Jump to content

Infected by Spigot - Following previous forum Support recommendations below


Recommended Posts

Hello.  I am following the directions from previous form post 9573 "I'm infected - What do I do now?"

 

Please find the requested dds.txt and attach.txt reports generated from dds.com attached as a zip file.  I apologize but for some reason (spigot?) I can not copy and paste here.  I can to MS Notebook etc?  I apologize for the inconvenience. 

 

Thank you so much for your assistance!  Please confirm receipt and any further instructions. Btw, did not see an "immediate email notification" option... did I miss it?

 

Dr Steve Messer

 

P.S. We run Malwarebytes Enterprise here at my University.  A little surprised this was not caught.  Has apparently been around for years?

 

 

 

 

 

attach.zip

dds.zip

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

OK, start with this procedure:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Hi Mr. C, thanks for your continued help.  Please find the AdwCleaner output below.  Malwarebytes found no malware.  IE still has the spigot homepage hijack?

 

Output from AdwCleaner and Mbam logs below.

 

 

I will not forget the donation!  Thanks. 

 

 

/s

 

# AdwCleaner v3.017 - Report created 25/01/2014 at 13:37:30
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : sm1851 - MESSER1073
# Running from : C:\Users\sm1851\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IEGNC92S\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [1073 octets] - [25/01/2014 13:34:07]
AdwCleaner[s0].txt - [1004 octets] - [25/01/2014 13:37:30]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1064 octets] ##########
 

------------------------------------------------------------------------------------------------------------------------------------------

 

 

Malwarebytes Anti-Malware (MEE) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
sm1851 :: MESSER1073 [administrator]

Protection: Enabled

1/25/2014 1:56:42 PM
mbam-log-2014-01-25 (13-56-42).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 480657
Time elapsed: 36 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Hello MrC.  Please find the two FRST logs attached. 

 

I do not mean to be rude and as a rule I appreciate the professional stepwise approach we are proceeding.  However, I would have thought that given spigot has been around for some time that its removal was, well, more straightforward.  I do know these bugs do adapt and evolve. 

 

Sorry but I just feel mostly in the dark about what we are doing BUT I DO appreciate all of your time and assistance.  I do not intend to sound like a whiny spoiled brat expecting something for nothing.

 

I am also amazed the Malwarebytes did not catch this in the first place?

 

One other item, please keep in mind that though not installed at present, I typically use FireFox.  I deleted it since the infection followed soon after the Firefox install, and it was infected as well.

 

Thanks again!

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

I don't have anything to do with Malwarebytes nor am I part of the staff here, as it says in my signature:
I volunteer my free time to help you

.....as do most of the other people on the malware part of the forum.

If you have a problem with their program, I suggest you contact them:
https://forums.malwarebytes.org/index.php?showforum=41

------------------------------------------------------------
 

AV: System Center Endpoint Protection (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Center Endpoint Protection (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

 

You have multiple anti-virus programs on the system.
Having two or more anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.
I suggest you uninstall one of them and keep Defender disabled.

 

 
 

Some anti-virus anti-malware programs prevent changes to your browsers, if you're aware of this please disable that function in that program for the fixes below.

----------------------------------

Please create a new system restore point before continuing.


Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......reboot and see how it is.

If there's still a problem with IE, please reset it:

http://malwaretips.com/blogs/reset-internet-explorer-settings/

Let me know....MrC

Link to post
Share on other sites

Outstanding!  Please find the zoek-results.txt info below.

Where was it hiding?

Did the FRST64 tool provide the major fix?

One last question.  Should I be good to go with a Firefox install?

Lastly, lastly.. what contribution would be not insult you?! 

 

Thanks much!!

/steve

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 02
Ran by sm1851 at 2014-01-26 13:02:33
Running from C:\Users\sm1851\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: System Center Endpoint Protection (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Center Endpoint Protection (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x32 Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (x32 Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc)
Altiris Agent Install Service (x32 Version: 7.0.0.1 - Altiris Inc.) Hidden
Altiris Application Metering Agent (x32 Version: 7.5.1597.0 - Altiris Inc.) Hidden
Altiris Inventory Agent (x32 Version: 7.5.1597.0 - Altiris Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Bitdefender Antivirus Free Edition (Version: 1.0.21.1099 - Bitdefender)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32 Version:  - Microsoft)
Deployment Solution Agent (Version: 7.5.1597.0 - Symantec) Hidden
doPDF 7.3 printer (Version: 7.3.393 - Softland)
EndNote X7 (x32 Version: 17.0.0.7072 - Thomson Reuters)
Everything 1.2.1.371 (x32 Version:  - )
Forefront Identity Manager Add-ins and Extensions (Version: 4.1.3419.0 - Microsoft Corporation)
Google Earth (x32 Version: 7.0 - Google)
Google Earth (x32 Version: 7.1.1.1888 - Google) Hidden
IBM SPSS Statistics 22 (x32 Version: 22.0.0.0 - IBM Corp)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Host Checker (HKCU Version: 7.4.0.28485 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.8.42127 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1 - Juniper Networks, Inc.)
KeePass 2.23 (x32 Version: 2.23.0 - Dominik Reichl)
Malwarebytes' Managed Client (x32 Version: 1.2.1665 - Malwarebytes Corporation)
MDOP MBAM (Version: 2.0.5301.1 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Endpoint Protection Management Components (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Lync 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Lync 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visio MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visio Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Notepad++ (x32 Version: 6.5 - Notepad++ Team)
ODBC 11g (x32 Version: 11.0 - Oracle)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Patch Management Agent (Version: 7.5.1597.0 - Altiris) Hidden
Picasa (x32 Version: 39.0 - Google)
Picasa 3 (x32 Version: 3.9 - Google, Inc.) Hidden
Power Scheme Plug-in Setup (Version: 7.5.1597.0 - Altiris) Hidden
ResearchSoft Direct Export Helper (x32 Version:  - Thomson Reuters)
Software Management Solution Plugin (Version: 7.5.1597.0 - Altiris Inc.) Hidden
Symantec pcAnywhere (x32 Version: 12.5.4.8211 - Symantec Corporation)
Symantec_pcAnywhere_plugin_installer_x64 (Version: 12.6.1.0 - Symantec) Hidden
System Center Endpoint Protection (Version: 4.4.304.0 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition (x32 Version:  - Microsoft)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
Windows Firewall Configuration Provider (Version: 1.2.3412.0 - Microsoft Corporation)

