Sign in to follow this  
barbara_64

superfish, adchoices and others... stubborn

Recommended Posts

having trouble removing several adware viruses, including superfish, adchoices. These are creating pop ups everytime I open a page. Any help appreciated

 

 

FRST run

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Supreme Steggles (administrator) on SUPREMESTEGGLES on 21-01-2015 14:15:41
Running from C:\Users\Supreme Steggles\Desktop
Loaded Profiles: Supreme Steggles (Available profiles: Supreme Steggles)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-27] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [mbot_gb_254] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-836906749-1893374104-4223838171-1000\...\Run: [GoogleChromeAutoLaunch_809DF23706643F314883DE5A84861BBC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-836906749-1893374104-4223838171-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-836906749-1893374104-4223838171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-836906749-1893374104-4223838171-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8BCDFA2D-92E3-4B5E-9D66-FB43C497F31C}: [NameServer] 31.168.224.106,5.135.12.52
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> https://www.google.co.uk/
CHR Profile: C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-20]
CHR Extension: (Google Docs) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Google Drive) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-21]
CHR Extension: (YouTube) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20]
CHR Extension: (Google Search) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20]
CHR Extension: (Google Sheets) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20]
CHR Extension: (AdBlock) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-20]
CHR Extension: (Titanfall - Theme 1280x800) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\laokhbpfoaknljljfbmblapgajabkjnm [2015-01-20]
CHR Extension: (Google Wallet) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
CHR Extension: (Outlook.com) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-01-20]
CHR Extension: (Gmail) - C:\Users\Supreme Steggles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-12-11] (Adobe Systems) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-27] (Microsoft Corporation)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R3 brcmgps; C:\Windows\System32\DRIVERS\brcmgps.sys [58408 2010-01-23] (Broadcom Corporation. )
R3 DPFilter; C:\Windows\System32\DRIVERS\DPFilter.sys [66408 2012-02-27] (NEC Personal Computers, Ltd.)
R0 DPIDEFil; C:\Windows\System32\DRIVERS\DPIDEFil.sys [53608 2011-10-05] (NEC Personal Computers, Ltd.)
S3 IDCComP; C:\Windows\system32\drivers\idcpen.sys [37760 2010-07-20] (IdeaCom Technology Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-21] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-21] (Microsoft Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
S3 wisdpen; C:\Windows\system32\drivers\wisdpen.sys [45176 2011-09-26] (Wacom Technology)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 14:15 - 2015-01-21 14:15 - 00010738 _____ () C:\Users\Supreme Steggles\Desktop\FRST.txt
2015-01-21 13:56 - 2015-01-21 14:00 - 00000000 ____D () C:\AdwCleaner
2015-01-21 13:56 - 2015-01-21 13:56 - 02186752 _____ () C:\Users\Supreme Steggles\Downloads\AdwCleaner.exe
2015-01-21 13:55 - 2015-01-21 14:15 - 00000000 ____D () C:\FRST
2015-01-21 13:55 - 2015-01-21 14:14 - 00047670 _____ () C:\Users\Supreme Steggles\Downloads\FRST.txt
2015-01-21 13:55 - 2015-01-21 13:56 - 00025129 _____ () C:\Users\Supreme Steggles\Downloads\Addition.txt
2015-01-21 13:54 - 2015-01-21 13:54 - 02126848 _____ (Farbar) C:\Users\Supreme Steggles\Desktop\FRST64.exe
2015-01-21 13:35 - 2015-01-21 13:35 - 109594184 _____ (Sophos Limited) C:\Users\Supreme Steggles\Downloads\Sophos Virus Removal Tool.exe
2015-01-20 15:17 - 2015-01-20 15:17 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-20 15:17 - 2015-01-20 15:17 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-20 15:17 - 2015-01-20 15:17 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-20 15:17 - 2015-01-20 15:17 - 00000246 _____ () C:\prefs.js
2015-01-20 15:17 - 2015-01-20 15:17 - 00000000 ____D () C:\Users\Supreme Steggles\AppData\Roaming\LavasoftStatistics
2015-01-20 15:17 - 2015-01-20 15:17 - 00000000 ____D () C:\Users\Supreme Steggles\AppData\Local\Lavasoft
2015-01-20 15:17 - 2015-01-20 15:17 - 00000000 ____D () C:\searchplugins
2015-01-20 15:17 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-20 15:17 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-20 15:15 - 2015-01-21 14:02 - 00002328 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-20 15:15 - 2015-01-20 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-20 15:13 - 2015-01-20 15:13 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-20 15:08 - 2015-01-20 15:08 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-20 15:07 - 2015-01-20 15:15 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-20 15:07 - 2015-01-20 15:07 - 01924232 _____ () C:\Users\Supreme Steggles\Downloads\Adaware_Installer.exe
2015-01-20 12:31 - 2015-01-20 12:31 - 00002867 _____ () C:\Users\Supreme Steggles\Desktop\Outlook.com.lnk
2015-01-20 12:08 - 2015-01-20 12:08 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-20 12:08 - 2015-01-20 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-20 12:03 - 2015-01-20 12:03 - 00000000 __SHD () C:\Users\Supreme Steggles\AppData\Local\EmieUserList
2015-01-20 12:03 - 2015-01-20 12:03 - 00000000 __SHD () C:\Users\Supreme Steggles\AppData\Local\EmieSiteList
2015-01-20 12:03 - 2015-01-20 12:03 - 00000000 __SHD () C:\Users\Supreme Steggles\AppData\Local\EmieBrowserModeList
2015-01-19 17:36 - 2015-01-19 17:36 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-19 17:13 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-19 17:10 - 2015-01-19 17:10 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-19 17:10 - 2015-01-19 17:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-19 17:10 - 2015-01-19 17:10 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-19 17:10 - 2015-01-19 17:10 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-19 17:10 - 2015-01-19 17:10 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-19 17:10 - 2015-01-19 17:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-19 17:10 - 2015-01-19 17:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-19 17:10 - 2015-01-19 17:10 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-19 17:10 - 2015-01-19 17:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-19 17:10 - 2015-01-19 17:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-19 17:10 - 2015-01-19 17:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-19 17:10 - 2015-01-19 17:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-19 17:10 - 2015-01-19 17:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-19 16:56 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-19 16:56 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-19 16:56 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-19 16:56 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-19 16:56 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-19 16:56 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-19 16:56 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-19 16:56 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-19 16:56 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-19 16:56 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-19 16:49 - 2014-06-27 02:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-19 16:49 - 2014-06-27 01:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-19 16:45 - 2015-01-19 16:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 16:45 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 16:44 - 2014-07-17 02:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-19 16:44 - 2014-07-17 02:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-19 16:44 - 2014-07-17 02:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-19 16:44 - 2014-07-17 02:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-19 16:44 - 2014-07-17 02:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-19 16:44 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-19 16:44 - 2014-07-17 01:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-19 16:44 - 2014-07-17 01:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-19 16:44 - 2014-07-17 01:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-01-19 16:44 - 2014-07-17 01:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-19 16:44 - 2014-07-17 01:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-19 16:43 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 16:43 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-19 16:43 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 16:43 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 16:43 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 16:43 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 16:43 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 16:43 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 16:43 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-19 16:43 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-19 16:43 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 16:43 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-19 16:43 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-19 16:43 - 2014-12-04 02:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-19 16:43 - 2014-12-04 02:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-19 16:43 - 2014-12-04 02:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-19 16:43 - 2014-12-04 02:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-19 16:43 - 2014-12-04 02:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-19 16:43 - 2014-12-04 02:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-19 16:43 - 2014-12-04 02:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-19 16:43 - 2014-12-01 23:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-19 16:43 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-19 16:43 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-19 16:43 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-19 16:43 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-19 16:43 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-19 16:43 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-19 16:43 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-19 16:43 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-19 16:43 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-19 16:43 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-19 16:43 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-19 16:43 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-19 16:43 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-19 16:43 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-19 16:43 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-19 16:43 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-19 16:43 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-19 16:43 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-19 16:43 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-19 16:43 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-19 16:43 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-19 16:43 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-19 16:43 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-19 16:43 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-19 16:43 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-19 16:43 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-19 16:43 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-19 16:43 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-19 16:43 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-19 16:43 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-19 16:43 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-19 16:43 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-19 16:43 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-19 16:43 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-19 16:43 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-19 16:43 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-19 16:43 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-19 16:43 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-19 16:43 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-19 16:43 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-19 16:43 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-19 16:43 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-19 16:43 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-19 16:43 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-19 16:43 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-19 16:43 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-19 16:43 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-19 16:43 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-19 16:43 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-19 16:43 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-19 16:43 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-19 16:43 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-19 16:43 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-19 16:43 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-19 16:43 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-19 16:43 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-19 16:43 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-19 16:43 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-19 16:43 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-01-19 16:43 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-01-19 16:43 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-01-19 16:43 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-01-19 16:43 - 2014-07-09 02:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-01-19 16:43 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-01-19 16:43 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-01-19 16:43 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-01-19 16:43 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-01-19 16:43 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-01-19 16:43 - 2014-07-08 22:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-01-19 16:43 - 2014-07-08 22:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-19 16:43 - 2014-06-24 03:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-19 16:43 - 2014-06-24 02:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-19 16:43 - 2014-06-18 22:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-19 16:43 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-19 16:43 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-19 16:43 - 2014-06-18 22:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-19 16:43 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-19 16:43 - 2014-06-18 22:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-19 16:43 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-19 16:43 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-19 16:43 - 2011-03-11 06:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-01-19 16:43 - 2011-03-11 06:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-01-19 16:43 - 2011-03-11 06:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-01-19 16:43 - 2011-03-11 06:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-01-19 16:43 - 2011-03-11 06:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-01-19 16:43 - 2011-03-11 06:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-01-19 16:43 - 2011-03-11 06:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-01-19 16:43 - 2011-03-11 05:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-01-19 16:43 - 2011-03-11 05:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-01-19 16:43 - 2011-03-11 04:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-01-19 16:40 - 2014-09-04 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-19 16:40 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-19 16:40 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-19 16:40 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-19 16:39 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-19 16:39 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-19 16:39 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-19 16:39 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-19 16:39 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-19 15:23 - 2015-01-19 15:23 - 00000000 ____D () C:\Users\Supreme Steggles\Downloads\Bury Society web site
2015-01-19 15:22 - 2015-01-19 15:22 - 16694991 _____ () C:\Users\Supreme Steggles\Downloads\Bury Society web site.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 14:09 - 2009-07-14 04:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 14:09 - 2009-07-14 04:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 14:08 - 2009-07-14 05:13 - 00784670 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 14:06 - 2014-10-02 21:18 - 01399419 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 14:01 - 2013-07-02 21:44 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 14:01 - 2010-11-21 03:47 - 00022258 _____ () C:\Windows\PFRO.log
2015-01-21 14:01 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 14:01 - 2009-07-14 04:51 - 00060980 _____ () C:\Windows\setupact.log
2015-01-21 13:47 - 2013-07-02 21:44 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 16:44 - 2014-12-18 15:09 - 00000000 ____D () C:\Users\Supreme Steggles\AppData\Roaming\Lavasoft
2015-01-20 15:16 - 2014-12-18 15:09 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-01-20 14:38 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-20 12:08 - 2014-10-02 13:36 - 00000000 ____D () C:\Users\Supreme Steggles\AppData\Local\Google
2015-01-20 12:08 - 2013-07-02 21:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 21:21 - 2014-10-02 16:30 - 00000000 ____D () C:\Users\Supreme Steggles\Documents\Adobe.Photoshop.CS5.Extended.v12.0.Incl.Keymaker-EMBRACE
2015-01-19 18:01 - 2014-10-02 13:25 - 00001420 _____ () C:\Users\Supreme Steggles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 17:38 - 2009-07-14 04:45 - 00321472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-19 17:36 - 2014-10-09 17:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-19 17:36 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-19 17:36 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-19 17:15 - 2014-10-02 14:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-19 17:13 - 2014-10-09 12:00 - 00020713 _____ () C:\Windows\IE11_main.log
2015-01-19 17:07 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-19 17:00 - 2013-07-02 21:48 - 00789792 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-19 17:00 - 2013-07-02 21:48 - 00002148 _____ () C:\Windows\epplauncher.mif
2015-01-19 17:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-19 17:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-19 16:59 - 2014-10-02 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-01-19 16:56 - 2014-10-02 19:25 - 00070816 _____ () C:\Users\Supreme Steggles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-19 16:53 - 2014-10-02 14:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-19 15:33 - 2013-07-02 21:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-31 12:39 - 2014-10-02 14:14 - 00000000 ____D () C:\Users\Supreme Steggles\AppData\Roaming\Adobe
2014-12-31 11:14 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-11-03 12:24 - 2014-11-29 22:24 - 0000160 _____ () C:\Users\Supreme Steggles\AppData\Roaming\WB.CFG
2014-11-06 13:24 - 2014-11-06 13:24 - 0022528 _____ () C:\Users\Supreme Steggles\AppData\Local\612085dsisetup6142852.exe
2014-11-06 13:24 - 2014-11-24 10:24 - 0000001 _____ () C:\Users\Supreme Steggles\AppData\Local\DSI.DAT
2014-11-24 10:24 - 2014-11-24 10:24 - 0022528 _____ () C:\Users\Supreme Steggles\AppData\Local\dsisetup13721532.exe
Some content of TEMP:
====================
C:\Users\Supreme Steggles\AppData\Local\Temp\5bdbf4a9-aebc-4d81-bffc-500f24fc1ad6.exe
C:\Users\Supreme Steggles\AppData\Local\Temp\Quarantine.exe
C:\Users\Supreme Steggles\AppData\Local\Temp\SpOrder.dll
C:\Users\Supreme Steggles\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 19:00
ADDITIONAL SCAN REPORT
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Supreme Steggles at 2015-01-21 14:16:02
Running from C:\Users\Supreme Steggles\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials (Enabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware SE Professional (HKLM-x32\...\Ad-Aware SE Professional) (Version: 1.06 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Acrobat 7.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional) (Version: 7.0.0 - Adobe Systems)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Blend 2 (HKLM-x32\...\Blend_2.0.1523.0) (Version: 2.0.1523.0 - Microsoft Corporation)
Microsoft Expression Design 2 (HKLM-x32\...\Design_5.0.1379.0) (Version: 5.0.1379.0 - Microsoft Corporation)
Microsoft Expression Encoder 2 (HKLM-x32\...\Encoder_2.0.1406.0) (Version: 2.0.1406.0 - Microsoft Corporation)
Microsoft Expression Media 2 SP1 (HKLM-x32\...\{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}) (Version: 2.0.1631.0 - Microsoft Corporation)
Microsoft Expression Studio 2 (HKLM-x32\...\ExpressionStudio_2.0.133.0) (Version: 2.0.133.0 - Microsoft Corporation)
Microsoft Expression Web 2 (HKLM-x32\...\XWeb) (Version: 12.0.4518.1084 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-12-2014 15:03:40 Windows Update
23-12-2014 17:22:05 Windows Update
30-12-2014 17:06:27 Windows Update
07-01-2015 17:43:57 Scheduled Checkpoint
15-01-2015 17:04:39 Windows Update
19-01-2015 14:37:28 Windows Update
19-01-2015 16:44:53 Windows Update
20-01-2015 15:08:01 AA11
20-01-2015 15:15:57 LavasoftWeCompanion
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {EC439A0B-8E5D-4E11-93B5-0425231C9149} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {FADDFAE4-BF52-41BC-8AE0-09FB0A71B575} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-05-01 19:29 - 2014-05-01 19:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2014-10-16 09:15 - 2014-10-16 09:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00070464 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00171368 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00089928 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2014-12-16 12:10 - 2014-12-16 12:10 - 00041304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-01-20 12:08 - 2015-01-09 00:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-20 12:08 - 2015-01-09 00:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-20 12:08 - 2015-01-09 00:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-20 12:08 - 2015-01-09 00:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Supreme Steggles\Downloads\Robert Steggles Website.eml:OECustomProperty
AlternateDataStreams: C:\Users\Supreme Steggles\Documents\P2200022.AVI:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: wcejvfgvem32 => 2
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-836906749-1893374104-4223838171-500 - Administrator - Disabled)
Guest (S-1-5-21-836906749-1893374104-4223838171-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-836906749-1893374104-4223838171-1002 - Limited - Enabled)
Supreme Steggles (S-1-5-21-836906749-1893374104-4223838171-1000 - Administrator - Enabled) => C:\Users\Supreme Steggles
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 02:03:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 00:58:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 00:43:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 01:40:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 01:33:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 11:46:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 06:07:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 05:39:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 05:07:28 PM) (Source: MsiInstaller) (EventID: 11935) (User: SupremeSteggles)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}
Error: (01/19/2015 05:00:55 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: SupremeSteggles)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
System errors:
=============
Error: (01/21/2015 02:00:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%3
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly. It has done this 1 time(s).
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LavasoftTcpService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (01/21/2015 02:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Error: (01/20/2015 01:31:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Xeon® CPU E5450 @ 3.00GHz
Percentage of memory in use: 15%
Total physical RAM: 16381.65 MB
Available physical RAM: 13817.55 MB
Total Pagefile: 32761.49 MB
Available Pagefile: 29923.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:455.65 GB) (Free:336.35 GB) NTFS
Drive d: (Recovery image) (Fixed) (Total:9.77 GB) (Free:4.82 GB) NTFS
Drive e: (100223_1831) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9329709)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

 

Share this post


Link to post
Share on other sites

Hi Barbara,

 

1. Note that the following script will empty the recycle bins and all folders for temporary files.

 

Please, start Notepad.

Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [mbot_gb_254] => [X]
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-836906749-1893374104-4223838171-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Program Files\CloudGuard
C:\Windows\System32\Tasks\CloudScout
Tcpip\..\Interfaces\{8BCDFA2D-92E3-4B5E-9D66-FB43C497F31C}: [NameServer] 31.168.224.106,5.135.12.52
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

 

2. To get a second opinion, please run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/

To shorten the scanning time disable your antivirus program while scanning.

 

Select Enable detection of potentially unwanted applications.

Click Advanced Settings.

 

Deselect Remove found threats.

 

Select:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Click Start.

 

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your answer.

Share this post


Link to post
Share on other sites

Thanks Cecilia

 

FIXLOG TEXT

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Supreme Steggles at 2015-01-22 13:22:56 Run:1
Running from C:\Users\Supreme Steggles\Desktop
Loaded Profiles: Supreme Steggles (Available profiles: Supreme Steggles)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [mbot_gb_254] => [X]
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-836906749-1893374104-4223838171-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
C:\Program Files\CloudGuard
C:\Windows\System32\Tasks\CloudScout
Tcpip\..\Interfaces\{8BCDFA2D-92E3-4B5E-9D66-FB43C497F31C}: [NameServer] 31.168.224.106,5.135.12.52
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_gb_254 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-836906749-1893374104-4223838171-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"C:\Program Files\CloudGuard" => File/Directory not found.
"C:\Windows\System32\Tasks\CloudScout" => File/Directory not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BCDFA2D-92E3-4B5E-9D66-FB43C497F31C}\\NameServer => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= ipconfig /release =========
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::7015:aa72:a766:5729%11
Default Gateway . . . . . . . . . :
========= End of CMD: =========
========= ipconfig /renew =========
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::7015:aa72:a766:5729%11
IPv4 Address. . . . . . . . . . . : 192.168.1.72
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
========= End of CMD: =========
EmptyTemp: => Removed 634.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 13:23:35 ====
ESET THREATS FOUND
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application
C:\Program Files (x86)\Adobe\keygen.exe a variant of Win32/Keygen.BR potentially unsafe application
C:\Users\Supreme Steggles\Documents\mysdbackup\Draw_Something_v1.5.18_FULL_ANDROID-P2P.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup (1).exe a variant of Win32/InstallCore.UE potentially unwanted application
C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup.exe a variant of Win32/InstallCore.UE potentially unwanted application
C:\Users\Supreme Steggles\Downloads\setup (4).exe a variant of Win32/AdGazelle.B potentially unwanted application
Many thanks

Share this post


Link to post
Share on other sites

1. C:\Program Files (x86)\Adobe\keygen.exe a variant of Win32/Keygen.BR potentially unsafe application

Using cracked programs can infect the program.

 

C:\Users\Supreme Steggles\Documents\mysdbackup\Draw_Something_v1.5.18_FULL_ANDROID-P2P.apk a variant of Android/Inmobi.A potentially unsafe application

C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup (1).exe a variant of Win32/InstallCore.UE potentially unwanted application

C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup.exe a variant of Win32/InstallCore.UE potentially unwanted application

C:\Users\Supreme Steggles\Downloads\setup (4).exe a variant of Win32/AdGazelle.B potentially unwanted application

Be aware of that those installations file might be malicious, contain adware and/or install unwanted applications and not only what you want it to install.

 

2. Do you still have issues with all those ads or is it time to uninstall FRST and AdwCleaner?

Share this post


Link to post
Share on other sites

You're welcome :)

 

Time to uninstall AdwCleaner and FRST:

 

Please, turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

 

Download OTC http://oldtimer.geekstogo.com/OTC.exe

Close all programs.

Start OTC program.

Click the CleanUp! button.

Select Yes when asked "Begin cleanup process".

If you are asked to reboot, select Yes.

If any logs remain on the computer you can remove them.

 

 

It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this