applied Systems) C:\Users\April Bowers Agency\AppData\Roaming\yxxqj.dll
  488. 2014-04-17 17:05 - 2014-04-17 17:05 - 00409600 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FSS.exe
  489. 2014-04-17 17:05 - 2014-04-17 17:05 - 00002249 _____ () C:\Users\April Bowers Agency\Desktop\FSS.txt
  490. 2014-04-17 16:26 - 2014-04-17 16:26 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\April Bowers Agency\Desktop\tdsskiller.exe
  491. 2014-04-17 16:16 - 2014-04-17 16:16 - 00003314 _____ () C:\Users\April Bowers Agency\Desktop\RKreport[0]_S_04172014_161650.txt
  492. 2014-04-17 16:11 - 2014-04-17 17:42 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\RK_Quarantine
  493. 2014-04-15 09:30 - 2014-04-15 09:30 - 00002022 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
  494. 2014-04-15 09:28 - 2014-04-15 09:29 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\April Bowers Agency\Downloads\AdbeRdr11006_en_US.exe
  495. 2014-04-15 09:10 - 2014-04-15 09:10 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\CrashDumps
  496. 2014-04-14 14:23 - 2014-04-14 14:23 - 00002609 _____ () C:\Users\Public\Desktop\DocBuild Plus.lnk
  497. 2014-04-14 14:23 - 2014-04-14 14:23 - 00001446 _____ () C:\Users\Public\Desktop\Docs.lnk
  498. 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\SureScan
  499. 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\ScanPoint Printer
  500. 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\DocBuild
  501. 2014-04-14 14:23 - 2013-05-29 11:43 - 00929792 _____ (ActMask http://www.all2pdf.com) C:\Windows\SysWOW64\SaveTo.dll
  502. 2014-04-14 14:18 - 2013-12-07 13:25 - 04454128 _____ (DynaForms GmbH) C:\Windows\SysWOW64\CPDF4.dll
  503. 2014-04-14 12:50 - 2014-04-14 12:50 - 00001008 _____ () C:\Users\April Bowers Agency\Desktop\checkup.txt
  504. 2014-04-14 12:49 - 2014-04-14 12:49 - 00987448 _____ () C:\Users\April Bowers Agency\Desktop\SecurityCheck.exe
  505. 2014-04-14 12:48 - 2014-04-14 12:48 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck (1).exe
  506. 2014-04-14 12:48 - 2014-04-14 12:48 - 00003450 _____ () C:\Users\April Bowers Agency\Desktop\HitmanPro_20140414_1248.log
  507. 2014-04-14 12:34 - 2014-04-14 12:48 - 00000000 ____D () C:\ProgramData\HitmanPro
  508. 2014-04-14 11:43 - 2014-04-14 11:44 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\New folder
  509. 2014-04-14 09:21 - 2014-04-18 09:31 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  510. 2014-04-14 09:21 - 2014-04-18 09:31 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  511. 2014-04-14 09:21 - 2014-04-14 09:26 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  512. 2014-04-14 09:21 - 2014-04-14 09:26 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  513. 2014-04-12 03:01 - 2014-03-07 23:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
  514. 2014-04-12 03:01 - 2014-03-07 23:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
  515. 2014-04-12 03:01 - 2014-03-07 22:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
  516. 2014-04-12 03:01 - 2014-03-07 22:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
  517. 2014-04-12 03:01 - 2014-03-07 22:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
  518. 2014-04-12 03:01 - 2014-03-07 22:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
  519. 2014-04-12 03:01 - 2014-03-07 22:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
  520. 2014-04-12 03:01 - 2014-03-07 22:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
  521. 2014-04-12 03:01 - 2014-03-07 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
  522. 2014-04-12 03:01 - 2014-03-07 22:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
  523. 2014-04-12 03:01 - 2014-03-07 22:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
  524. 2014-04-12 03:01 - 2014-03-07 22:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
  525. 2014-04-12 03:01 - 2014-03-07 22:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
  526. 2014-04-12 03:01 - 2014-03-07 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
  527. 2014-04-12 03:01 - 2014-03-07 22:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
  528. 2014-04-12 03:01 - 2014-03-07 22:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
  529. 2014-04-12 03:01 - 2014-03-07 18:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
  530. 2014-04-12 03:01 - 2014-03-07 18:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
  531. 2014-04-12 03:01 - 2014-03-07 18:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
  532. 2014-04-12 03:01 - 2014-03-07 18:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
  533. 2014-04-12 03:01 - 2014-03-07 18:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
  534. 2014-04-12 03:01 - 2014-03-07 18:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
  535. 2014-04-12 03:01 - 2014-03-07 17:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
  536. 2014-04-12 03:01 - 2014-03-07 17:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
  537. 2014-04-12 03:01 - 2014-03-07 17:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
  538. 2014-04-12 03:01 - 2014-03-07 17:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
  539. 2014-04-12 03:01 - 2014-03-07 17:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
  540. 2014-04-12 03:01 - 2014-03-07 17:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
  541. 2014-04-12 03:01 - 2014-03-07 17:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
  542. 2014-04-12 03:01 - 2014-03-07 17:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
  543. 2014-04-12 03:01 - 2014-03-07 17:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
  544. 2014-04-12 03:00 - 2014-03-07 18:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