==================== Restore Points  =========================

23-01-2014 16:01:39 IObit Uninstaller restore point
23-01-2014 16:06:43 Windows Update
24-01-2014 19:16:41 Windows Backup
25-01-2014 02:06:07 Installed Microsoft Lync 2013
25-01-2014 02:07:22 LYNC
26-01-2014 00:27:47 Windows Update
26-01-2014 16:47:53 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A05D8E0-E03B-4B33-988A-6A0EAE903C1C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {26FA2195-6601-4EC8-A91C-6D8AAA6A5144} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {5EDF0CA2-85AB-4807-86C1-EF58FC3285D2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {7AA5EDCE-3A9E-49C1-B59E-187E5F26177B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {8181B0A0-681D-42CB-83FF-F2197D01DC17} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EDA40370-4986-4BBC-88CA-A31C9D83FA3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F74E6B75-2D64-482A-91BA-C06DFA92A620} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-01-17 10:50 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\Drivers\apdmeowm.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\aucsbrnv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ihddttlr.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\imugeswt.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ineueikg.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ivebghmp.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\olhkfnrz.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\pnkfccvq.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\zekucqhq.sys:changelist
AlternateDataStreams: C:\Users\sm1851\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\sm1851\Downloads\FRST64 (1).exe:BDU
AlternateDataStreams: C:\Users\sm1851\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\sm1851\Downloads\RogueKillerX64 (1).exe:BDU
AlternateDataStreams: C:\Users\sm1851\Downloads\RogueKillerX64.exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2014 11:09:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/25/2014 03:19:07 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:18:37 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:18:07 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:17:37 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:17:07 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:16:37 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:16:07 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:15:37 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

Error: (01/25/2014 03:15:07 PM) (Source: Microsoft Security Client) (User: )
Description: The size of the generated detection instance was more than 25KB, which exceeds the limit of 10KB. The detection instance was discarded.

System errors:
=============
Error: (01/26/2014 00:22:12 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/26/2014 00:22:11 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/26/2014 00:22:10 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/26/2014 00:22:09 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/26/2014 00:22:08 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/26/2014 11:03:01 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2014 11:00:51 AM) (Source: Kerberos) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fldvp-psmlt01$. The target name used was host/gemini.maltz.nova.edu. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AD.NOVA.EDU) is different from the client domain (AD.NOVA.EDU), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Error: (01/25/2014 07:49:34 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{406627FF-8226-4A82-8C5E-5A410CE7DA04}.
The backup browser is stopping.

Error: (01/25/2014 07:47:33 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2014 07:46:37 PM) (Source: Kerberos) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fldvp-psmlt01$. The target name used was host/gemini.maltz.nova.edu. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AD.NOVA.EDU) is different from the client domain (AD.NOVA.EDU), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Microsoft Office Sessions:
=========================
Error: (01/26/2014 11:09:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\sm1851\Downloads\SoftonicDownloader_for_spss.exe

Error: (01/25/2014 03:19:07 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:18:37 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:18:07 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:17:37 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:17:07 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:16:37 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:16:07 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:15:37 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

Error: (01/25/2014 03:15:07 PM) (Source: Microsoft Security Client)(User: )
Description: 2510

==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 3037.61 MB
Available physical RAM: 1271.43 MB
Total Pagefile: 6073.39 MB
Available Pagefile: 3509.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.24 GB) (Free:188.77 GB) NTFS
Drive f: (OLDER WD My Passport Essentials) (Fixed) (Total:931.48 GB) (Free:295.38 GB) NTFS
Drive g: (NEWER WD My Passport) (Fixed) (Total:931.48 GB) (Free:431.33 GB) NTFS
Drive h: (NEWEST WD My Passport) (Fixed) (Total:931.48 GB) (Free:715.14 GB) NTFS
Drive o: (Data) (Network) (Total:10239.99 GB) (Free:6521.46 GB) NTFS
Drive p: (Data) (Network) (Total:10239.99 GB) (Free:6521.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9AB0C16E)
Partition 1: (Not Active) - (Size=231 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: DFD01C12)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

MrC.  I apologize for the confusion.  IE and FFox are running fine.  No sign of the hijacker.  Thank you again.

 

One of the IT guys came in while FRST was running and ran the zeok program.  I did not even realize that I copied and pasted the incorrect log, if I did. 

 

Between the work you did and these logs, do you see some toxic lines?

 

Here is the FRST.txt file. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02
Ran by sm1851 (administrator) on MESSER1073 on 26-01-2014 13:01:36
Running from C:\Users\sm1851\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\pcAnywhere\pcaevents.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\pcAnywhere\AwHProbe.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sysinternals - www.sysinternals.com) C:\Users\sm1851\AppData\Local\Temp\autorun\autorunsc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
(Sysinternals - www.sysinternals.com) C:\Users\sm1851\Desktop\Utilities\Process Explorer.exe
(Sysinternals - www.sysinternals.com) C:\Users\sm1851\AppData\Local\Temp\Process Explorer64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [32344 2013-09-09] (Microsoft Corporation)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Everything] - C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: %SystemRoot%\system32\winmine.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\MSN Gaming Zone <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\sol.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Windows NT\Pinball\PINBALL.EXE <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\spider.exe <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\freecell.exe <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\mshearts.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKCU\...\Policies\Explorer: [NoAddPrinter] 0
AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [74576 2013-08-21] (Altiris Inc)
AppInit_DLLs-x32: AMINIT32.DLL => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.nova.edu/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 137.52.128.11 137.52.10.10

