Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
- Ran by April Bowers Agency (administrator) on APRILBOWERSINS2 on 18-04-2014 09:52:43
- Running from C:\Users\April Bowers Agency\Downloads
- Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
- Internet Explorer Version 9
- Boot Mode: Normal
- The only official download link for FRST:
- Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
- Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
- Download link from any site other than Bleeping Computer is unpermitted or outdated.
- See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (AMD) C:\Windows\system32\atiesrxx.exe
- (AMD) C:\Windows\system32\atieclxx.exe
- (McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
- (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
- (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
- (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
- (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
- (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
- (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
- (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
- (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
- (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
- (ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\system32\PrintDisp.exe
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
- (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
- (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
- (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
- (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
- (ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
- (j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe
- (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
- () C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
- (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
- (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
- (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
- (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
- (ScanPoint, Inc.) C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe
- (j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe
- (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
- (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
- (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
- (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
- (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
- (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
- (Juniper Networks, Inc.) C:\Users\April Bowers Agency\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
- (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
- (Microsoft Corporation) C:\Windows\splwow64.exe
- ==================== Registry (Whitelisted) ==================
- HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
- HKLM\...\Run: [CANON DR2510C SVC] => C:\Windows\system32\DR251SVC.dll [158720 2009-09-15] (Canon Electronics)
- HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [559752 2014-03-04] (ActMask Co.,Ltd - http://www.all2pdf.com)
- HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [256152 2011-09-12] (McAfee, Inc.)
- HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
- HKLM-x32\...\Run: [CDAServer] => C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe [311296 2010-07-29] ()
- HKLM-x32\...\Run: [EFUpdater] => C:\Program Files (x86)\ScanPoint\Easyfile\clientupdate.exe [81920 2012-11-29] (ScanPoint, Inc.)
- HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
- HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
- HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
- HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
- HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
- HKU\S-1-5-21-4234849188-1163541568-2843079188-1000\...\Run: [MetroFax 4.4] => C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe [95232 2013-12-10] (j2 Global, Inc.)
- AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
- Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hotfolder.lnk
- ShortcutTarget: Hotfolder.lnk -> C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe (ScanPoint, Inc.)
- Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MetroFax 4.4.lnk
- ShortcutTarget: MetroFax 4.4.lnk -> C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe (j2 Global, Inc.)
- Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netlogin.bat ()
- ==================== Internet (Whitelisted) ====================
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
- HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
- StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
- SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKLM - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
- SearchScopes: HKLM - {8A2A1F46-B256-4F42-BB7E-97F8A6A06F11} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
- SearchScopes: HKLM-x32 - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
- SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKCU - 197F8597FDE1425FA34FE4EB92076F5B URL = http://mysearch.avg.com/search?cid={43CE3F6A-E2FA-477D-8E0A-786FD9F12614}&mid=51294f39f16447d2bd4605cc2242a07b-acee7f0a0a68a23e1acdbc83359e9745286962de&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-08 15:49:18&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
- SearchScopes: HKCU - {31DCD56E-EB15-43F2-A979-C874D0B401C6} URL =
- SearchScopes: HKCU - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
- BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
- BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
- BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
- BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
- BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
- BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
- BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
- BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
- BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
- BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
- Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
- Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
- Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
- DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
- DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
- DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
- DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
- DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
- DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
- DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
- DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
- Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
- Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
- Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
- Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
- Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
- Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
- Tcpip\Parameters: [DhcpNameServer] 10.1.10.1
- FireFox:
- ========
- FF Plugin: @microsoft.com/GENUINE - disabled No File
- FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
- FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
- FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
- FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} [2013-02-26]
- FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
- FF Extension: McAfee SiteAdvisor Enterprise - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ []
- FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
- FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-02-21]
- Chrome:
- =======
- CHR HomePage: hxxp://www.google.com/
- CHR StartupUrls: "hxxp://www.google.com/"
- CHR Extension: (Docs) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
- CHR Extension: (Google Drive) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
- CHR Extension: (YouTube) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
- CHR Extension: (Google Search) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
- CHR Extension: (Google Wallet) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
- CHR Extension: (Gmail) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
- ==================== Services (Whitelisted) =================
- R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [641336 2011-09-12] (McAfee, Inc.)
- S4 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
- S4 LkWebLink; C:\Users\April Bowers Agency\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [32768 2007-09-20] (Inter-Tel (Delaware), Inc)
- R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
- R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
- R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.)