  545. 2014-04-11 13:50 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
  546. 2014-04-11 13:50 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
  547. 2014-04-11 13:50 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
  548. 2014-04-11 13:50 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
  549. 2014-04-11 13:50 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
  550. 2014-04-11 13:50 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
  551. 2014-04-11 13:50 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
  552. 2014-04-11 13:50 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
  553. 2014-04-11 13:50 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
  554. 2014-04-11 13:50 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
  555. 2014-04-11 13:50 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
  556. 2014-04-11 13:50 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
  557. 2014-04-11 13:50 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
  558. 2014-04-11 13:50 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
  559. 2014-04-11 13:50 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
  560. 2014-04-11 13:50 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
  561. 2014-04-11 13:50 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
  562. 2014-04-10 18:00 - 2014-04-10 18:12 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
  563. 2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
  564. 2014-04-10 12:57 - 2014-04-18 09:52 - 00037816 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
  565. 2014-04-10 12:57 - 2014-04-18 09:52 - 00000000 ____D () C:\FRST
  566. 2014-04-10 12:57 - 2014-04-18 09:29 - 02158592 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
  567. 2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
  568. 2014-04-10 09:17 - 2014-04-10 12:59 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
  569. 2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
  570. 2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
  571. 2014-04-09 21:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
  572. 2014-04-09 21:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
  573. 2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
  574. 2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
  575. 2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
  576. 2014-04-09 21:05 - 2014-04-09 21:22 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
  577. 2014-04-09 20:33 - 2014-04-18 09:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
  578. 2014-04-09 20:33 - 2014-04-09 21:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
  579. 2014-04-09 20:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
  580. 2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
  581. 2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
  582. 2014-04-09 17:39 - 2014-04-10 10:05 - 00000000 ____D () C:\Windows\ERDNT
  583. 2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
  584. 2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
  585. 2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
  586. 2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
  587. 2014-04-09 17:30 - 2014-04-09 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
  588. 2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
  589. 2014-04-09 14:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
  590. 2014-04-09 14:40 - 2014-04-09 14:41 - 00000000 ___HD () C:\Windows\msdownld.tmp
  591. 2014-04-09 14:37 - 2014-04-09 14:41 - 00012827 _____ () C:\Windows\IE11_main.log
  592. 2014-04-09 13:45 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
  593. 2014-04-09 13:45 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
  594. 2014-04-09 11:36 - 2014-04-09 11:49 - 00000000 ____D () C:\ProgramData\BoostSoftware
  595. 2014-04-09 11:21 - 2014-04-09 11:23 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
  596. 2014-04-08 20:35 - 2014-04-09 13:43 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
  597. 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
  598. 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
  599. 2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
  600. 2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
  601. 2014-04-08 15:45 - 2014-04-08 20:55 - 00000000 ____D () C:\ProgramData\AVG2014
  602. 2014-04-08 15:45 - 2014-04-08 20:54 - 00000000 ____D () C:\$AVG
  603. 2014-04-08 15:40 - 2014-04-09 12:51 - 00000000 ____D () C:\ProgramData\MFAData
  604. 2014-04-08 15:40 - 2014-04-09 09:22 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
  605. 2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
  606. 2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
  607. 2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
  608. 2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
  609. 2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
  610. 2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
  611. 2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
  612. 2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
  613. 2014-03-19 12:39 - 2014-03-19 12:40 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
  614. 2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
  615. 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
  616. 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
  617. 2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
  618. 2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
  619. 2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
  620.  
  621. ==================== One Month Modified Files and Folders =======
  622.  