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [310608 2013-11-13] (Symantec Corporation)
R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2766160 2013-11-13] (Symantec Corporation)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [624464 2013-11-13] (Symantec Corporation)
R2 awhost32; C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe [798320 2013-03-04] (Symantec Corporation)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
S4 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\ConfigService.exe [271432 2013-09-12] ()
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [80448 2013-09-09] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-23] (IObit)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-24] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 OracleMTSRecoveryService; C:\Oracle\product\11.2.0\client_1\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation)
R2 SCCommService; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe [130048 2013-04-23] (Malwarebytes Corporation)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 aucsbrnv; C:\Windows\system32\drivers\aucsbrnv.sys [56616 2014-01-25] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 awecho; C:\Windows\SysWow64\drivers\awechomd.sys [16432 2013-03-04] (Symantec Corporation)
R1 AW_HOST; C:\Windows\SysWow64\drivers\aw_host5.sys [23864 2013-03-04] (Symantec Corporation)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S1 ihddttlr; C:\Windows\system32\drivers\ihddttlr.sys [56616 2014-01-26] (Microsoft Corporation)
S1 imugeswt; C:\Windows\system32\drivers\imugeswt.sys [56616 2014-01-26] (Microsoft Corporation)
S1 ineueikg; C:\Windows\system32\drivers\ineueikg.sys [56616 2014-01-26] (Microsoft Corporation)
S1 ivebghmp; C:\Windows\system32\drivers\ivebghmp.sys [56616 2014-01-26] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-01-22] ()
S1 bnzytjci; \??\C:\Windows\system32\drivers\bnzytjci.sys [x]
S1 czaemfar; \??\C:\Windows\system32\drivers\czaemfar.sys [x]
S1 frsgaevn; \??\C:\Windows\system32\drivers\frsgaevn.sys [x]
S1 hlzqiomo; \??\C:\Windows\system32\drivers\hlzqiomo.sys [x]
S1 jgfaztzy; \??\C:\Windows\system32\drivers\jgfaztzy.sys [x]
S1 olzytgin; \??\C:\Windows\system32\drivers\olzytgin.sys [x]
S1 pgvipjge; \??\C:\Windows\system32\drivers\pgvipjge.sys [x]
S1 pwgefpwc; \??\C:\Windows\system32\drivers\pwgefpwc.sys [x]
S1 qcpjxmrz; \??\C:\Windows\system32\drivers\qcpjxmrz.sys [x]
S1 qfacffiu; \??\C:\Windows\system32\drivers\qfacffiu.sys [x]
S1 qfhengin; \??\C:\Windows\system32\drivers\qfhengin.sys [x]
S1 rlstjafy; \??\C:\Windows\system32\drivers\rlstjafy.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]
S1 xiiwnasr; \??\C:\Windows\system32\drivers\xiiwnasr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-26 12:52 - 2014-01-26 13:01 - 02078208 _____ (Farbar) C:\Users\sm1851\Desktop\FRST64.exe
2014-01-26 12:49 - 2014-01-26 13:01 - 00015766 _____ C:\Users\sm1851\Desktop\FRST.txt
2014-01-26 12:46 - 2014-01-26 12:46 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64 (1).exe
2014-01-26 12:35 - 2014-01-26 12:35 - 00000000 ____D C:\Program Files (x86)\HiJackThis
2014-01-26 12:20 - 2014-01-26 12:20 - 00000021 _____ C:\folders.log
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D C:\zoek
2014-01-26 11:47 - 2014-01-26 12:35 - 00085606 _____ C:\zoek-results.log
2014-01-26 11:47 - 2014-01-26 11:47 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ivebghmp.sys
2014-01-26 11:46 - 2014-01-26 12:35 - 00004176 _____ C:\runcheck.txt
2014-01-26 11:46 - 2014-01-26 11:46 - 00003136 _____ C:\Windows\System32\Tasks\{E9988C34-146A-48B2-89EC-833FFF0017D9}
2014-01-26 11:45 - 2014-01-26 12:22 - 00000000 ____D C:\zoek_backup
2014-01-26 11:30 - 2014-01-26 11:30 - 00029901 _____ C:\Users\sm1851\Desktop\Addition.txt
2014-01-26 11:26 - 2014-01-26 11:26 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\imugeswt.sys
2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ineueikg.sys
2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ihddttlr.sys
2014-01-26 11:22 - 2014-01-26 11:25 - 00029901 _____ C:\Users\sm1851\Downloads\Addition.txt
2014-01-26 11:21 - 2014-01-26 12:49 - 00089144 _____ C:\Users\sm1851\Downloads\FRST.txt
2014-01-26 11:21 - 2014-01-26 11:23 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64.exe
2014-01-26 11:16 - 2014-01-26 11:16 - 00000000 ____D C:\FRST
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2014-01-25 19:54 - 2014-01-25 19:54 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys.upd
2014-01-25 19:54 - 2014-01-25 19:54 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\aucsbrnv.sys
2014-01-25 19:29 - 2014-01-25 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-25 14:27 - 2014-01-25 14:28 - 00061168 _____ C:\Users\sm1851\Downloads\PGRJanuaryBill.html
2014-01-25 13:34 - 2014-01-25 13:37 - 00000000 ____D C:\AdwCleaner
2014-01-24 17:28 - 2014-01-24 17:30 - 00000000 ____D C:\Program Files\trend micro
2014-01-24 17:28 - 2014-01-24 17:28 - 00000000 ____D C:\rsit
2014-01-24 17:12 - 2014-01-24 17:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-24 16:47 - 2014-01-24 16:47 - 00000000 ____D C:\Users\sm1851\AppData\Local\Apps\2.0
2014-01-24 14:20 - 2014-01-24 14:20 - 04380160 _____ C:\Users\sm1851\Downloads\RogueKillerX64 (1).exe
2014-01-24 10:30 - 2014-01-24 10:41 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Notepad++
2014-01-23 17:07 - 2014-01-23 17:07 - 04406784 _____ C:\Users\sm1851\Downloads\RogueKillerX64.exe
2014-01-23 12:00 - 2014-01-23 12:00 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\apdmeowm.sys
2014-01-23 11:59 - 2014-01-23 11:59 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\olhkfnrz.sys
2014-01-23 11:31 - 2014-01-23 11:31 - 00000000 ____D C:\Users\sm1851\AppData\Local\Macromedia
2014-01-23 11:09 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-23 11:09 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-23 11:09 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-23 11:09 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-23 11:09 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-23 11:08 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-23 11:08 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-23 11:08 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-23 11:08 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-23 11:08 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-23 11:08 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-23 11:08 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-23 11:08 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-23 11:08 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-23 11:08 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-23 11:08 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-23 11:08 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-23 11:08 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-23 11:08 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-23 11:08 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-23 11:08 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-23 11:08 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-23 11:08 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-23 11:08 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-23 11:08 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-23 11:08 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-23 11:08 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-23 11:08 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-23 11:07 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-23 11:07 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-23 11:07 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-23 10:43 - 2014-01-23 10:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zekucqhq.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pnkfccvq.sys