- R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
- S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
- R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-07-10] (McAfee, Inc.)
- R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
- R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-08-09] (McAfee, Inc.)
- R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-07-10] (McAfee, Inc.)
- R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
- ==================== Drivers (Whitelisted) ====================
- U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
- R3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes)
- S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [48840 2011-10-07] (McAfee, Inc.)
- S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [195024 2011-09-12] (McAfee, Inc.)
- R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
- R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
- R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
- R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-07-10] (McAfee, Inc.)
- R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-07-10] (McAfee, Inc.)
- U3 mfeavfk01; No ImagePath
- R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481504 2011-08-16] (McAfee, Inc.)
- R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-07-10] (McAfee, Inc.)
- R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-08-16] (McAfee, Inc.)
- S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-07-10] (McAfee, Inc.)
- R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-07-10] (McAfee, Inc.)
- R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
- S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
- S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
- S3 Firehk; system32\DRIVERS\firehk.sys [X]
- S3 FirehkMP; system32\DRIVERS\firehk.sys [X]
- S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
- ========================== Drivers MD5 =======================
- C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
- C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
- C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
- C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
- C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
- C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
- C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\atikmdag.sys 75E4BACA583AE02C11E9AC8747E2ABE0
- C:\Windows\System32\DRIVERS\atikmpag.sys B765CF4B32F347BE747B21AE22641025
- C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\amdsata.sys F747497A0EE5498F79B207F215B3D2D8
- C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\amdxata.sys 2946D695E158615BAAA16248E63C7ADB
- C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
- C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
- C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
- C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
- C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
- C:\Windows\System32\CLFS.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
- C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
- C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
- C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ctxusbm.sys C20E2A7A29F06A69C40E949255257B01
- C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
- C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\DM150Drv.sys F2BD97B3AF9557F8B17AD9FA831BFE11
- C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
- C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
- C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
- C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
- C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
- C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
- C:\Windows\System32\drivers\FireNfcp.sys 528EB2FCEBA6B12E28159DCD2DE97763
- C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
- C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
- C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
- C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
- C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
- C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
- C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
- C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
- C:\Windows\System32\drivers\HipShieldK.sys B18B4AB7012EF2304546DF6D0D6C656D
- C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
- C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
- C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
- C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
- C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
- C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
- C:\Windows\System32\drivers\RTKVHD64.sys 2B888BBDF6962E608A5E1A1D7A626ADF
- C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
- C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
- C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
- C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
- C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
- C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
- C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
- C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
- C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
- C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mbam.sys FD5465B876D55534117963FAAA4B9DFC
- C:\Windows\system32\drivers\MBAMSwissArmy.sys 6140163BFE9D8F2DFDBA088ED5521C13
- C:\Windows\system32\drivers\mwac.sys C49915271600CFC2305FAA4271D0002F
- C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
- C:\Windows\System32\drivers\mfeapfk.sys 581AFAFA23A61CE6C4D96EFB2A28DE8C
- C:\Windows\System32\drivers\mfeavfk.sys DCC7ACD0A249B0952A7C73BA85CF5DC4
- C:\Windows\System32\drivers\mfefirek.sys DF470D7B1F7E17998C352F8215AF2C37
