Jump to content

Can H@tKeysH@@k.DLL run on the .DLL alone?


Recommended Posts

Hello I am worryed that I ended up finding I had 2x H@tKeysH@@k.DLL's after I had them for a week.

 

Pritty sure I know the answer to this question but I want to make sure. Can it run on the DLL alone? I have found nothing that I have looked up on google that it is assocated with.

 

 

Scan report:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2015.02.10.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
*** :: ****-PC [administrator]

2/9/2015 8:16:58 PM
mbam-log-2015-02-09 (20-16-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318453
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\H@tKeysH@@k.DLL (HackTool.HotKeyHook) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 

 

Thanks.

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

H@tKeysH@@k.DLL is Keylogger/information miner. it will be logging keystrokes in a possible secret file if active, it will also look for passwords or other vital information. It will not run on its own per se, it will require a Rundll32 command to run the function contained within the .dll file.

The command does require the .dll name, and entry point and arguments parameter to run. If the .dll file does not rely on any other program it can still operate and return relative information once called.

 

Run the following scans to see what is happening with your system...

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

 

next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 

 

  •  

     

  • Quit all running programs.

     

     

  • For Windows XP, double-click to start.

     

     

  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.

     

     

  • Read and accept the EULA (End User Licene Agreement)

     

     

  • Click Scan to scan the system.

     

     

  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!

     

     

  • Post back the report which should also be located here:

     

     

 

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

let me see those logs in your next reply...

 

Thanks,

 

Kevin

 