  623. 2014-04-18 09:52 - 2014-04-10 12:57 - 00037816 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
  624. 2014-04-18 09:52 - 2014-04-10 12:57 - 00000000 ____D () C:\FRST
  625. 2014-04-18 09:35 - 2010-11-21 13:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
  626. 2014-04-18 09:33 - 2010-09-20 19:27 - 02056403 _____ () C:\Windows\WindowsUpdate.log
  627. 2014-04-18 09:31 - 2014-04-14 09:21 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  628. 2014-04-18 09:31 - 2014-04-14 09:21 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  629. 2014-04-18 09:29 - 2014-04-18 09:29 - 00000000 ____D () C:\Users\April Bowers Agency\Downloads\FRST-OlderVersion
  630. 2014-04-18 09:29 - 2014-04-10 12:57 - 02158592 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
  631. 2014-04-18 09:25 - 2014-04-17 17:35 - 00000086 _____ () C:\Windows\system32\tuflbf.xus
  632. 2014-04-18 09:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  633. 2014-04-18 09:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  634. 2014-04-18 09:17 - 2014-04-09 20:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
  635. 2014-04-18 09:16 - 2014-04-17 17:28 - 00037888 _____ () C:\Windows\system32\qjkhykp.ldz
  636. 2014-04-18 09:16 - 2014-04-17 17:25 - 00000109 _____ () C:\Windows\system32\uyhkvj.mnr
  637. 2014-04-18 09:13 - 2011-01-18 10:18 - 00042602 _____ () C:\Windows\setupact.log
  638. 2014-04-18 09:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
  639. 2014-04-17 18:27 - 2012-12-09 19:46 - 00000388 _____ () C:\Windows\Tasks\HPCeeScheduleForApril Bowers Agency.job
  640. 2014-04-17 17:57 - 2012-05-08 08:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
  641. 2014-04-17 17:44 - 2013-11-13 09:55 - 00003458 _____ () C:\Windows\System32\Tasks\IE11
  642. 2014-04-17 17:42 - 2014-04-17 16:11 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\RK_Quarantine
  643. 2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\liroxn.ase
  644. 2014-04-17 17:24 - 2010-09-20 21:48 - 00825168 _____ () C:\Windows\PFRO.log
  645. 2014-04-17 17:09 - 2014-04-17 17:09 - 00301959 ____S () C:\Windows\system32\jvfaz.ofr
  646. 2014-04-17 17:09 - 2014-04-17 17:09 - 00245760 _____ (Applied Systems) C:\Users\April Bowers Agency\AppData\Roaming\yxxqj.dll
  647. 2014-04-17 17:05 - 2014-04-17 17:05 - 00409600 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FSS.exe
  648. 2014-04-17 17:05 - 2014-04-17 17:05 - 00002249 _____ () C:\Users\April Bowers Agency\Desktop\FSS.txt
  649. 2014-04-17 16:26 - 2014-04-17 16:26 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\April Bowers Agency\Desktop\tdsskiller.exe
  650. 2014-04-17 16:16 - 2014-04-17 16:16 - 00003314 _____ () C:\Users\April Bowers Agency\Desktop\RKreport[0]_S_04172014_161650.txt
  651. 2014-04-17 12:15 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\easy file
  652. 2014-04-17 09:23 - 2013-05-06 08:53 - 00003458 _____ () C:\Windows\System32\Tasks\IE10
  653. 2014-04-16 14:46 - 2012-08-22 13:42 - 00000000 ____D () C:\Quarantine
  654. 2014-04-15 09:30 - 2014-04-15 09:30 - 00002022 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
  655. 2014-04-15 09:29 - 2014-04-15 09:28 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\April Bowers Agency\Downloads\AdbeRdr11006_en_US.exe
  656. 2014-04-15 09:29 - 2010-11-20 10:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
  657. 2014-04-15 09:29 - 2010-11-19 20:52 - 00000000 ____D () C:\ProgramData\Adobe
  658. 2014-04-15 09:10 - 2014-04-15 09:10 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\CrashDumps
  659. 2014-04-15 00:33 - 2010-09-20 19:28 - 00000000 ____D () C:\ProgramData\PDFC
  660. 2014-04-14 15:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
  661. 2014-04-14 14:26 - 2011-03-16 10:04 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\ScanPoint
  662. 2014-04-14 14:23 - 2014-04-14 14:23 - 00002609 _____ () C:\Users\Public\Desktop\DocBuild Plus.lnk
  663. 2014-04-14 14:23 - 2014-04-14 14:23 - 00001446 _____ () C:\Users\Public\Desktop\Docs.lnk
  664. 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\SureScan
  665. 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\ScanPoint Printer
  666. 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\DocBuild
  667. 2014-04-14 14:23 - 2014-01-31 14:11 - 00000000 ____D () C:\ActMask
  668. 2014-04-14 14:22 - 2012-06-26 10:19 - 00000000 ____D () C:\Windows\SysWOW64\sigplus
  669. 2014-04-14 14:22 - 2011-03-16 09:55 - 00000000 ____D () C:\Program Files (x86)\ScanPoint
  670. 2014-04-14 14:22 - 2011-03-16 09:55 - 00000000 ____D () C:\EFData
  671. 2014-04-14 13:03 - 2011-01-13 11:06 - 00000000 ____D () C:\Windows\pss
  672. 2014-04-14 12:50 - 2014-04-14 12:50 - 00001008 _____ () C:\Users\April Bowers Agency\Desktop\checkup.txt
  673. 2014-04-14 12:49 - 2014-04-14 12:49 - 00987448 _____ () C:\Users\April Bowers Agency\Desktop\SecurityCheck.exe