- C:\Windows\System32\drivers\mfehidk.sys 3EF12141921EDEC8D83C644759AD7F00
- C:\Windows\System32\DRIVERS\mfenlfk.sys C18DDD3B83E941571634DB0D82A70023
- C:\Windows\System32\drivers\mferkdet.sys 92FD2EB7C52B4A8504BCE111F5810B55
- C:\Windows\System32\drivers\mfewfpk.sys 173751FF26D45B462D0D27E1561912C2
- C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
- C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
- C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
- C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
- C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
- C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
- C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
- C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
- C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
- C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
- C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
- C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
- C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS A35AE9B54B4C854E4B90940EF7FC0864
- C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
- C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
- C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
- C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
- C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
- C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
- C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
- C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
- C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
- C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
- C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
- C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
- C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
- C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
- C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
- C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A
- C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
- C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
- C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
- C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
- C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
- C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
- C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB
- C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
- C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
- C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
- C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
- C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
- C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
- C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
- C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
- C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
- C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
- C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
- C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
- C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
- C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
- C:\Windows\system32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
- C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
- C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
- C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
- C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
- C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
- C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
- C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
- C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
- C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
- C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
- C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
- C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
- C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
- C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
- C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
- C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
- C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
- C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
- C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
- C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
- C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
- C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
- ==================== NetSvcs (Whitelisted) ===================
- ==================== One Month Created Files and Folders ========
- 2014-04-18 09:29 - 2014-04-18 09:29 - 00000000 ____D () C:\Users\April Bowers Agency\Downloads\FRST-OlderVersion
- 2014-04-17 17:35 - 2014-04-18 09:25 - 00000086 _____ () C:\Windows\system32\tuflbf.xus
- 2014-04-17 17:28 - 2014-04-18 09:16 - 00037888 _____ () C:\Windows\system32\qjkhykp.ldz
- 2014-04-17 17:25 - 2014-04-18 09:16 - 00000109 _____ () C:\Windows\system32\uyhkvj.mnr
- 2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\liroxn.ase
- 2014-04-17 17:09 - 2014-04-17 17:09 - 00301959 ____S () C:\Windows\system32\jvfaz.ofr
- 2014-04-17 17:09 - 2014-04-17 17:09 - 00245760 _____ (Applied Systems) C:\Users\April Bowers Agency\AppData\Roaming\yxxqj.dll
- 2014-04-17 17:05 - 2014-04-17 17:05 - 00409600 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FSS.exe
- 2014-04-17 17:05 - 2014-04-17 17:05 - 00002249 _____ () C:\Users\April Bowers Agency\Desktop\FSS.txt
- 2014-04-17 16:26 - 2014-04-17 16:26 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\April Bowers Agency\Desktop\tdsskiller.exe
- 2014-04-17 16:16 - 2014-04-17 16:16 - 00003314 _____ () C:\Users\April Bowers Agency\Desktop\RKreport[0]_S_04172014_161650.txt
- 2014-04-17 16:11 - 2014-04-17 17:42 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\RK_Quarantine