Link to post
Share on other sites

As requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Aaron8181 (administrator) on AARON8181-PC on 11-02-2015 15:16:10
Running from C:\Users\Aaron8181\Downloads
Loaded Profiles: Aaron8181 (Available profiles: Aaron8181)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) D:\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [17264 2012-11-08] (O&K Software)
AppInit_DLLs-x32: prio32.dll => C:\Program Files\Prio\prio32.dll [15216 2012-11-08] (O&K Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2125890660-2588308760-302982774-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{6E351C95-4E77-4ABD-844F-A9BDAC04E559}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Aaron8181\AppData\Roaming\Mozilla\Firefox\Profiles\0ifhyv26.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
FF Plugin HKU\S-1-5-21-2125890660-2588308760-302982774-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Aaron8181\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2125890660-2588308760-302982774-1000: @talk.google.com/O1DPlugin -> C:\Users\Aaron8181\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2125890660-2588308760-302982774-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Aaron8181\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2125890660-2588308760-302982774-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Aaron8181\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Aaron8181\AppData\Roaming\Mozilla\Firefox\Profiles\0ifhyv26.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron8181\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron8181\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Classic Theme Restorer - C:\Users\Aaron8181\AppData\Roaming\Mozilla\Firefox\Profiles\0ifhyv26.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-13]
FF Extension: Adblock Plus - C:\Users\Aaron8181\AppData\Roaming\Mozilla\Firefox\Profiles\0ifhyv26.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-13] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S3 GSService; C:\Windows\SysWOW64\GSService.exe [444640 2014-07-28] ()
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-08] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1600064 2011-06-08] (Ralink Technology Corp.)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [36064 2014-07-28] (Windows ® Win 7 DDK provider)
R1 SPVDPort; C:\Windows\System32\DRIVERS\spvdbus.sys [92152 2014-09-04] ()
R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [340984 2014-09-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 15:16 - 2015-02-11 15:16 - 00010073 _____ () C:\Users\Aaron8181\Downloads\FRST.txt
2015-02-11 15:14 - 2015-02-11 15:16 - 00000000 ____D () C:\FRST
2015-02-11 15:12 - 2015-02-11 15:13 - 15431256 _____ () C:\Users\Aaron8181\Downloads\RogueKiller.exe
2015-02-11 15:12 - 2015-02-11 15:12 - 02134016 _____ (Farbar) C:\Users\Aaron8181\Downloads\FRST64.exe
2015-02-07 08:23 - 2015-02-07 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-07 07:37 - 2015-02-07 07:37 - 00000000 ____D () C:\Users\Aaron8181\Documents\EVE
2015-02-07 07:24 - 2014-07-28 20:09 - 00009924 _____ () C:\Windows\system32\SndTAudio.cat
2015-02-07 07:24 - 2014-07-28 20:08 - 00036064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\SndTAudio.sys
2015-02-07 07:24 - 2014-07-28 18:24 - 00444640 _____ () C:\Windows\SysWOW64\GSService.exe
2015-02-05 18:29 - 2015-02-05 18:29 - 00000000 ___RD () C:\Users\Aaron8181\AppData\Roaming\Brother
2015-02-05 18:27 - 2015-02-05 18:47 - 00013305 _____ () C:\Windows\BRRBCOM.INI
2015-02-05 18:27 - 2015-02-05 18:28 - 00000141 _____ () C:\Windows\BROMJ4620DW.INI
2015-02-05 18:27 - 2015-02-05 18:27 - 00000000 ____D () C:\ProgramData\Brother
2015-02-05 18:26 - 2014-08-25 04:40 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-02-05 18:26 - 2014-08-25 04:40 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2015-02-05 18:26 - 2014-08-25 04:40 - 00050688 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BRPRTINK.DLL
2015-02-05 18:26 - 2014-08-25 04:40 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2015-02-05 18:26 - 2014-08-25 04:40 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2015-02-05 18:26 - 2014-08-25 04:40 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2015-02-05 18:26 - 2014-08-24 11:06 - 00227840 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOI14A.DLL
2015-02-01 17:49 - 2015-02-01 17:49 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-01 14:36 - 2015-02-07 13:10 - 00000000 ____D () C:\Program Files\Nightly
2015-01-31 09:15 - 2015-01-31 09:15 - 00000000 ____D () C:\Program Files (x86)\SpacialAudio
2015-01-27 13:32 - 2015-02-01 17:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 07:20 - 2015-01-27 14:18 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 11:06 - 2015-01-25 11:06 - 00741376 _____ () C:\Users\Aaron8181\Downloads\MediaProcessingSDK-2.1.5.1.exe
2015-01-25 11:06 - 2015-01-25 11:06 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\Multimedia Subsystem
2015-01-25 11:04 - 2015-02-07 07:30 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\SoundTaxi
2015-01-25 11:03 - 2015-02-07 07:28 - 00000000 ____D () C:\Program Files (x86)\SoundTaxi
2015-01-25 11:03 - 2015-02-07 07:26 - 00000000 ____D () C:\Program Files (x86)\SoundTaxi Media Suite
2015-01-23 15:19 - 2015-01-25 11:27 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\Mp3tag
2015-01-23 06:00 - 2015-01-23 06:01 - 00000000 ____D () C:\Users\Aaron8181\FrostWire
2015-01-22 23:44 - 2015-01-22 23:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-22 00:20 - 2015-01-22 00:20 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\CCP
2015-01-20 04:26 - 2015-01-20 04:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 04:26 - 2015-01-20 04:26 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 04:25 - 2015-01-20 04:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-19 12:09 - 2015-01-19 12:09 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\TeamViewer
2015-01-19 02:22 - 2015-01-19 02:22 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-16 17:24 - 2015-01-16 17:46 - 00667352 _____ () C:\Users\Aaron8181\Downloads\2014 Bernau A Form 1040  Individual Tax Return2.tax2014
2015-01-15 20:05 - 2015-01-16 17:46 - 00000000 ____D () C:\Users\Aaron8181\Documents\TurboTax