2014-01-23 10:38 - 2014-01-23 10:38 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\ProductData
2014-01-23 10:09 - 2014-01-23 10:10 - 00000000 ____D C:\Users\sm1851\Desktop\Printers
2014-01-23 00:00 - 2014-01-23 00:00 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2014-01-22 17:02 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-01-22 17:01 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-01-22 16:42 - 2014-01-22 16:42 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-01-22 16:41 - 2014-01-22 16:43 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Juniper Networks
2014-01-22 16:41 - 2014-01-22 16:41 - 00000000 ____D C:\Users\sm1851\AppData\Local\Juniper Networks
2014-01-22 16:29 - 2014-01-25 19:44 - 00000448 _____ C:\Windows\setupact.log
2014-01-22 16:29 - 2014-01-24 15:19 - 00010246 _____ C:\Windows\PFRO.log
2014-01-22 16:29 - 2014-01-22 16:29 - 00000000 _____ C:\Windows\setuperr.log
2014-01-22 16:17 - 2014-01-22 16:14 - 00000000 _____ C:\Windows\system32\Drivers\avchv.sys
2014-01-22 16:14 - 2014-01-22 16:14 - 00173897 _____ C:\ProgramData\1390425195.bdinstall.bin
2014-01-22 16:14 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-01-22 16:14 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-01-22 16:14 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-01-22 16:14 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-01-22 16:13 - 2014-01-22 16:13 - 00037618 _____ C:\ProgramData\1390425192.bdinstall.bin
2014-01-22 12:31 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-01-22 12:30 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104238.dll
2014-01-22 12:30 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104115.dll
2014-01-22 12:30 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-01-22 12:29 - 2014-01-22 12:29 - 00000000 ____D C:\Users\sm1851\AppData\Local\Google
2014-01-22 12:20 - 2014-01-23 11:01 - 00000000 ____D C:\ProgramData\IObit
2014-01-22 12:19 - 2014-01-26 11:03 - 00000000 ____D C:\Program Files (x86)\IObit
2014-01-22 12:19 - 2014-01-22 12:40 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\IObit
2014-01-22 12:16 - 2014-01-22 12:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-22 12:16 - 2014-01-22 12:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-22 12:16 - 2014-01-22 12:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-22 12:16 - 2014-01-22 12:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-22 12:16 - 2014-01-22 12:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-22 12:14 - 2014-01-22 12:14 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Softland
2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Program Files\doPDF 7
2014-01-22 10:49 - 2013-08-20 13:28 - 00025920 _____ (Softland) C:\Windows\system32\dopdfmn7.dll
2014-01-22 10:49 - 2013-08-20 13:28 - 00021312 _____ (Softland) C:\Windows\system32\dopdfmi7.dll
2014-01-22 10:49 - 2010-11-25 12:17 - 00007549 _____ C:\Windows\system32\dopdf7.ctm
2014-01-22 10:49 - 2010-02-05 15:00 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-01-22 10:46 - 2014-01-22 10:46 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\HP
2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2014-01-22 10:45 - 2013-04-26 09:55 - 00518432 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL
2014-01-22 10:45 - 2013-04-26 09:53 - 00438560 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn145.dll
2014-01-22 09:43 - 2014-01-22 09:43 - 00000000 ____H C:\Users\sm1851\Documents\Default.rdp
2014-01-21 14:16 - 2014-01-21 14:16 - 00111536 _____ C:\Users\rvaldes-admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-21 14:16 - 2014-01-21 14:16 - 00001413 _____ C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Apple Computer
2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Adobe
2014-01-21 14:15 - 2014-01-21 14:16 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 14:15 - 2014-01-21 14:16 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-21 14:14 - 2014-01-21 14:14 - 00003168 __RSH C:\Users\rvaldes-admin\ntuser.pol
2014-01-21 14:14 - 2014-01-21 14:14 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Local\VirtualStore
2014-01-21 11:25 - 2014-01-21 11:25 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 11:25 - 2014-01-21 11:25 - 00000000 ____D C:\ProgramData\Sun
2014-01-21 11:25 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 11:25 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 11:25 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 11:25 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 11:24 - 2014-01-21 11:24 - 00000000 ____D C:\ProgramData\McAfee
2014-01-21 10:06 - 2014-01-21 10:06 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-21 09:31 - 2014-01-23 10:11 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\EndNote
2014-01-21 08:15 - 2014-01-21 08:15 - 00000000 ____D C:\Users\sm1851\Documents\IBM
2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\SPSSInc
2014-01-21 08:14 - 2013-03-19 10:00 - 00047422 _____ C:\Users\sm1851\Desktop\PROBSET_1 (19MAR13).sav
2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\javasharedresources
2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\IBM
2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\.spss
2014-01-21 07:41 - 2014-01-21 07:41 - 00000856 _____ C:\Users\sm1851\Desktop\JAMA Network  JAMA  Preventing Suicides in US Service Members and Veterans  Concerns After a Decade of War.website
2014-01-21 07:29 - 2014-01-21 07:29 - 00000712 _____ C:\Users\sm1851\Desktop\JAMA Network  JAMA  Suicides Among Military Personnel—Reply.website
2014-01-21 07:26 - 2014-01-21 07:26 - 00000317 _____ C:\Users\sm1851\Desktop\ecu.edu.website
2014-01-21 07:25 - 2014-01-21 07:25 - 00000470 _____ C:\Users\sm1851\Desktop\Mental health outcomes in US and UK military personnel returning from Iraq.website
2014-01-21 06:58 - 2014-01-21 06:58 - 00000000 ____D C:\Users\sm1851\AppData\Local\Adobe
2014-01-21 06:28 - 2014-01-21 06:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-21 06:27 - 2014-01-21 06:27 - 00000000 ____D C:\Users\sm1851\Documents\Outlook Files
2014-01-19 16:31 - 2014-01-19 16:53 - 742391808 _____ C:\Users\sm1851\Downloads\ubuntu-12.04.3-desktop-amd64.iso
2014-01-19 16:27 - 2014-01-26 12:54 - 00000000 ____D C:\Program Files (x86)\Everything
2014-01-19 16:27 - 2014-01-19 16:27 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2014-01-19 16:13 - 2014-01-19 16:13 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Macromedia
2014-01-17 11:05 - 2014-01-17 11:05 - 00177674 _____ C:\ProgramData\1389974602.bdinstall.bin
2014-01-17 10:57 - 2014-01-17 10:57 - 00059117 _____ C:\ProgramData\1389974205.bdinstall.bin
2014-01-17 10:56 - 2014-01-17 10:56 - 00037823 _____ C:\ProgramData\1389974173.bdinstall.bin
2014-01-17 10:54 - 2014-01-17 10:54 - 00000000 ____D C:\ProgramData\bdch