- 2014-04-15 09:30 - 2014-04-15 09:30 - 00002022 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
- 2014-04-15 09:28 - 2014-04-15 09:29 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\April Bowers Agency\Downloads\AdbeRdr11006_en_US.exe
- 2014-04-15 09:10 - 2014-04-15 09:10 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\CrashDumps
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00002609 _____ () C:\Users\Public\Desktop\DocBuild Plus.lnk
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00001446 _____ () C:\Users\Public\Desktop\Docs.lnk
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\SureScan
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\ScanPoint Printer
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\DocBuild
- 2014-04-14 14:23 - 2013-05-29 11:43 - 00929792 _____ (ActMask http://www.all2pdf.com) C:\Windows\SysWOW64\SaveTo.dll
- 2014-04-14 14:18 - 2013-12-07 13:25 - 04454128 _____ (DynaForms GmbH) C:\Windows\SysWOW64\CPDF4.dll
- 2014-04-14 12:50 - 2014-04-14 12:50 - 00001008 _____ () C:\Users\April Bowers Agency\Desktop\checkup.txt
- 2014-04-14 12:49 - 2014-04-14 12:49 - 00987448 _____ () C:\Users\April Bowers Agency\Desktop\SecurityCheck.exe
- 2014-04-14 12:48 - 2014-04-14 12:48 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck (1).exe
- 2014-04-14 12:48 - 2014-04-14 12:48 - 00003450 _____ () C:\Users\April Bowers Agency\Desktop\HitmanPro_20140414_1248.log
- 2014-04-14 12:34 - 2014-04-14 12:48 - 00000000 ____D () C:\ProgramData\HitmanPro
- 2014-04-14 11:43 - 2014-04-14 11:44 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\New folder
- 2014-04-14 09:21 - 2014-04-18 09:31 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2014-04-14 09:21 - 2014-04-18 09:31 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2014-04-14 09:21 - 2014-04-14 09:26 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
- 2014-04-14 09:21 - 2014-04-14 09:26 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
- 2014-04-12 03:01 - 2014-03-07 23:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
- 2014-04-12 03:01 - 2014-03-07 23:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
- 2014-04-12 03:01 - 2014-03-07 22:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
- 2014-04-12 03:01 - 2014-03-07 22:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
- 2014-04-12 03:01 - 2014-03-07 22:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
- 2014-04-12 03:01 - 2014-03-07 22:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
- 2014-04-12 03:01 - 2014-03-07 22:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
- 2014-04-12 03:01 - 2014-03-07 22:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
- 2014-04-12 03:01 - 2014-03-07 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
- 2014-04-12 03:01 - 2014-03-07 22:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
- 2014-04-12 03:01 - 2014-03-07 22:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
- 2014-04-12 03:01 - 2014-03-07 22:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
- 2014-04-12 03:01 - 2014-03-07 22:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
- 2014-04-12 03:01 - 2014-03-07 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
- 2014-04-12 03:01 - 2014-03-07 22:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
- 2014-04-12 03:01 - 2014-03-07 22:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
- 2014-04-12 03:01 - 2014-03-07 18:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
- 2014-04-12 03:01 - 2014-03-07 18:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
- 2014-04-12 03:01 - 2014-03-07 18:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
- 2014-04-12 03:01 - 2014-03-07 18:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
- 2014-04-12 03:01 - 2014-03-07 18:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
- 2014-04-12 03:01 - 2014-03-07 18:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
- 2014-04-12 03:01 - 2014-03-07 17:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
- 2014-04-12 03:01 - 2014-03-07 17:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
- 2014-04-12 03:01 - 2014-03-07 17:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
- 2014-04-12 03:01 - 2014-03-07 17:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
- 2014-04-12 03:01 - 2014-03-07 17:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
- 2014-04-12 03:01 - 2014-03-07 17:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
- 2014-04-12 03:01 - 2014-03-07 17:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
- 2014-04-12 03:01 - 2014-03-07 17:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
- 2014-04-12 03:01 - 2014-03-07 17:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
- 2014-04-12 03:00 - 2014-03-07 18:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
- 2014-04-11 13:50 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
- 2014-04-11 13:50 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
- 2014-04-11 13:50 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
- 2014-04-11 13:50 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
- 2014-04-11 13:50 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
- 2014-04-11 13:50 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
- 2014-04-11 13:50 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
- 2014-04-11 13:50 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
- 2014-04-11 13:50 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
- 2014-04-11 13:50 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
- 2014-04-11 13:50 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
- 2014-04-11 13:50 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
- 2014-04-11 13:50 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
- 2014-04-11 13:50 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
