Rkill 2.8.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/11/2016 06:21:41 PM in x64 mode. Windows Version: Windows Se7en Titan Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Possibly Patched Files. * C:\Windows\explorer.exe Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * Pare-feu Windows (MpsSvc) is not Running. Startup Type set to: Disabled * Pilote d’autorisation du Pare-feu Windows (mpsdrv) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * C:\Windows\explorer.exe : 2 868 224 : 07/14/2009 02:39 AM : b6e7fee1cae4895cc6c644f0244f7591 [NoSig] +-> C:\Windows\SysWOW64\explorer.exe : 2 614 272 : 10/31/2009 06:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2 868 224 : 07/14/2009 02:39 AM : b6e7fee1cae4895cc6c644f0244f7591 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2 868 224 : 08/03/2009 07:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2 868 224 : 07/14/2009 02:39 AM : b6e7fee1cae4895cc6c644f0244f7591 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2 868 224 : 08/03/2009 07:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2 870 272 : 10/31/2009 07:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2 613 248 : 07/14/2009 02:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2 613 248 : 08/03/2009 06:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2 614 272 : 10/31/2009 06:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2 613 248 : 08/03/2009 06:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2 614 272 : 10/31/2009 07:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost 13.69.186.195 global.bing.com 13.69.186.195 www.bing.com 13.69.186.195 cn.bing.com 13.69.186.195 bing.com 13.69.186.195 0search.internetquickaccess.com 13.69.186.195 1and1.com 13.69.186.195 22find.com 13.69.186.195 24img.com 13.69.186.195 7mcn.tvnewtabsearch.com 13.69.186.195 abcsearch.ru 13.69.186.195 airzip.inspsearch.com 13.69.186.195 alexnova.com 13.69.186.195 alles-im-inter.net 13.69.186.195 allinsearch.com 13.69.186.195 allsearch.ca 13.69.186.195 allsearch.space 13.69.186.195 alternativesearch.ru 13.69.186.195 amaizingsearches.info 13.69.186.195 amazon.smart-search.com 20 out of 868 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 03/11/2016 06:22:32 PM Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)