  674. 2014-04-14 12:48 - 2014-04-14 12:48 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck (1).exe
  675. 2014-04-14 12:48 - 2014-04-14 12:48 - 00003450 _____ () C:\Users\April Bowers Agency\Desktop\HitmanPro_20140414_1248.log
  676. 2014-04-14 12:48 - 2014-04-14 12:34 - 00000000 ____D () C:\ProgramData\HitmanPro
  677. 2014-04-14 11:44 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\New folder
  678. 2014-04-14 10:01 - 2010-11-22 10:42 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Deployment
  679. 2014-04-14 10:00 - 2010-11-22 10:42 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Apps\2.0
  680. 2014-04-14 09:35 - 2011-05-23 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
  681. 2014-04-14 09:34 - 2011-05-23 14:50 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Google
  682. 2014-04-14 09:34 - 2010-11-19 23:06 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Adobe
  683. 2014-04-14 09:26 - 2014-04-14 09:21 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  684. 2014-04-14 09:26 - 2014-04-14 09:21 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  685. 2014-04-14 09:22 - 2011-05-23 14:50 - 00000000 ____D () C:\Program Files\Google
  686. 2014-04-14 09:22 - 2011-05-23 14:49 - 00000000 ____D () C:\ProgramData\Google
  687. 2014-04-14 09:21 - 2012-05-08 08:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
  688. 2014-04-14 09:21 - 2012-05-08 08:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
  689. 2014-04-14 09:21 - 2011-10-11 08:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
  690. 2014-04-12 12:27 - 2012-12-09 19:46 - 00003270 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForApril Bowers Agency
  691. 2014-04-12 12:27 - 2012-02-18 13:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
  692. 2014-04-12 12:27 - 2010-11-20 10:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
  693. 2014-04-10 18:12 - 2014-04-10 18:00 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
  694. 2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
  695. 2014-04-10 12:59 - 2014-04-10 09:17 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
  696. 2014-04-10 10:05 - 2014-04-09 17:39 - 00000000 ____D () C:\Windows\ERDNT
  697. 2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
  698. 2014-04-09 22:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
  699. 2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
  700. 2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
  701. 2014-04-09 21:46 - 2013-08-22 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
  702. 2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
  703. 2014-04-09 21:34 - 2012-05-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
  704. 2014-04-09 21:22 - 2014-04-09 21:05 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
  705. 2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
  706. 2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
  707. 2014-04-09 21:01 - 2014-04-09 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
  708. 2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
  709. 2014-04-09 20:05 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
  710. 2014-04-09 19:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
  711. 2014-04-09 19:41 - 2010-11-19 09:52 - 00000000 ____D () C:\Users\April Bowers Agency
  712. 2014-04-09 19:11 - 2009-07-13 23:45 - 00302176 _____ () C:\Windows\system32\FNTCACHE.DAT
  713. 2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
  714. 2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
  715. 2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
  716. 2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
  717. 2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
  718. 2014-04-09 17:31 - 2014-04-09 17:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
  719. 2014-04-09 15:54 - 2010-11-19 09:53 - 00068736 _____ () C:\Users\April Bowers Agency\AppData\Local\GDIPFONTCACHEV1.DAT
  720. 2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
  721. 2014-04-09 14:41 - 2014-04-09 14:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
  722. 2014-04-09 14:41 - 2014-04-09 14:37 - 00012827 _____ () C:\Windows\IE11_main.log
  723. 2014-04-09 13:43 - 2014-04-08 20:35 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
  724. 2014-04-09 13:19 - 2013-08-14 18:33 - 00000000 ____D () C:\Windows\system32\MRT
  725. 2014-04-09 12:51 - 2014-04-08 15:40 - 00000000 ____D () C:\ProgramData\MFAData
  726. 2014-04-09 12:51 - 2014-01-24 10:31 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\ICAClient
  727. 2014-04-09 12:51 - 2013-04-26 08:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
  728. 2014-04-09 12:51 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Network Associates
  729. 2014-04-09 12:51 - 2010-09-20 19:39 - 00000000 ____D () C:\ProgramData\CinemaNow
  730. 2014-04-09 12:51 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
  731. 2014-04-09 12:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
  732. 2014-04-09 11:49 - 2014-04-09 11:36 - 00000000 ____D () C:\ProgramData\BoostSoftware
  733. 2014-04-09 11:23 - 2014-04-09 11:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
  734. 2014-04-09 09:22 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
  735. 2014-04-08 20:55 - 2014-04-08 15:45 - 00000000 ____D () C:\ProgramData\AVG2014
  736. 2014-04-08 20:54 - 2014-04-08 15:45 - 00000000 ____D () C:\$AVG
  737. 2014-04-08 20:41 - 2012-09-28 18:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\tiffs hours
  738. 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
  739. 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
  740. 2014-04-08 19:51 - 2014-01-20 11:02 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\files for system
  741. 2014-04-08 18:03 - 2012-04-27 14:35 - 00000160 _____ () C:\Windows\setscan.ini
  742. 2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\ProgramData\LogMeIn
  743. 2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
  744. 2014-04-08 16:47 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Citrix
  745. 2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
  746. 2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
  747. 2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
  748. 2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
  749. 2014-04-08 13:20 - 2014-01-27 15:44 - 00000000 _____ () C:\Users\April Bowers Agency\Documents\MetroFax_4_4_Port
  750. 2014-04-08 10:29 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
  751. 2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
  752. 2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
  753. 2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
  754. 2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
  755. 2014-04-04 16:12 - 2011-03-22 13:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\April Bowers Agency Info
  756. 2014-04-04 14:33 - 2012-05-17 12:05 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\marketing tiffs
  757. 2014-04-03 09:51 - 2014-04-09 21:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
  758. 2014-04-03 09:51 - 2014-04-09 20:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
  759. 2014-04-03 09:50 - 2014-04-09 21:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
  760. 2014-03-31 09:35 - 2010-11-19 10:10 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
  761. 2014-03-31 03:51 - 2010-11-20 10:16 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
  762. 2014-03-25 14:04 - 2012-05-07 14:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\LETTERS, NOTICES TO USE
  763. 2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
  764. 2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
  765. 2014-03-19 12:40 - 2014-03-19 12:39 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
  766. 2014-03-19 12:23 - 2010-11-19 22:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
  767. 2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
  768. 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
  769. 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
  770. 2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
  771. 2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
  772. 2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
  773. 2014-03-19 11:56 - 2013-10-25 17:23 - 00000000 ____D () C:\ProgramData\Oracle
  774.  
  775. Some content of TEMP:
  776. ====================
  777. C:\Users\April Bowers Agency\AppData\Local\Temp\ntdll_dump.dll
  778.  
  779.  
  780. ==================== Bamital & volsnap Check =================
  781.  
  782. C:\Windows\System32\winlogon.exe => MD5 is legit
  783. C:\Windows\System32\wininit.exe => MD5 is legit
  784. C:\Windows\SysWOW64\wininit.exe => MD5 is legit
  785. C:\Windows\explorer.exe => MD5 is legit
  786. C:\Windows\SysWOW64\explorer.exe => MD5 is legit
  787. C:\Windows\System32\svchost.exe => MD5 is legit
  788. C:\Windows\SysWOW64\svchost.exe => MD5 is legit
  789. C:\Windows\System32\services.exe => MD5 is legit
  790. C:\Windows\System32\User32.dll => MD5 is legit
  791. C:\Windows\SysWOW64\User32.dll => MD5 is legit
  792. C:\Windows\System32\userinit.exe => MD5 is legit
  793. C:\Windows\SysWOW64\userinit.exe => MD5 is legit
  794. C:\Windows\System32\rpcss.dll
  795. [2011-06-27 17:50] - [2010-11-20 08:27] - 0515072 ____A (Microsoft Corporation) EB99360B85445FD5FE75E35F77C407DB
  796.  
  797. ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
  798. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
  799.  
  800.  
  801. LastRegBack: 2014-04-09 00:39
  802.  
  803. ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!