- 2014-04-11 13:50 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
- 2014-04-11 13:50 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
- 2014-04-11 13:50 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
- 2014-04-10 18:00 - 2014-04-10 18:12 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
- 2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
- 2014-04-10 12:57 - 2014-04-18 09:52 - 00037816 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
- 2014-04-10 12:57 - 2014-04-18 09:52 - 00000000 ____D () C:\FRST
- 2014-04-10 12:57 - 2014-04-18 09:29 - 02158592 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
- 2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
- 2014-04-10 09:17 - 2014-04-10 12:59 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
- 2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
- 2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
- 2014-04-09 21:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
- 2014-04-09 21:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
- 2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
- 2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
- 2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
- 2014-04-09 21:05 - 2014-04-09 21:22 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
- 2014-04-09 20:33 - 2014-04-18 09:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2014-04-09 20:33 - 2014-04-09 21:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
- 2014-04-09 20:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
- 2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
- 2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
- 2014-04-09 17:39 - 2014-04-10 10:05 - 00000000 ____D () C:\Windows\ERDNT
- 2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
- 2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
- 2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
- 2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
- 2014-04-09 17:30 - 2014-04-09 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
- 2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
- 2014-04-09 14:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
- 2014-04-09 14:40 - 2014-04-09 14:41 - 00000000 ___HD () C:\Windows\msdownld.tmp
- 2014-04-09 14:37 - 2014-04-09 14:41 - 00012827 _____ () C:\Windows\IE11_main.log
- 2014-04-09 13:45 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
- 2014-04-09 13:45 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
- 2014-04-09 11:36 - 2014-04-09 11:49 - 00000000 ____D () C:\ProgramData\BoostSoftware
- 2014-04-09 11:21 - 2014-04-09 11:23 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
- 2014-04-08 20:35 - 2014-04-09 13:43 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
- 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
- 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
- 2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
- 2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
- 2014-04-08 15:45 - 2014-04-08 20:55 - 00000000 ____D () C:\ProgramData\AVG2014
- 2014-04-08 15:45 - 2014-04-08 20:54 - 00000000 ____D () C:\$AVG
- 2014-04-08 15:40 - 2014-04-09 12:51 - 00000000 ____D () C:\ProgramData\MFAData
- 2014-04-08 15:40 - 2014-04-09 09:22 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
- 2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
- 2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
- 2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
- 2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
- 2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
- 2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
- 2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
- 2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
- 2014-03-19 12:39 - 2014-03-19 12:40 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
- 2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
- 2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
- ==================== One Month Modified Files and Folders =======
- 2014-04-18 09:52 - 2014-04-10 12:57 - 00037816 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
- 2014-04-18 09:52 - 2014-04-10 12:57 - 00000000 ____D () C:\FRST
- 2014-04-18 09:35 - 2010-11-21 13:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
- 2014-04-18 09:33 - 2010-09-20 19:27 - 02056403 _____ () C:\Windows\WindowsUpdate.log
- 2014-04-18 09:31 - 2014-04-14 09:21 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2014-04-18 09:31 - 2014-04-14 09:21 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2014-04-18 09:29 - 2014-04-18 09:29 - 00000000 ____D () C:\Users\April Bowers Agency\Downloads\FRST-OlderVersion
- 2014-04-18 09:29 - 2014-04-10 12:57 - 02158592 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
- 2014-04-18 09:25 - 2014-04-17 17:35 - 00000086 _____ () C:\Windows\system32\tuflbf.xus
- 2014-04-18 09:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2014-04-18 09:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2014-04-18 09:17 - 2014-04-09 20:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2014-04-18 09:16 - 2014-04-17 17:28 - 00037888 _____ () C:\Windows\system32\qjkhykp.ldz
- 2014-04-18 09:16 - 2014-04-17 17:25 - 00000109 _____ () C:\Windows\system32\uyhkvj.mnr
- 2014-04-18 09:13 - 2011-01-18 10:18 - 00042602 _____ () C:\Windows\setupact.log
- 2014-04-18 09:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
- 2014-04-17 18:27 - 2012-12-09 19:46 - 00000388 _____ () C:\Windows\Tasks\HPCeeScheduleForApril Bowers Agency.job
- 2014-04-17 17:57 - 2012-05-08 08:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
- 2014-04-17 17:44 - 2013-11-13 09:55 - 00003458 _____ () C:\Windows\System32\Tasks\IE11
- 2014-04-17 17:42 - 2014-04-17 16:11 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\RK_Quarantine