2015-01-15 20:05 - 2015-01-15 20:05 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\IsolatedStorage
2015-01-15 20:03 - 2015-01-15 20:05 - 00000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-15 20:03 - 2015-01-15 20:03 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\Intuit
2015-01-15 20:01 - 2015-01-15 20:03 - 00000000 ____D () C:\ProgramData\Intuit
2015-01-15 20:01 - 2015-01-15 20:01 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-01-15 04:17 - 2015-02-07 06:00 - 00000000 ____D () C:\Program Files (x86)\Net Tools
2015-01-15 04:17 - 2015-01-15 04:17 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-01-15 04:17 - 2006-06-23 21:38 - 00809345 _____ () C:\Windows\SysWOW64\nmap-os-fingerprints
2015-01-15 04:17 - 2006-06-23 21:38 - 00557444 _____ () C:\Windows\SysWOW64\nmap-service-probes
2015-01-15 04:17 - 2006-06-23 21:38 - 00452096 _____ () C:\Windows\SysWOW64\nmap.exe
2015-01-15 04:17 - 2006-06-23 21:38 - 00225546 _____ () C:\Windows\SysWOW64\nmap-mac-prefixes
2015-01-15 04:17 - 2006-06-23 21:38 - 00192007 _____ () C:\Windows\SysWOW64\CHANGELOG
2015-01-15 04:17 - 2006-06-23 21:38 - 00108536 _____ () C:\Windows\SysWOW64\nmap-services
2015-01-15 04:17 - 2006-06-23 21:38 - 00025611 _____ () C:\Windows\SysWOW64\COPYING
2015-01-15 04:17 - 2006-06-23 21:38 - 00021552 _____ () C:\Windows\SysWOW64\nmap.xsl
2015-01-15 04:17 - 2006-06-23 21:38 - 00017955 _____ () C:\Windows\SysWOW64\nmap-rpc
2015-01-15 04:17 - 2006-06-23 21:38 - 00006318 _____ () C:\Windows\SysWOW64\nmap-protocols
2015-01-15 04:17 - 2006-06-23 21:38 - 00000192 _____ () C:\Windows\SysWOW64\nmap_performance.reg
2015-01-15 04:17 - 2004-08-04 04:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msado25.tlb
2015-01-15 04:17 - 2004-07-10 04:44 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2015-01-15 04:17 - 2004-06-09 15:59 - 00939224 _____ (Macromedia, Inc.) C:\Windows\SysWOW64\Flash.ocx
2015-01-15 04:17 - 2004-03-01 20:55 - 00561179 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dao360.dll
2015-01-15 04:17 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42D.DLL
2015-01-15 04:17 - 2004-02-27 00:00 - 00061493 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCN42D.DLL
2015-01-15 04:17 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2015-01-15 04:17 - 2003-03-19 02:03 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71d.dll
2015-01-15 04:17 - 2003-01-29 17:50 - 00010348 _____ () C:\Windows\SysWOW64\SubclassingSink.tlb
2015-01-15 04:17 - 2002-11-20 19:53 - 00482123 _____ () C:\Windows\SysWOW64\nmapwin.chm
2015-01-15 04:17 - 2002-11-20 19:44 - 00077824 _____ (JVSoftware) C:\Windows\SysWOW64\nmapwin.exe
2015-01-15 04:17 - 2002-11-20 18:06 - 00290816 _____ () C:\Windows\SysWOW64\nmapserv.exe
2015-01-15 04:17 - 2002-08-15 15:09 - 00000687 _____ () C:\Windows\SysWOW64\nmapwin.exe.manifest
2015-01-15 04:17 - 2002-06-06 12:13 - 01077344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-01-15 04:17 - 2001-11-27 00:13 - 00114688 _____ (Open Source Telecom) C:\Windows\SysWOW64\CCGNU32.dll
2015-01-15 04:17 - 2001-09-07 14:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2015-01-15 04:17 - 2001-09-07 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msado20.tlb
2015-01-15 04:17 - 2001-04-05 16:43 - 01009336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mschrt20.ocx
2015-01-15 04:17 - 2000-12-06 01:00 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2015-01-15 04:17 - 2000-12-05 19:30 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswinsck.ocx
2015-01-15 04:17 - 2000-05-22 16:58 - 00647872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2015-01-15 04:17 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2015-01-15 04:17 - 2000-05-22 00:00 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.ocx
2015-01-15 04:17 - 2000-04-03 16:52 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2015-01-15 04:17 - 1999-05-07 00:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2015-01-15 04:17 - 1999-04-17 00:06 - 00010752 _____ (Almeida & Andrade Ltda) C:\Windows\SysWOW64\aamd532.dll
2015-01-15 04:17 - 1999-03-26 03:00 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2015-01-15 04:17 - 1998-08-09 17:07 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-01-15 04:17 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2015-01-15 04:17 - 1998-06-24 00:00 - 00103744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMM32.OCX
2015-01-15 04:17 - 1998-06-18 00:00 - 00299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDBRPTR.DLL
2015-01-15 04:17 - 1998-06-09 00:00 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDERUN.DLL
2015-01-15 04:16 - 2015-01-15 04:16 - 00000000 __SHD () C:\Users\Aaron8181\AppData\Local\EmieBrowserModeList
2015-01-15 04:07 - 2015-01-15 04:07 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\Macromedia
2015-01-15 04:01 - 2015-01-15 04:01 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\DarkstormOS
2015-01-15 03:52 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-15 03:52 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-15 03:47 - 2015-01-15 03:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-15 03:46 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-15 03:46 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-15 03:46 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-15 03:46 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-15 03:46 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-15 03:46 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-15 03:43 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-15 03:43 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-15 03:43 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-15 03:43 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-15 03:43 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-15 03:43 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-15 03:43 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-15 03:43 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-15 03:43 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-15 03:43 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-15 03:41 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 03:41 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:41 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 03:41 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 03:41 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 03:41 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 03:41 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 03:41 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 03:41 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 03:41 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 03:41 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:41 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 03:41 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 03:41 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-15 03:41 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-15 03:41 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-15 03:41 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-15 03:41 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-15 03:41 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-15 03:41 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-15 03:41 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-15 03:41 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-15 03:41 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-15 03:41 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-15 03:41 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-15 03:41 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-15 03:41 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-15 03:41 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-15 03:41 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-15 03:41 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-15 03:41 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-15 03:41 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-15 03:41 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-15 03:41 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-15 03:41 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-15 03:41 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-15 03:41 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-15 03:41 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-15 03:41 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-15 03:41 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-15 03:41 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-15 03:41 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-15 03:41 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-15 03:41 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-15 03:41 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-15 03:41 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-15 03:41 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-15 03:41 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-15 03:41 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-15 03:41 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-15 03:41 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-15 03:41 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-15 03:41 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-15 03:41 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-15 03:41 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-15 03:41 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-15 03:41 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-15 03:41 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-15 03:41 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-15 03:41 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-15 03:41 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-15 03:41 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-15 03:41 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-15 03:41 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-15 03:41 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-15 03:41 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-15 03:41 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-15 03:41 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-15 03:41 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-15 03:41 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-15 03:41 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-15 03:41 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-15 03:41 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-15 03:41 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-15 03:41 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-15 03:41 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-15 03:41 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-15 03:41 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-15 03:41 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-15 03:41 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-15 03:41 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-15 03:41 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-15 03:41 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-15 03:41 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-15 03:41 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-15 03:41 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-15 03:41 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-15 03:41 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-15 03:41 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-15 03:41 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-15 03:41 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-15 03:41 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-15 03:41 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-15 03:41 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-15 03:41 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-15 03:41 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-15 03:41 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-15 03:41 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-15 03:41 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-15 03:41 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-15 03:41 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-15 03:41 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-15 03:41 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-15 03:41 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-15 03:41 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-15 03:41 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-15 03:41 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-15 03:41 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-15 03:41 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-15 03:41 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-15 03:41 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-15 03:41 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-15 03:41 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-15 03:41 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-15 03:41 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-15 03:41 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-15 03:41 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-15 03:41 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-15 03:41 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-15 03:41 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-15 03:41 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-15 03:41 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-15 03:41 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-15 03:41 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-15 03:41 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-15 03:41 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-15 03:41 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-15 03:41 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-15 03:41 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-15 03:41 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-15 03:41 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-15 03:41 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-15 03:41 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-15 03:41 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-15 03:41 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-15 03:41 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-15 03:40 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-15 03:40 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-14 21:35 - 1997-11-19 15:49 - 00303616 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-01-13 03:03 - 2015-01-13 03:03 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2125890660-2588308760-302982774-1000Core1d02f07652acd78.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 15:15 - 2014-06-19 03:19 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\uTorrent
2015-02-11 15:13 - 2014-06-13 18:51 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\Skype
2015-02-11 13:54 - 2009-07-13 23:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 13:54 - 2009-07-13 23:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 13:53 - 2009-07-14 00:13 - 00798350 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 04:02 - 2014-06-13 20:14 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\TS3Client
2015-02-11 03:24 - 2014-06-13 18:13 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\vlc
2015-02-11 00:53 - 2014-06-13 19:47 - 00000000 ____D () C:\Program Files (x86)\DarkStorm
2015-02-09 19:43 - 2014-06-23 14:28 - 00000132 _____ () C:\Users\Aaron8181\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-08 16:11 - 2014-06-14 07:26 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\Adobe
2015-02-08 16:11 - 2014-06-14 05:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-08 16:11 - 2014-06-14 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-08 16:11 - 2014-06-14 05:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 06:13 - 2014-09-01 22:27 - 00057469 _____ () C:\Users\Aaron8181\dsp_stereo_tool.ini
2015-02-07 06:13 - 2014-06-28 22:15 - 00000000 ____D () C:\ProgramData\firebird
2015-02-07 06:13 - 2014-06-13 18:02 - 00000000 ____D () C:\Users\Aaron8181
2015-02-01 17:49 - 2014-06-13 19:05 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-01 14:53 - 2014-06-15 22:50 - 00001435 _____ () C:\Users\Aaron8181\AppData\Roaming\prio.ini
2015-01-31 09:25 - 2014-12-26 15:31 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\SpacialAudio
2015-01-31 09:04 - 2014-09-28 05:39 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-30 14:08 - 2014-09-15 05:14 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\HandBrake
2015-01-28 10:30 - 2014-06-17 23:16 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\TeamViewer
2015-01-27 16:49 - 2014-06-13 19:28 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-24 15:10 - 2014-09-08 22:42 - 00000000 ____D () C:\Users\Aaron8181\AppData\Roaming\Audacity
2015-01-22 23:44 - 2014-10-02 23:32 - 00000000 ____D () C:\ProgramData\Origin
2015-01-20 05:52 - 2014-09-04 16:59 - 00002336 ____H () C:\Users\Aaron8181\Documents\Default.rdp
2015-01-20 04:27 - 2014-07-16 06:49 - 00000000 ____D () C:\Program Files\Java
2015-01-20 04:26 - 2014-07-16 06:49 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-20 04:26 - 2014-07-16 06:49 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-20 04:26 - 2014-07-16 06:49 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-20 04:26 - 2014-07-16 06:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-18 03:53 - 2014-06-13 18:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-15 03:54 - 2014-06-14 17:35 - 00000000 ____D () C:\Users\Aaron8181\AppData\Local\Google
2015-01-15 03:53 - 2014-06-13 19:52 - 00790128 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 03:47 - 2014-06-13 19:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-15 03:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-15 03:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-15 03:46 - 2014-07-23 09:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 03:42 - 2014-06-13 19:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:00 - 2015-01-08 15:02 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-14 17:00 - 2014-07-22 19:05 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-14 16:57 - 2015-01-08 15:02 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-13 03:03 - 2014-06-14 17:35 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2125890660-2588308760-302982774-1000Core.job

==================== Files in the root of some directories =======

2014-06-23 14:28 - 2015-02-09 19:43 - 0000132 _____ () C:\Users\Aaron8181\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-09-26 15:37 - 2015-01-01 22:42 - 0000132 _____ () C:\Users\Aaron8181\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-06-15 22:50 - 2015-02-01 14:53 - 0001435 _____ () C:\Users\Aaron8181\AppData\Roaming\prio.ini
2014-09-09 01:05 - 2014-11-27 01:34 - 0007600 _____ () C:\Users\Aaron8181\AppData\Local\Resmon.ResmonCfg
2014-10-28 22:59 - 2014-10-28 22:59 - 0004152 _____ () C:\ProgramData\auqrgqib.ttw
2015-01-15 20:03 - 2015-01-15 20:05 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Windows\Tasks\{D3643F60-9155-477A-AD94-AEB30301614A}.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-13 19:58

==================== End Of Log ============================

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aaron8181 [Administrator]
Mode : Scan -- Date : 02/11/2015  15:19:38

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F9449C8-FA14-4633-BEB6-CC17DA46F1C9} | DhcpNameServer : 66.18.32.2 66.18.32.3 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3F9449C8-FA14-4633-BEB6-CC17DA46F1C9} | DhcpNameServer : 66.18.32.2 66.18.32.3 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3F9449C8-FA14-4633-BEB6-CC17DA46F1C9} | DhcpNameServer : 66.18.32.2 66.18.32.3 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2125890660-2588308760-302982774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2125890660-2588308760-302982774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Movies +++++
--- User ---
[MBR] aa94e43b2ad5f9a99dba5cbeadefcd0a
[bSP] 6779091ea5e24201322856f9a08a8140 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: Data +++++
--- User ---
[MBR] 78c09dea11c8efa761c3cde78234b7fd
[bSP] db3d317251a73b77c458d44a32e54be0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953872 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive2: ST1000NM0011 +++++
--- User ---
[MBR] f9ded822093ea044b232b3d2c829aafe
[bSP] 4feccde1dcfff7c0543baf9da603a780 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: OCZ-VERTEX3 ATA Device +++++
--- User ---
[MBR] 0baaa21cc7368b17f0b15b5d59124235
[bSP] bcbf0e71b1df22a81d597f060cda0139 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 57139 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Addition.txt

Link to post
Share on other sites

Thanks for the logs, run the following:

 

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\ProgramData\auqrgqib.ttw
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

 
Next,
 
Uninstall Malwarebytes version 1.75.0.1300 via Programs and Features...
 
Next,
 
Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

let me see those logs in your next reply...

 

kevin

Link to post
Share on other sites

I prefer not to update to Malware bytes v2.0 I hate the new UI with a passion.

 

https://www.virustotal.com/en/file/fe7608e1a2610b37683f80c132301019704cb98809b734caa99859c28afc4fc1/analysis/1423692467/

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)
Started On Wed Feb 11 17:14:38 2015

Engine: 1.1.11302.0
Signatures: 1.191.3593.0
 

Link to post
Share on other sites

If you prefer the previous version of Malwarebytes is ok by me... Continue:

 

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

@echo offdel /f /s /q "C:\Windows\Tasks\{D3643F60-9155-477A-AD94-AEB30301614A}.job"del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: batfileicon.gif<--XP vista_bat_icon.png <--vista or windows 7/8
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Let me know if any remaining issues or concerns...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

First step is to remove unwanted task, second step is to run Security Check, that will check if Java, Adobe, Browsers are upto date. Will also check if system security is A) active B) upto date.

 

Although logs are not indicating any obvious malware/infection is common courtesy for me to make sure your system is secure and up to date, if you prefer no other help tell me, is simple for you to ask to close out....

 

Run this to clean up tools:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following item is checked:

 

 

 

  •  

       

  • Remove disinfection tools

     

     

 

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Thank you,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.