2014-01-17 10:50 - 2014-01-17 10:50 - 00171172 _____ C:\ProgramData\1389973795.bdinstall.bin
2014-01-17 10:50 - 2014-01-17 10:50 - 00000000 ____D C:\Program Files\Bitdefender
2014-01-17 10:50 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\SET7722.tmp
2014-01-17 10:50 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-17 10:49 - 2014-01-17 10:49 - 10447328 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition_x64.exe
2014-01-17 10:49 - 2014-01-17 10:49 - 00162208 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition.exe
2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\QuickScan
2014-01-17 10:48 - 2014-01-23 11:09 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Mozilla
2014-01-17 10:48 - 2014-01-21 10:06 - 00000000 ____D C:\Users\sm1851\AppData\Local\Mozilla
2014-01-17 10:31 - 2014-01-22 12:26 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Apple Computer
2014-01-17 10:20 - 2014-01-24 18:04 - 00000000 ____D C:\Users\sm1851\Desktop\Utilities
2014-01-17 10:20 - 2014-01-17 10:20 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2014-01-17 10:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-01-17 10:19 - 2014-01-17 10:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-17 10:19 - 2014-01-17 10:20 - 00000000 ____D C:\Program Files\iTunes
2014-01-17 10:19 - 2014-01-17 10:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files\iPod
2014-01-17 10:19 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\ProgramData\Apple
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Bonjour
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-17 10:17 - 2014-01-17 10:31 - 00000000 ____D C:\Users\sm1851\Tracing
2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Malwarebytes
2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
2014-01-17 10:16 - 2014-01-26 11:11 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2014-01-17 10:16 - 2014-01-26 11:11 - 00000000 ____D C:\Program Files (x86)\EndNote X7
2014-01-17 10:16 - 2014-01-17 10:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2014-01-17 10:16 - 2014-01-17 10:16 - 00000000 ____D C:\Users\Public\Documents\EndNote
2014-01-17 10:15 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-17 10:15 - 2014-01-17 10:15 - 00000000 ____D C:\Program Files (x86)\7-Zip
2014-01-17 10:14 - 2014-01-17 10:14 - 00002581 _____ C:\Users\Public\Desktop\KeePass.lnk
2014-01-17 10:14 - 2014-01-17 10:14 - 00000000 ____D C:\Program Files (x86)\KeePass2x
2014-01-17 10:11 - 2014-01-17 10:11 - 00002276 _____ C:\Users\sm1851\Desktop\IBM SPSS Statistics 22.lnk
2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SPSS
2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2014-01-09 18:08 - 2014-01-09 18:08 - 00000000 ____D C:\Program Files (x86)\IBM
2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.tgz
2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.dll
2014-01-09 18:07 - 2014-01-09 18:07 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz
2014-01-09 18:07 - 2014-01-09 18:07 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll
2014-01-09 18:07 - 2014-01-09 18:07 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm
2014-01-09 10:21 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-09 10:21 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-09 10:08 - 2014-01-21 14:15 - 00000000 ____D C:\Users\rvaldes-admin
2014-01-09 10:08 - 2014-01-09 10:08 - 00000020 ___SH C:\Users\rvaldes-admin\ntuser.ini
2014-01-09 10:08 - 2013-10-09 14:49 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Local\Microsoft Help
2014-01-09 10:08 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-09 10:08 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-09 10:01 - 2014-01-26 11:11 - 00000000 ____D C:\Users\sm1851
2014-01-09 10:01 - 2014-01-25 19:46 - 00003168 __RSH C:\Users\sm1851\ntuser.pol
2014-01-09 10:01 - 2014-01-25 13:13 - 00111536 _____ C:\Users\sm1851\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-09 10:01 - 2014-01-22 16:32 - 00001413 _____ C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-09 10:01 - 2014-01-21 06:58 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Adobe
2014-01-09 10:01 - 2014-01-09 10:01 - 00000020 ___SH C:\Users\sm1851\ntuser.ini
2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851\AppData\Local\VirtualStore
2014-01-09 10:01 - 2013-10-09 14:49 - 00000000 ____D C:\Users\sm1851\AppData\Local\Microsoft Help
2014-01-09 10:01 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-09 10:01 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-06 15:53 - 2014-01-06 15:53 - 00000000 ____D C:\Program Files\Microsoft Forefront Identity Manager
2014-01-06 15:48 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-06 15:48 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-06 15:47 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-06 15:47 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-06 15:47 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-06 15:47 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-01-06 15:47 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-06 15:47 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-01-06 15:47 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-01-06 15:47 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-06 15:47 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-06 15:47 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-06 15:47 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-06 15:47 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-01-06 15:47 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-01-06 15:47 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-01-06 15:47 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-01-06 15:47 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-06 15:47 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-01-06 15:44 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-06 15:44 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-06 15:42 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-06 15:42 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-06 15:42 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-01-06 15:42 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-06 15:42 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-06 15:42 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-06 15:42 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-01-06 15:42 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-06 15:42 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-06 15:42 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-06 15:42 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-06 15:42 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-06 15:42 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-06 15:41 - 2014-01-06 15:41 - 00111536 _____ C:\Users\ackerman-admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 15:40 - 2014-01-26 12:23 - 00000840 _____ C:\Users\Public\Desktop\NSU App Store.lnk
2014-01-06 15:40 - 2014-01-06 15:41 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 15:40 - 2014-01-06 15:41 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-06 15:40 - 2014-01-06 15:40 - 00001413 _____ C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-06 15:40 - 2014-01-06 15:40 - 00000782 __RSH C:\Users\ackerman-admin\ntuser.pol
2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Roaming\Adobe
2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Local\VirtualStore
2014-01-06 15:39 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin
2014-01-06 15:39 - 2014-01-06 15:39 - 00004764 _____ C:\Windows\system32\CcmFramework.ini
2014-01-06 15:39 - 2014-01-06 15:39 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2014-01-06 15:39 - 2014-01-06 15:39 - 00000020 ___SH C:\Users\ackerman-admin\ntuser.ini
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\ms
2014-01-06 15:39 - 2013-10-09 14:49 - 00000000 ____D C:\Users\ackerman-admin\AppData\Local\Microsoft Help
2014-01-06 15:39 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-06 15:39 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-06 15:19 - 2014-01-06 15:19 - 00000000 ____D C:\ProgramData\GroupPolicy
2014-01-06 15:14 - 2014-01-06 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-06 15:13 - 2014-01-06 15:13 - 00111536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 15:12 - 2014-01-06 15:12 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-06 15:11 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Administrator
2014-01-06 15:11 - 2014-01-06 15:11 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-06 15:11 - 2013-10-09 14:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2014-01-06 15:11 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-06 15:11 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-06 14:50 - 2014-01-06 14:50 - 00000000 ____D C:\Program Files\Symantec
2014-01-06 12:16 - 2014-01-06 12:16 - 00004096 _____ C:\temp-config.xml
2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-06 12:08 - 2014-01-06 12:09 - 00000000 ____D C:\9893828c203bd8b591
2014-01-06 12:08 - 2014-01-06 12:08 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini
2014-01-06 12:08 - 2014-01-06 12:08 - 00000000 ____D C:\Users\GhostUser\AppData\Local\VirtualStore
2014-01-06 12:08 - 2013-10-09 14:49 - 00000000 ____D C:\Users\GhostUser\AppData\Local\Microsoft Help
2014-01-06 12:08 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-06 12:08 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\system32\atiicdxx.dat
2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\ativpsrm.bin
2014-01-06 10:54 - 2014-01-26 12:28 - 01968268 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2014-01-26 13:01 - 2014-01-26 12:52 - 02078208 _____ (Farbar) C:\Users\sm1851\Desktop\FRST64.exe
2014-01-26 13:01 - 2014-01-26 12:49 - 00015766 _____ C:\Users\sm1851\Desktop\FRST.txt
2014-01-26 12:58 - 2013-10-04 08:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 12:54 - 2014-01-19 16:27 - 00000000 ____D C:\Program Files (x86)\Everything
2014-01-26 12:49 - 2014-01-26 11:21 - 00089144 _____ C:\Users\sm1851\Downloads\FRST.txt
2014-01-26 12:46 - 2014-01-26 12:46 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64 (1).exe
2014-01-26 12:46 - 2013-10-04 23:02 - 00000000 ____D C:\ProgramData\sccomm
2014-01-26 12:35 - 2014-01-26 12:35 - 00000000 ____D C:\Program Files (x86)\HiJackThis
2014-01-26 12:35 - 2014-01-26 11:47 - 00085606 _____ C:\zoek-results.log
2014-01-26 12:35 - 2014-01-26 11:46 - 00004176 _____ C:\runcheck.txt
2014-01-26 12:28 - 2014-01-06 10:54 - 01968268 _____ C:\Windows\WindowsUpdate.log
2014-01-26 12:28 - 2013-10-04 07:49 - 00073576 __RSH C:\ProgramData\ntuser.pol
2014-01-26 12:23 - 2014-01-06 15:40 - 00000840 _____ C:\Users\Public\Desktop\NSU App Store.lnk
2014-01-26 12:23 - 2013-10-04 07:47 - 00001400 _____ C:\Windows\system32\config\netlogon.ftl
2014-01-26 12:22 - 2014-01-26 11:45 - 00000000 ____D C:\zoek_backup
2014-01-26 12:20 - 2014-01-26 12:20 - 00000021 _____ C:\folders.log
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D C:\zoek
2014-01-26 11:47 - 2014-01-26 11:47 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ivebghmp.sys
2014-01-26 11:46 - 2014-01-26 11:46 - 00003136 _____ C:\Windows\System32\Tasks\{E9988C34-146A-48B2-89EC-833FFF0017D9}
2014-01-26 11:30 - 2014-01-26 11:30 - 00029901 _____ C:\Users\sm1851\Desktop\Addition.txt
2014-01-26 11:26 - 2014-01-26 11:26 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\imugeswt.sys
2014-01-26 11:25 - 2014-01-26 11:22 - 00029901 _____ C:\Users\sm1851\Downloads\Addition.txt
2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ineueikg.sys
2014-01-26 11:24 - 2014-01-26 11:24 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ihddttlr.sys
2014-01-26 11:23 - 2014-01-26 11:21 - 02078208 _____ (Farbar) C:\Users\sm1851\Downloads\FRST64.exe
2014-01-26 11:16 - 2014-01-26 11:16 - 00000000 ____D C:\FRST
2014-01-26 11:11 - 2014-01-17 10:16 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2014-01-26 11:11 - 2014-01-17 10:16 - 00000000 ____D C:\Program Files (x86)\EndNote X7
2014-01-26 11:11 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2014-01-26 11:03 - 2014-01-22 12:19 - 00000000 ____D C:\Program Files (x86)\IObit
2014-01-25 19:54 - 2014-01-25 19:54 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys.upd
2014-01-25 19:54 - 2014-01-25 19:54 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\aucsbrnv.sys
2014-01-25 19:53 - 2009-07-13 23:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 19:53 - 2009-07-13 23:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 19:48 - 2013-10-03 16:06 - 00000569 _____ C:\Windows\SMSCFG.ini
2014-01-25 19:46 - 2014-01-09 10:01 - 00003168 __RSH C:\Users\sm1851\ntuser.pol
2014-01-25 19:44 - 2014-01-22 16:29 - 00000448 _____ C:\Windows\setupact.log
2014-01-25 19:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 19:32 - 2013-10-04 07:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-25 19:29 - 2014-01-25 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-25 14:28 - 2014-01-25 14:27 - 00061168 _____ C:\Users\sm1851\Downloads\PGRJanuaryBill.html
2014-01-25 13:40 - 2009-07-13 23:45 - 00435800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 13:38 - 2009-07-14 00:13 - 00783834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 13:37 - 2014-01-25 13:34 - 00000000 ____D C:\AdwCleaner
2014-01-25 13:13 - 2014-01-09 10:01 - 00111536 _____ C:\Users\sm1851\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-24 18:04 - 2014-01-17 10:20 - 00000000 ____D C:\Users\sm1851\Desktop\Utilities
2014-01-24 17:30 - 2014-01-24 17:28 - 00000000 ____D C:\Program Files\trend micro
2014-01-24 17:28 - 2014-01-24 17:28 - 00000000 ____D C:\rsit
2014-01-24 17:12 - 2014-01-24 17:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-24 16:47 - 2014-01-24 16:47 - 00000000 ____D C:\Users\sm1851\AppData\Local\Apps\2.0
2014-01-24 15:19 - 2014-01-22 16:29 - 00010246 _____ C:\Windows\PFRO.log
2014-01-24 14:20 - 2014-01-24 14:20 - 04380160 _____ C:\Users\sm1851\Downloads\RogueKillerX64 (1).exe
2014-01-24 10:41 - 2014-01-24 10:30 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Notepad++
2014-01-23 17:07 - 2014-01-23 17:07 - 04406784 _____ C:\Users\sm1851\Downloads\RogueKillerX64.exe
2014-01-23 12:00 - 2014-01-23 12:00 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\apdmeowm.sys
2014-01-23 11:59 - 2014-01-23 11:59 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\olhkfnrz.sys
2014-01-23 11:31 - 2014-01-23 11:31 - 00000000 ____D C:\Users\sm1851\AppData\Local\Macromedia
2014-01-23 11:09 - 2014-01-17 10:48 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Mozilla
2014-01-23 11:01 - 2014-01-22 12:20 - 00000000 ____D C:\ProgramData\IObit
2014-01-23 10:43 - 2014-01-23 10:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zekucqhq.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pnkfccvq.sys
2014-01-23 10:38 - 2014-01-23 10:38 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\ProductData
2014-01-23 10:11 - 2014-01-21 09:31 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\EndNote
2014-01-23 10:10 - 2014-01-23 10:09 - 00000000 ____D C:\Users\sm1851\Desktop\Printers
2014-01-23 00:00 - 2014-01-23 00:00 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2014-01-22 17:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2014-01-22 17:02 - 2013-10-04 08:19 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-22 16:43 - 2014-01-22 16:41 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Juniper Networks
2014-01-22 16:42 - 2014-01-22 16:42 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-01-22 16:41 - 2014-01-22 16:41 - 00000000 ____D C:\Users\sm1851\AppData\Local\Juniper Networks
2014-01-22 16:32 - 2014-01-09 10:01 - 00001413 _____ C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-22 16:31 - 2013-10-03 19:38 - 00000000 ____D C:\Windows\Panther
2014-01-22 16:29 - 2014-01-22 16:29 - 00000000 _____ C:\Windows\setuperr.log
2014-01-22 16:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-22 16:14 - 2014-01-22 16:17 - 00000000 _____ C:\Windows\system32\Drivers\avchv.sys
2014-01-22 16:14 - 2014-01-22 16:14 - 00173897 _____ C:\ProgramData\1390425195.bdinstall.bin
2014-01-22 16:13 - 2014-01-22 16:13 - 00037618 _____ C:\ProgramData\1390425192.bdinstall.bin
2014-01-22 12:40 - 2014-01-22 12:19 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\IObit
2014-01-22 12:29 - 2014-01-22 12:29 - 00000000 ____D C:\Users\sm1851\AppData\Local\Google
2014-01-22 12:26 - 2014-01-17 10:31 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Apple Computer
2014-01-22 12:16 - 2014-01-22 12:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-22 12:16 - 2014-01-22 12:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-22 12:16 - 2014-01-22 12:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-22 12:16 - 2014-01-22 12:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-22 12:16 - 2014-01-22 12:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-22 12:16 - 2014-01-22 12:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-22 12:16 - 2014-01-22 12:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-22 12:16 - 2014-01-22 12:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-22 12:14 - 2014-01-22 12:14 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-22 12:14 - 2014-01-22 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-22 12:14 - 2014-01-22 12:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Softland
2014-01-22 10:49 - 2014-01-22 10:49 - 00000000 ____D C:\Program Files\doPDF 7
2014-01-22 10:48 - 2013-10-04 08:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-22 10:47 - 2013-10-04 08:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-22 10:47 - 2013-10-04 08:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-22 10:46 - 2014-01-22 10:46 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2014-01-22 10:46 - 2013-10-04 08:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2014-01-22 10:46 - 2013-10-03 16:06 - 00000000 ____D C:\Windows\ccmcache
2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\HP
2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2014-01-22 09:43 - 2014-01-22 09:43 - 00000000 ____H C:\Users\sm1851\Documents\Default.rdp
2014-01-21 14:16 - 2014-01-21 14:16 - 00111536 _____ C:\Users\rvaldes-admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-21 14:16 - 2014-01-21 14:16 - 00001413 _____ C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Apple Computer
2014-01-21 14:16 - 2014-01-21 14:16 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Roaming\Adobe
2014-01-21 14:16 - 2014-01-21 14:15 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 14:16 - 2014-01-21 14:15 - 00000000 ___RD C:\Users\rvaldes-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-21 14:15 - 2014-01-09 10:08 - 00000000 ____D C:\Users\rvaldes-admin
2014-01-21 14:14 - 2014-01-21 14:14 - 00003168 __RSH C:\Users\rvaldes-admin\ntuser.pol
2014-01-21 14:14 - 2014-01-21 14:14 - 00000000 ____D C:\Users\rvaldes-admin\AppData\Local\VirtualStore
2014-01-21 11:25 - 2014-01-21 11:25 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 11:25 - 2014-01-21 11:25 - 00000000 ____D C:\ProgramData\Sun
2014-01-21 11:24 - 2014-01-21 11:24 - 00000000 ____D C:\ProgramData\McAfee
2014-01-21 10:06 - 2014-01-21 10:06 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-21 10:06 - 2014-01-17 10:48 - 00000000 ____D C:\Users\sm1851\AppData\Local\Mozilla
2014-01-21 08:15 - 2014-01-21 08:15 - 00000000 ____D C:\Users\sm1851\Documents\IBM
2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\SPSSInc
2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\javasharedresources
2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\AppData\Local\IBM
2014-01-21 08:13 - 2014-01-21 08:13 - 00000000 ____D C:\Users\sm1851\.spss
2014-01-21 07:41 - 2014-01-21 07:41 - 00000856 _____ C:\Users\sm1851\Desktop\JAMA Network  JAMA  Preventing Suicides in US Service Members and Veterans  Concerns After a Decade of War.website
2014-01-21 07:29 - 2014-01-21 07:29 - 00000712 _____ C:\Users\sm1851\Desktop\JAMA Network  JAMA  Suicides Among Military Personnel—Reply.website
2014-01-21 07:26 - 2014-01-21 07:26 - 00000317 _____ C:\Users\sm1851\Desktop\ecu.edu.website
2014-01-21 07:25 - 2014-01-21 07:25 - 00000470 _____ C:\Users\sm1851\Desktop\Mental health outcomes in US and UK military personnel returning from Iraq.website
2014-01-21 06:58 - 2014-01-21 06:58 - 00000000 ____D C:\Users\sm1851\AppData\Local\Adobe
2014-01-21 06:58 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Adobe
2014-01-21 06:28 - 2014-01-21 06:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-21 06:27 - 2014-01-21 06:27 - 00000000 ____D C:\Users\sm1851\Documents\Outlook Files
2014-01-19 16:53 - 2014-01-19 16:31 - 742391808 _____ C:\Users\sm1851\Downloads\ubuntu-12.04.3-desktop-amd64.iso
2014-01-19 16:27 - 2014-01-19 16:27 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2014-01-19 16:13 - 2014-01-19 16:13 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Macromedia
2014-01-19 02:33 - 2013-10-03 16:11 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 11:05 - 2014-01-17 11:05 - 00177674 _____ C:\ProgramData\1389974602.bdinstall.bin
2014-01-17 10:57 - 2014-01-17 10:57 - 00059117 _____ C:\ProgramData\1389974205.bdinstall.bin
2014-01-17 10:56 - 2014-01-17 10:56 - 00037823 _____ C:\ProgramData\1389974173.bdinstall.bin
2014-01-17 10:54 - 2014-01-17 10:54 - 00000000 ____D C:\ProgramData\bdch
2014-01-17 10:50 - 2014-01-17 10:50 - 00171172 _____ C:\ProgramData\1389973795.bdinstall.bin
2014-01-17 10:50 - 2014-01-17 10:50 - 00000000 ____D C:\Program Files\Bitdefender
2014-01-17 10:49 - 2014-01-17 10:49 - 10447328 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition_x64.exe
2014-01-17 10:49 - 2014-01-17 10:49 - 00162208 _____ C:\Users\sm1851\Downloads\Antivirus_Free_Edition.exe
2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\QuickScan
2014-01-17 10:36 - 2014-01-17 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2014-01-17 10:36 - 2013-10-04 09:24 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-17 10:31 - 2014-01-17 10:17 - 00000000 ____D C:\Users\sm1851\Tracing
2014-01-17 10:20 - 2014-01-17 10:20 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2014-01-17 10:20 - 2014-01-17 10:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2014-01-17 10:20 - 2014-01-17 10:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-17 10:20 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files\iTunes
2014-01-17 10:20 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 10:19 - 2014-01-17 10:19 - 00000000 ____D C:\Program Files\iPod
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\ProgramData\Apple
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files\Bonjour
2014-01-17 10:18 - 2014-01-17 10:18 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Users\sm1851\AppData\Roaming\Malwarebytes
2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-17 10:17 - 2014-01-17 10:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
2014-01-17 10:17 - 2014-01-17 10:15 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-17 10:16 - 2014-01-17 10:16 - 00000000 ____D C:\Users\Public\Documents\EndNote
2014-01-17 10:15 - 2014-01-17 10:15 - 00000000 ____D C:\Program Files (x86)\7-Zip
2014-01-17 10:14 - 2014-01-17 10:14 - 00002581 _____ C:\Users\Public\Desktop\KeePass.lnk
2014-01-17 10:14 - 2014-01-17 10:14 - 00000000 ____D C:\Program Files (x86)\KeePass2x
2014-01-17 10:11 - 2014-01-17 10:11 - 00002276 _____ C:\Users\sm1851\Desktop\IBM SPSS Statistics 22.lnk
2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SPSS
2014-01-09 18:09 - 2014-01-09 18:09 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2014-01-09 18:08 - 2014-01-09 18:08 - 00000000 ____D C:\Program Files (x86)\IBM
2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.tgz
2014-01-09 18:07 - 2014-01-09 18:07 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.dll
2014-01-09 18:07 - 2014-01-09 18:07 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz
2014-01-09 18:07 - 2014-01-09 18:07 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll
2014-01-09 18:07 - 2014-01-09 18:07 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm
2014-01-09 10:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-09 10:24 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-09 10:23 - 2013-10-04 13:24 - 00000000 ____D C:\Windows\system32\MRT
2014-01-09 10:08 - 2014-01-09 10:08 - 00000020 ___SH C:\Users\rvaldes-admin\ntuser.ini
2014-01-09 10:01 - 2014-01-09 10:01 - 00000020 ___SH C:\Users\sm1851\ntuser.ini
2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ___RD C:\Users\sm1851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-09 10:01 - 2014-01-09 10:01 - 00000000 ____D C:\Users\sm1851\AppData\Local\VirtualStore
2014-01-08 17:05 - 2013-10-03 16:06 - 00000000 ____D C:\Windows\CCM
2014-01-08 15:54 - 2014-01-22 12:30 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104238.dll
2014-01-08 15:54 - 2014-01-22 12:30 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140123104115.dll
2014-01-08 15:54 - 2014-01-22 12:30 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-01-06 15:53 - 2014-01-06 15:53 - 00000000 ____D C:\Program Files\Microsoft Forefront Identity Manager
2014-01-06 15:52 - 2013-10-03 16:07 - 00001945 _____ C:\Windows\epplauncher.mif
2014-01-06 15:52 - 2013-10-03 16:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-06 15:51 - 2013-10-03 16:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2014-01-06 15:41 - 2014-01-06 15:41 - 00111536 _____ C:\Users\ackerman-admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 15:41 - 2014-01-06 15:40 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 15:41 - 2014-01-06 15:40 - 00000000 ___RD C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-06 15:40 - 2014-01-06 15:40 - 00001413 _____ C:\Users\ackerman-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-06 15:40 - 2014-01-06 15:40 - 00000782 __RSH C:\Users\ackerman-admin\ntuser.pol
2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Roaming\Adobe
2014-01-06 15:40 - 2014-01-06 15:40 - 00000000 ____D C:\Users\ackerman-admin\AppData\Local\VirtualStore
2014-01-06 15:40 - 2014-01-06 15:39 - 00000000 ____D C:\Users\ackerman-admin
2014-01-06 15:40 - 2013-10-03 16:06 - 00001745 _____ C:\Windows\system32\InstallUtil.InstallLog
2014-01-06 15:39 - 2014-01-06 15:39 - 00004764 _____ C:\Windows\system32\CcmFramework.ini
2014-01-06 15:39 - 2014-01-06 15:39 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2014-01-06 15:39 - 2014-01-06 15:39 - 00000020 ___SH C:\Users\ackerman-admin\ntuser.ini
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Windows\ms
2014-01-06 15:19 - 2014-01-06 15:19 - 00000000 ____D C:\ProgramData\GroupPolicy
2014-01-06 15:14 - 2014-01-06 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-06 15:13 - 2014-01-06 15:13 - 00111536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 15:12 - 2014-01-06 15:12 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-06 15:12 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-06 15:12 - 2014-01-06 15:11 - 00000000 ____D C:\Users\Administrator
2014-01-06 15:11 - 2014-01-06 15:11 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-06 14:50 - 2014-01-06 14:50 - 00000000 ____D C:\Program Files\Symantec
2014-01-06 14:41 - 2013-10-04 14:21 - 00001413 _____ C:\Users\NSU_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-06 12:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore
2014-01-06 12:16 - 2014-01-06 12:16 - 00004096 _____ C:\temp-config.xml
2014-01-06 12:14 - 2013-10-03 16:04 - 00000000 ____D C:\Program Files\Common Files\Altiris
2014-01-06 12:11 - 2013-10-03 15:43 - 00000000 __SHD C:\Recovery
2014-01-06 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Recovery
2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 12:09 - 2014-01-06 12:09 - 00000000 ___RD C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-06 12:09 - 2014-01-06 12:08 - 00000000 ____D C:\9893828c203bd8b591
2014-01-06 12:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2014-01-06 12:08 - 2014-01-06 12:08 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini
2014-01-06 12:08 - 2014-01-06 12:08 - 00000000 ____D C:\Users\GhostUser\AppData\Local\VirtualStore
2014-01-06 10:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\system32\atiicdxx.dat
2014-01-06 10:57 - 2014-01-06 10:57 - 00000000 _____ C:\Windows\ativpsrm.bin

Some content of TEMP:
====================
C:\Users\sm1851\AppData\Local\Temp\7za.exe
C:\Users\sm1851\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\sm1851\AppData\Local\Temp\hijackthis.exe
C:\Users\sm1851\AppData\Local\Temp\NirCmd.exe
C:\Users\sm1851\AppData\Local\Temp\ntdll_dump.dll
C:\Users\sm1851\AppData\Local\Temp\PEVZ.EXE
C:\Users\sm1851\AppData\Local\Temp\Process Explorer64.exe
C:\Users\sm1851\AppData\Local\Temp\Quarantine.exe
C:\Users\sm1851\AppData\Local\Temp\remove.exe
C:\Users\sm1851\AppData\Local\Temp\sed.exe
C:\Users\sm1851\AppData\Local\Temp\shortcut.exe
C:\Users\sm1851\AppData\Local\Temp\swreg.exe
C:\Users\sm1851\AppData\Local\Temp\swxcacls.exe
C:\Users\sm1851\AppData\Local\Temp\wget.exe
C:\Users\sm1851\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-19 00:55

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.