- 2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\liroxn.ase
- 2014-04-17 17:24 - 2010-09-20 21:48 - 00825168 _____ () C:\Windows\PFRO.log
- 2014-04-17 17:09 - 2014-04-17 17:09 - 00301959 ____S () C:\Windows\system32\jvfaz.ofr
- 2014-04-17 17:09 - 2014-04-17 17:09 - 00245760 _____ (Applied Systems) C:\Users\April Bowers Agency\AppData\Roaming\yxxqj.dll
- 2014-04-17 17:05 - 2014-04-17 17:05 - 00409600 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FSS.exe
- 2014-04-17 17:05 - 2014-04-17 17:05 - 00002249 _____ () C:\Users\April Bowers Agency\Desktop\FSS.txt
- 2014-04-17 16:26 - 2014-04-17 16:26 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\April Bowers Agency\Desktop\tdsskiller.exe
- 2014-04-17 16:16 - 2014-04-17 16:16 - 00003314 _____ () C:\Users\April Bowers Agency\Desktop\RKreport[0]_S_04172014_161650.txt
- 2014-04-17 12:15 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\easy file
- 2014-04-17 09:23 - 2013-05-06 08:53 - 00003458 _____ () C:\Windows\System32\Tasks\IE10
- 2014-04-16 14:46 - 2012-08-22 13:42 - 00000000 ____D () C:\Quarantine
- 2014-04-15 09:30 - 2014-04-15 09:30 - 00002022 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
- 2014-04-15 09:29 - 2014-04-15 09:28 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\April Bowers Agency\Downloads\AdbeRdr11006_en_US.exe
- 2014-04-15 09:29 - 2010-11-20 10:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
- 2014-04-15 09:29 - 2010-11-19 20:52 - 00000000 ____D () C:\ProgramData\Adobe
- 2014-04-15 09:10 - 2014-04-15 09:10 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\CrashDumps
- 2014-04-15 00:33 - 2010-09-20 19:28 - 00000000 ____D () C:\ProgramData\PDFC
- 2014-04-14 15:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
- 2014-04-14 14:26 - 2011-03-16 10:04 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\ScanPoint
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00002609 _____ () C:\Users\Public\Desktop\DocBuild Plus.lnk
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00001446 _____ () C:\Users\Public\Desktop\Docs.lnk
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\SureScan
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\ScanPoint Printer
- 2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\DocBuild
- 2014-04-14 14:23 - 2014-01-31 14:11 - 00000000 ____D () C:\ActMask
- 2014-04-14 14:22 - 2012-06-26 10:19 - 00000000 ____D () C:\Windows\SysWOW64\sigplus
- 2014-04-14 14:22 - 2011-03-16 09:55 - 00000000 ____D () C:\Program Files (x86)\ScanPoint
- 2014-04-14 14:22 - 2011-03-16 09:55 - 00000000 ____D () C:\EFData
- 2014-04-14 13:03 - 2011-01-13 11:06 - 00000000 ____D () C:\Windows\pss
- 2014-04-14 12:50 - 2014-04-14 12:50 - 00001008 _____ () C:\Users\April Bowers Agency\Desktop\checkup.txt
- 2014-04-14 12:49 - 2014-04-14 12:49 - 00987448 _____ () C:\Users\April Bowers Agency\Desktop\SecurityCheck.exe
- 2014-04-14 12:48 - 2014-04-14 12:48 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck (1).exe
- 2014-04-14 12:48 - 2014-04-14 12:48 - 00003450 _____ () C:\Users\April Bowers Agency\Desktop\HitmanPro_20140414_1248.log
- 2014-04-14 12:48 - 2014-04-14 12:34 - 00000000 ____D () C:\ProgramData\HitmanPro
- 2014-04-14 11:44 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\New folder
- 2014-04-14 10:01 - 2010-11-22 10:42 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Deployment
- 2014-04-14 10:00 - 2010-11-22 10:42 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Apps\2.0
- 2014-04-14 09:35 - 2011-05-23 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
- 2014-04-14 09:34 - 2011-05-23 14:50 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Google
- 2014-04-14 09:34 - 2010-11-19 23:06 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Adobe
- 2014-04-14 09:26 - 2014-04-14 09:21 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
- 2014-04-14 09:26 - 2014-04-14 09:21 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
- 2014-04-14 09:22 - 2011-05-23 14:50 - 00000000 ____D () C:\Program Files\Google
- 2014-04-14 09:22 - 2011-05-23 14:49 - 00000000 ____D () C:\ProgramData\Google
- 2014-04-14 09:21 - 2012-05-08 08:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
- 2014-04-14 09:21 - 2012-05-08 08:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
- 2014-04-14 09:21 - 2011-10-11 08:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
- 2014-04-12 12:27 - 2012-12-09 19:46 - 00003270 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForApril Bowers Agency
- 2014-04-12 12:27 - 2012-02-18 13:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
- 2014-04-12 12:27 - 2010-11-20 10:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
- 2014-04-10 18:12 - 2014-04-10 18:00 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
- 2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
- 2014-04-10 12:59 - 2014-04-10 09:17 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
- 2014-04-10 10:05 - 2014-04-09 17:39 - 00000000 ____D () C:\Windows\ERDNT
- 2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
- 2014-04-09 22:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
- 2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
- 2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
- 2014-04-09 21:46 - 2013-08-22 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
- 2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
- 2014-04-09 21:34 - 2012-05-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
- 2014-04-09 21:22 - 2014-04-09 21:05 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
- 2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
- 2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
- 2014-04-09 21:01 - 2014-04-09 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
- 2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
- 2014-04-09 20:05 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
- 2014-04-09 19:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
- 2014-04-09 19:41 - 2010-11-19 09:52 - 00000000 ____D () C:\Users\April Bowers Agency
- 2014-04-09 19:11 - 2009-07-13 23:45 - 00302176 _____ () C:\Windows\system32\FNTCACHE.DAT
- 2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
- 2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
- 2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
- 2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
- 2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
- 2014-04-09 17:31 - 2014-04-09 17:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
- 2014-04-09 15:54 - 2010-11-19 09:53 - 00068736 _____ () C:\Users\April Bowers Agency\AppData\Local\GDIPFONTCACHEV1.DAT
- 2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
- 2014-04-09 14:41 - 2014-04-09 14:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
- 2014-04-09 14:41 - 2014-04-09 14:37 - 00012827 _____ () C:\Windows\IE11_main.log
- 2014-04-09 13:43 - 2014-04-08 20:35 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
- 2014-04-09 13:19 - 2013-08-14 18:33 - 00000000 ____D () C:\Windows\system32\MRT
- 2014-04-09 12:51 - 2014-04-08 15:40 - 00000000 ____D () C:\ProgramData\MFAData
- 2014-04-09 12:51 - 2014-01-24 10:31 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\ICAClient
- 2014-04-09 12:51 - 2013-04-26 08:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
- 2014-04-09 12:51 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Network Associates
- 2014-04-09 12:51 - 2010-09-20 19:39 - 00000000 ____D () C:\ProgramData\CinemaNow
- 2014-04-09 12:51 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
- 2014-04-09 12:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
- 2014-04-09 11:49 - 2014-04-09 11:36 - 00000000 ____D () C:\ProgramData\BoostSoftware
- 2014-04-09 11:23 - 2014-04-09 11:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
- 2014-04-09 09:22 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
- 2014-04-08 20:55 - 2014-04-08 15:45 - 00000000 ____D () C:\ProgramData\AVG2014
- 2014-04-08 20:54 - 2014-04-08 15:45 - 00000000 ____D () C:\$AVG
- 2014-04-08 20:41 - 2012-09-28 18:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\tiffs hours
- 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
- 2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
- 2014-04-08 19:51 - 2014-01-20 11:02 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\files for system
- 2014-04-08 18:03 - 2012-04-27 14:35 - 00000160 _____ () C:\Windows\setscan.ini
- 2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\ProgramData\LogMeIn
- 2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
- 2014-04-08 16:47 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Citrix
- 2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
- 2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
- 2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
- 2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
- 2014-04-08 13:20 - 2014-01-27 15:44 - 00000000 _____ () C:\Users\April Bowers Agency\Documents\MetroFax_4_4_Port
- 2014-04-08 10:29 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
- 2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
- 2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
- 2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
- 2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
- 2014-04-04 16:12 - 2011-03-22 13:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\April Bowers Agency Info
- 2014-04-04 14:33 - 2012-05-17 12:05 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\marketing tiffs
- 2014-04-03 09:51 - 2014-04-09 21:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
- 2014-04-03 09:51 - 2014-04-09 20:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
- 2014-04-03 09:50 - 2014-04-09 21:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
- 2014-03-31 09:35 - 2010-11-19 10:10 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
- 2014-03-31 03:51 - 2010-11-20 10:16 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
- 2014-03-25 14:04 - 2012-05-07 14:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\LETTERS, NOTICES TO USE
- 2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
- 2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
- 2014-03-19 12:40 - 2014-03-19 12:39 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
- 2014-03-19 12:23 - 2010-11-19 22:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
- 2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
- 2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
- 2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
- 2014-03-19 11:56 - 2013-10-25 17:23 - 00000000 ____D () C:\ProgramData\Oracle
- Some content of TEMP:
- ====================
- C:\Users\April Bowers Agency\AppData\Local\Temp\ntdll_dump.dll
- ==================== Bamital & volsnap Check =================
- C:\Windows\System32\winlogon.exe => MD5 is legit
- C:\Windows\System32\wininit.exe => MD5 is legit
- C:\Windows\SysWOW64\wininit.exe => MD5 is legit
- C:\Windows\explorer.exe => MD5 is legit
- C:\Windows\SysWOW64\explorer.exe => MD5 is legit
- C:\Windows\System32\svchost.exe => MD5 is legit
- C:\Windows\SysWOW64\svchost.exe => MD5 is legit
- C:\Windows\System32\services.exe => MD5 is legit
- C:\Windows\System32\User32.dll => MD5 is legit
- C:\Windows\SysWOW64\User32.dll => MD5 is legit
- C:\Windows\System32\userinit.exe => MD5 is legit
- C:\Windows\SysWOW64\userinit.exe => MD5 is legit
- C:\Windows\System32\rpcss.dll
- [2011-06-27 17:50] - [2010-11-20 08:27] - 0515072 ____A (Microsoft Corporation) EB99360B85445FD5FE75E35F77C407DB
- ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
- C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
- LastRegBack: 2014-04-09 00:39
- ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement