Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help with hijacker, popups and stuck in safe mode [Solved]


  • This topic is locked This topic is locked

#46
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by LEAH (administrator) on LEAH-HP on 19-08-2014 15:21:03
Running from C:\Users\LEAH\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\LEAH\Downloads\FRST64 (6).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [Windows Media Center] => RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitsdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com...e=iehp-3.8-1312
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com...e=iehp-3.8-1312
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM - {DE30B262-EFFC-49B2-B5CA-F74EDFA0CA15} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {DE30B262-EFFC-49B2-B5CA-F74EDFA0CA15} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {9FE26522-63FB-437F-9C62-40E7F7ACDB46} URL = https://www.flickr.c...q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-08]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR Extension: (Google Docs) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (SoundCloud) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjjabnbepgcipkofphfpeehgpigdggi [2014-07-15]
CHR Extension: (YouTube) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (Renren Album Downloader) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmkdplopmpkfnlefdldpkbcmihgcdec [2014-07-08]
CHR Extension: (Papas Pizzeria) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaihmihhhgfofccgiboicjloaemhhfi [2014-07-11]
CHR Extension: (User Agent Selector) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbmdojpgjpmjjmnjdnbobcdhenmmgod [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 vtIPwA; "C:\ProgramData\gtreouZrD\vtIPwA.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-13] (AVG Technologies)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [79360 2011-06-01] (ASIX Electronics Corp.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-19 15:20 - 2014-08-19 15:20 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (6).exe
2014-08-19 14:43 - 2014-08-19 14:43 - 00001950 _____ () C:\Users\LEAH\Desktop\aswMBR1.txt
2014-08-19 14:43 - 2014-08-19 14:43 - 00000512 _____ () C:\Users\LEAH\Desktop\MBR.dat
2014-08-19 13:11 - 2014-08-19 13:11 - 05185536 _____ (AVAST Software) C:\Users\LEAH\Downloads\aswmbr (1).exe
2014-08-19 13:10 - 2014-08-19 13:09 - 05185536 _____ (AVAST Software) C:\Users\LEAH\Desktop\ASWMBRSCAN.exe
2014-08-19 13:09 - 2014-08-19 13:09 - 05185536 _____ (AVAST Software) C:\Users\LEAH\Downloads\aswmbr.exe
2014-08-19 12:41 - 2014-08-19 12:43 - 00001727 _____ () C:\Users\LEAH\Downloads\Search.txt
2014-08-19 12:40 - 2014-08-19 12:40 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (5).exe
2014-08-19 12:17 - 2014-08-19 12:17 - 00198797 _____ () C:\Users\LEAH\Desktop\K TEST,.....txt
2014-08-19 12:16 - 2014-08-19 12:16 - 00000000 _____ () C:\Users\LEAH\Desktop\New Text Document.txt
2014-08-19 12:14 - 2014-08-19 12:16 - 00013278 _____ () C:\Users\LEAH\Desktop\New Journal Document.jnt
2014-08-19 12:14 - 2014-08-19 12:14 - 00000000 ___RD () C:\Users\LEAH\Documents\Notes
2014-08-19 12:00 - 2014-08-19 12:00 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\LEAH\Desktop\tdsskiller.exe
2014-08-19 11:55 - 2014-08-19 11:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\LEAH\Downloads\tdsskiller.exe
2014-08-18 20:21 - 2014-08-18 20:21 - 00001473 _____ () C:\Users\LEAH\Downloads\AdwCleanerTXT (2).txt
2014-08-18 20:07 - 2014-08-18 20:07 - 00063565 _____ () C:\Users\LEAH\Downloads\COMBOTFIX.. (1).txt
2014-08-18 20:06 - 2014-08-18 20:06 - 00036042 _____ () C:\Users\LEAH\Downloads\ADDITIONSCAN.txt
2014-08-18 20:05 - 2014-08-18 20:05 - 00001473 _____ () C:\Users\LEAH\Downloads\AdwCleanerTXT (1).txt
2014-08-18 18:28 - 2014-08-18 18:28 - 00063565 _____ () C:\Users\LEAH\Downloads\COMBOTFIX...txt
2014-08-18 18:04 - 2014-08-18 18:24 - 00063565 _____ () C:\Users\LEAH\Desktop\COMBOTFIX...txt
2014-08-18 18:02 - 2014-08-18 18:02 - 00063565 _____ () C:\ComboFix.txt
2014-08-18 17:51 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-18 17:51 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-18 17:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-18 17:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-18 17:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-18 17:51 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-18 17:51 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-18 17:51 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-18 17:50 - 2014-08-18 18:02 - 00000000 ____D () C:\Qoobox
2014-08-18 17:50 - 2014-08-18 18:01 - 00000000 ____D () C:\Windows\erdnt
2014-08-18 17:50 - 2014-08-18 17:50 - 05572035 ____R (Swearware) C:\Users\LEAH\Desktop\ComboFix.exe
2014-08-18 17:48 - 2014-08-18 17:48 - 05572035 _____ (Swearware) C:\Users\LEAH\Downloads\ComboFix.exe
2014-08-17 20:16 - 2014-08-17 20:16 - 00001473 _____ () C:\Users\LEAH\Downloads\AdwCleanerTXT.txt
2014-08-17 19:59 - 2014-08-17 20:11 - 00036042 _____ () C:\Users\LEAH\Desktop\ADDITIONSCAN.txt
2014-08-17 19:55 - 2014-08-17 19:55 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (4).exe
2014-08-17 19:39 - 2014-08-17 19:44 - 00001473 _____ () C:\Users\LEAH\Desktop\AdwCleanerTXT.txt
2014-08-17 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-17 18:38 - 2014-08-17 19:38 - 00000000 ____D () C:\AdwCleaner
2014-08-17 18:38 - 2014-08-17 18:37 - 00028589 _____ () C:\Users\LEAH\Desktop\ADWCLEANER.htm
2014-08-17 18:36 - 2014-08-17 18:36 - 01361671 _____ () C:\Users\LEAH\Downloads\AdwCleaner.exe
2014-08-17 18:30 - 2014-08-17 18:29 - 00028589 _____ () C:\Users\LEAH\Desktop\adcleanerxplode.htm
2014-08-17 15:19 - 2014-08-17 15:19 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (3).exe
2014-08-17 15:09 - 2014-08-17 15:09 - 00585920 _____ (Firseria.-.Installer · sl) C:\Users\LEAH\Downloads\Unconfirmed 69672.crdownload
2014-08-17 14:50 - 2014-08-17 14:50 - 00434796 _____ () C:\Users\LEAH\Downloads\fixlist (1).txt
2014-08-17 14:50 - 2014-08-17 14:50 - 00434796 _____ () C:\Users\LEAH\Desktop\fixlist (1).txt
2014-08-16 13:42 - 2014-08-16 13:42 - 00632194 _____ () C:\Users\LEAH\Downloads\install (5).exe
2014-08-16 12:52 - 2014-08-16 12:52 - 00632193 _____ () C:\Users\LEAH\Downloads\install (4).exe
2014-08-15 23:09 - 2014-08-15 23:08 - 00024663 _____ () C:\Users\LEAH\Desktop\fiberrecoveryscan.htm
2014-08-15 17:14 - 2014-08-15 17:14 - 00632189 _____ () C:\Users\LEAH\Downloads\install (3).exe
2014-08-15 17:13 - 2014-08-16 21:21 - 00895182 _____ () C:\Users\LEAH\Desktop\FRST.txt
2014-08-15 17:12 - 2014-08-16 13:42 - 00001868 _____ () C:\Users\LEAH\Desktop\Continue FLV Player.lnk
2014-08-15 17:12 - 2014-08-15 17:12 - 00632191 _____ () C:\Users\LEAH\Downloads\install (2).exe
2014-08-15 17:10 - 2014-08-15 17:10 - 02100224 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (2).exe
2014-08-15 17:08 - 2014-08-15 17:08 - 02100224 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (1).exe
2014-08-15 17:08 - 2014-08-15 17:08 - 00074135 _____ () C:\Users\LEAH\Desktop\Downloading Farbar Recovery Scan Tool.htm
2014-08-15 17:08 - 2014-08-15 17:08 - 00000000 ____D () C:\Users\LEAH\Desktop\Downloading Farbar Recovery Scan Tool_files
2014-08-15 16:31 - 2014-08-17 20:07 - 00036042 _____ () C:\Users\LEAH\Downloads\Addition.txt
2014-08-15 16:27 - 2014-08-19 15:21 - 00014381 _____ () C:\Users\LEAH\Downloads\FRST.txt
2014-08-15 16:26 - 2014-08-19 15:21 - 00000000 ____D () C:\FRST
2014-08-15 16:25 - 2014-08-15 16:25 - 02100224 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64.exe
2014-08-15 15:33 - 2014-08-15 15:33 - 00632192 _____ () C:\Users\LEAH\Downloads\install (1).exe
2014-08-15 15:31 - 2014-08-15 15:31 - 00632193 _____ () C:\Users\LEAH\Downloads\install.exe
2014-08-15 14:47 - 2014-08-15 20:29 - 00002577 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-15 14:25 - 2014-08-15 14:25 - 00000000 ____D () C:\Users\LEAH\Documents\ProcAlyzer Dumps
2014-08-15 13:38 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140815-133802.backup
2014-08-15 13:33 - 2014-08-15 13:33 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-15 13:33 - 2014-08-15 13:33 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-15 13:33 - 2014-08-15 13:33 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-08-15 13:33 - 2014-08-15 13:33 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-08-15 13:33 - 2014-08-15 13:33 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-15 13:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-15 13:32 - 2014-08-15 14:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 13:32 - 2014-08-15 13:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-15 13:30 - 2014-08-15 13:31 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\LEAH\Downloads\spybot-2.4.exe
2014-08-15 13:09 - 2014-08-15 13:09 - 00000327 _____ () C:\Users\LEAH\AppData\Local\LMIR0001.tmp_r.bat
2014-08-15 13:04 - 2014-08-19 14:44 - 00296032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 13:04 - 2014-08-18 17:58 - 00008216 _____ () C:\Windows\PFRO.log
2014-08-15 12:20 - 2014-08-15 12:20 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\supportdotcom
2014-08-15 12:20 - 2014-08-15 12:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 12:20 - 2014-08-15 12:20 - 00000000 _____ () C:\Windows\setupact.log
2014-08-15 01:12 - 2014-08-15 01:12 - 01295088 _____ (VideoPerformer) C:\Users\LEAH\Downloads\VideoPerformerSetup.exe
2014-08-14 23:52 - 2014-08-14 23:52 - 00064824 _____ () C:\Users\LEAH\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 23:26 - 2014-08-14 23:26 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForLEAH.job
2014-08-14 22:27 - 2014-08-14 22:27 - 00001284 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-08-14 22:14 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-08-14 22:13 - 2014-08-14 22:13 - 30418128 _____ (Panda Security ) C:\Users\LEAH\Desktop\PandaCloudCleaner.exe
2014-08-14 03:01 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 03:01 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 03:01 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 03:01 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 03:01 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 03:01 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 03:00 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 03:00 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 02:51 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 02:51 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 02:51 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 02:51 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 02:51 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 02:51 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 02:51 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 02:51 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 02:51 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 02:51 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 02:51 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 02:51 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 02:51 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 02:51 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 02:51 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 02:51 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 02:51 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 02:51 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 02:51 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 02:51 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 02:51 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 02:51 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 02:51 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 02:51 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 02:51 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 02:51 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 02:51 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 02:51 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 02:51 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 02:51 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 02:51 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 02:51 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 02:51 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 02:51 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 02:51 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 02:51 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 02:51 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 02:51 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 02:51 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 02:51 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 02:51 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 02:51 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 02:51 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 02:51 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 02:51 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 02:51 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 02:51 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 02:51 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 02:51 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 02:51 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 02:51 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 02:51 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 02:51 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 02:51 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 02:51 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 02:51 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 02:51 - 2014-07-15 22:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 02:51 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 02:51 - 2014-07-15 21:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 02:51 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 02:51 - 2014-07-15 21:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 02:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 02:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 02:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 02:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 02:51 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 02:51 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 02:51 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 02:51 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 02:51 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 02:51 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 02:51 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 02:51 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 02:51 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 02:51 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 02:51 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 02:51 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 02:51 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 02:51 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 02:51 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 02:51 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 02:51 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 02:51 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 02:50 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 02:50 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 02:50 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 02:50 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 15:46 - 2014-08-13 15:46 - 00000000 ____D () C:\Users\LEAH\AppData\Local\ProcessScriptSymbolic
2014-08-12 11:26 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-12 11:26 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-12 02:24 - 2014-08-12 02:59 - 00000000 ___DC () C:\Users\LEAH\AppData\Local\MigWiz
2014-08-11 23:27 - 2014-08-11 23:27 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-08-11 23:26 - 2014-08-11 23:27 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-11 23:26 - 2014-08-11 23:26 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\Yahoo!
2014-08-11 19:25 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-11 19:25 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-11 19:25 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-11 19:25 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-11 19:25 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-11 19:25 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-11 19:25 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-11 19:25 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-11 19:25 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-11 19:25 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-11 19:25 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-11 19:25 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-11 19:25 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-11 19:25 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-11 19:25 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-11 19:25 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-11 19:25 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-11 19:25 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-11 19:06 - 2014-08-15 04:30 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9DFA2F7-49D8-4BDA-88CB-519C621E9C35}
2014-08-11 18:26 - 2014-08-19 14:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-04 15:34 - 2014-08-04 15:34 - 00000000 ____D () C:\Windows\SysWOW64\CursorODBCSchema
2014-08-04 15:33 - 2014-08-04 15:33 - 00000000 ____D () C:\Users\LEAH\AppData\Local\Downloaded Installations
2014-08-04 15:31 - 2014-08-04 15:31 - 00058172 _____ () C:\Users\LEAH\Downloads\java_installer (3).exe
2014-08-04 15:31 - 2014-08-04 15:31 - 00051196 _____ () C:\Users\LEAH\Downloads\java_installer (4).exe
2014-08-04 15:00 - 2014-08-04 15:00 - 00000153 _____ () C:\Users\LEAH\Downloads\pixel (14)
2014-08-04 14:52 - 2014-08-04 14:52 - 00000157 _____ () C:\Users\LEAH\Downloads\Unconfirmed 636465.crdownload
2014-08-04 14:52 - 2014-08-04 14:52 - 00000157 _____ () C:\Users\LEAH\Downloads\Unconfirmed 11641.crdownload
2014-08-04 12:40 - 2014-08-04 12:40 - 00057980 _____ () C:\Users\LEAH\Downloads\6323.tmp
2014-08-04 12:23 - 2014-08-04 12:23 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (13)
2014-08-04 11:12 - 2014-08-04 11:12 - 00000148 _____ () C:\Users\LEAH\Downloads\afs
2014-08-04 06:24 - 2014-08-04 06:24 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (12)
2014-08-04 06:18 - 2014-08-04 06:18 - 00000156 _____ () C:\Users\LEAH\Downloads\s
2014-08-04 06:10 - 2014-08-04 06:10 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (11)
2014-08-04 06:05 - 2014-08-04 06:05 - 00000154 _____ () C:\Users\LEAH\Downloads\Unconfirmed 121480.crdownload
2014-08-04 04:50 - 2014-08-04 04:50 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (10)
2014-08-04 04:12 - 2014-08-04 04:12 - 00000157 _____ () C:\Users\LEAH\Downloads\WLBidRequestHandler
2014-08-04 04:12 - 2014-08-04 04:12 - 00000157 _____ () C:\Users\LEAH\Downloads\if
2014-08-04 03:24 - 2014-08-04 03:25 - 00574412 _____ () C:\Users\LEAH\Downloads\37C7.tmp
2014-08-03 23:29 - 2014-08-03 23:29 - 00000148 _____ () C:\Users\LEAH\Downloads\Unconfirmed 514775.crdownload
2014-08-03 22:51 - 2014-08-03 22:51 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (9)
2014-08-03 22:37 - 2014-08-03 22:37 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (8)
2014-08-03 21:58 - 2014-08-03 21:58 - 00000155 _____ () C:\Users\LEAH\Downloads\adi
2014-08-03 21:19 - 2014-08-03 21:19 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (7)
2014-08-03 21:06 - 2014-08-03 21:06 - 00000148 _____ () C:\Users\LEAH\Downloads\index.php
2014-08-03 20:54 - 2014-08-03 20:54 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (6)
2014-08-03 20:46 - 2014-08-03 20:46 - 00000157 _____ () C:\Users\LEAH\Downloads\tcerider.php
2014-08-03 20:41 - 2014-08-03 20:41 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (5)
2014-08-03 19:26 - 2014-08-03 19:26 - 00000155 _____ () C:\Users\LEAH\Downloads\push (1)
2014-08-03 19:20 - 2014-08-03 19:20 - 00000148 _____ () C:\Users\LEAH\Downloads\push
2014-08-03 19:14 - 2014-08-03 19:14 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (4)
2014-08-03 18:59 - 2014-08-03 18:59 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (3)
2014-08-03 17:57 - 2014-08-03 17:57 - 00000156 _____ () C:\Users\LEAH\Downloads\Unconfirmed 307460.crdownload
2014-08-03 17:20 - 2014-08-03 17:20 - 00000156 _____ () C:\Users\LEAH\Downloads\pixel (2)
2014-08-03 16:32 - 2014-08-03 16:32 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (1)
2014-08-02 17:06 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 17:06 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 17:06 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 17:06 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 17:06 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 17:06 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 17:06 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 17:06 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 17:06 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 17:06 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 17:06 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 17:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 17:06 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 17:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 09:50 - 2014-07-31 09:50 - 00000157 _____ () C:\Users\LEAH\Downloads\v=5;m=3;l=45798;c=675832;b=2906061;ts=20140731105033;r=http---www.lifescript.com-health-centers-adhd_pediatric-tips-10_easy_tips_to_pare.aspx-utm_source=adon&utm_medium=cpc&utm_content=114426_1829_173&utm_campaign=adhd_child
2014-07-28 02:35 - 2014-07-28 02:35 - 00000155 _____ () C:\Users\LEAH\Downloads\v=5;m=3;l=37851;c=675832;b=2906063;ts=20140728033506;r=http---showadsak.pubmatic.com-AdServer-AdServerServlet-pubId=30062&siteId=40976&adId=63416&kadwidth=160&kadheight=600&SAVersion=2&js=1&kdntu.9361560686957091&pmUniAdId=0
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-19 15:21 - 2014-08-15 16:27 - 00014381 _____ () C:\Users\LEAH\Downloads\FRST.txt
2014-08-19 15:21 - 2014-08-15 16:26 - 00000000 ____D () C:\FRST
2014-08-19 15:20 - 2014-08-19 15:20 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (6).exe
2014-08-19 14:57 - 2014-06-16 21:32 - 01424075 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 14:50 - 2009-07-14 00:13 - 00782280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 14:46 - 2014-08-11 18:26 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-19 14:44 - 2014-08-15 13:04 - 00296032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 14:43 - 2014-08-19 14:43 - 00001950 _____ () C:\Users\LEAH\Desktop\aswMBR1.txt
2014-08-19 14:43 - 2014-08-19 14:43 - 00000512 _____ () C:\Users\LEAH\Desktop\MBR.dat
2014-08-19 13:11 - 2014-08-19 13:11 - 05185536 _____ (AVAST Software) C:\Users\LEAH\Downloads\aswmbr (1).exe
2014-08-19 13:09 - 2014-08-19 13:10 - 05185536 _____ (AVAST Software) C:\Users\LEAH\Desktop\ASWMBRSCAN.exe
2014-08-19 13:09 - 2014-08-19 13:09 - 05185536 _____ (AVAST Software) C:\Users\LEAH\Downloads\aswmbr.exe
2014-08-19 12:43 - 2014-08-19 12:41 - 00001727 _____ () C:\Users\LEAH\Downloads\Search.txt
2014-08-19 12:40 - 2014-08-19 12:40 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (5).exe
2014-08-19 12:17 - 2014-08-19 12:17 - 00198797 _____ () C:\Users\LEAH\Desktop\K TEST,.....txt
2014-08-19 12:16 - 2014-08-19 12:16 - 00000000 _____ () C:\Users\LEAH\Desktop\New Text Document.txt
2014-08-19 12:16 - 2014-08-19 12:14 - 00013278 _____ () C:\Users\LEAH\Desktop\New Journal Document.jnt
2014-08-19 12:14 - 2014-08-19 12:14 - 00000000 ___RD () C:\Users\LEAH\Documents\Notes
2014-08-19 12:00 - 2014-08-19 12:00 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\LEAH\Desktop\tdsskiller.exe
2014-08-19 11:55 - 2014-08-19 11:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\LEAH\Downloads\tdsskiller.exe
2014-08-18 20:21 - 2014-08-18 20:21 - 00001473 _____ () C:\Users\LEAH\Downloads\AdwCleanerTXT (2).txt
2014-08-18 20:07 - 2014-08-18 20:07 - 00063565 _____ () C:\Users\LEAH\Downloads\COMBOTFIX.. (1).txt
2014-08-18 20:06 - 2014-08-18 20:06 - 00036042 _____ () C:\Users\LEAH\Downloads\ADDITIONSCAN.txt
2014-08-18 20:05 - 2014-08-18 20:05 - 00001473 _____ () C:\Users\LEAH\Downloads\AdwCleanerTXT (1).txt
2014-08-18 18:28 - 2014-08-18 18:28 - 00063565 _____ () C:\Users\LEAH\Downloads\COMBOTFIX...txt
2014-08-18 18:24 - 2014-08-18 18:04 - 00063565 _____ () C:\Users\LEAH\Desktop\COMBOTFIX...txt
2014-08-18 18:14 - 2013-01-07 23:02 - 00000000 ___RD () C:\Users\LEAH\Desktop\MISC APPLICATIONS
2014-08-18 18:02 - 2014-08-18 18:02 - 00063565 _____ () C:\ComboFix.txt
2014-08-18 18:02 - 2014-08-18 17:50 - 00000000 ____D () C:\Qoobox
2014-08-18 18:01 - 2014-08-18 17:50 - 00000000 ____D () C:\Windows\erdnt
2014-08-18 17:58 - 2014-08-15 13:04 - 00008216 _____ () C:\Windows\PFRO.log
2014-08-18 17:58 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-18 17:57 - 2009-07-13 21:34 - 77856768 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-18 17:57 - 2009-07-13 21:34 - 15728640 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-18 17:57 - 2009-07-13 21:34 - 05242880 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-18 17:57 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-18 17:57 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-18 17:56 - 2013-06-12 12:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-18 17:50 - 2014-08-18 17:50 - 05572035 ____R (Swearware) C:\Users\LEAH\Desktop\ComboFix.exe
2014-08-18 17:48 - 2014-08-18 17:48 - 05572035 _____ (Swearware) C:\Users\LEAH\Downloads\ComboFix.exe
2014-08-18 17:44 - 2014-06-16 16:41 - 00000977 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-17 20:16 - 2014-08-17 20:16 - 00001473 _____ () C:\Users\LEAH\Downloads\AdwCleanerTXT.txt
2014-08-17 20:11 - 2014-08-17 19:59 - 00036042 _____ () C:\Users\LEAH\Desktop\ADDITIONSCAN.txt
2014-08-17 20:07 - 2014-08-15 16:31 - 00036042 _____ () C:\Users\LEAH\Downloads\Addition.txt
2014-08-17 19:55 - 2014-08-17 19:55 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (4).exe
2014-08-17 19:44 - 2014-08-17 19:39 - 00001473 _____ () C:\Users\LEAH\Desktop\AdwCleanerTXT.txt
2014-08-17 19:38 - 2014-08-17 18:38 - 00000000 ____D () C:\AdwCleaner
2014-08-17 18:37 - 2014-08-17 18:38 - 00028589 _____ () C:\Users\LEAH\Desktop\ADWCLEANER.htm
2014-08-17 18:36 - 2014-08-17 18:36 - 01361671 _____ () C:\Users\LEAH\Downloads\AdwCleaner.exe
2014-08-17 18:29 - 2014-08-17 18:30 - 00028589 _____ () C:\Users\LEAH\Desktop\adcleanerxplode.htm
2014-08-17 15:22 - 2013-11-30 09:53 - 00000000 ____D () C:\temp
2014-08-17 15:22 - 2013-01-06 19:32 - 00000000 ____D () C:\Users\LEAH
2014-08-17 15:20 - 2013-09-11 17:40 - 00000000 ____D () C:\Users\LEAH\AppData\Local\CRE
2014-08-17 15:20 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-17 15:19 - 2014-08-17 15:19 - 02101760 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (3).exe
2014-08-17 15:09 - 2014-08-17 15:09 - 00585920 _____ (Firseria.-.Installer · sl) C:\Users\LEAH\Downloads\Unconfirmed 69672.crdownload
2014-08-17 14:50 - 2014-08-17 14:50 - 00434796 _____ () C:\Users\LEAH\Downloads\fixlist (1).txt
2014-08-17 14:50 - 2014-08-17 14:50 - 00434796 _____ () C:\Users\LEAH\Desktop\fixlist (1).txt
2014-08-16 21:21 - 2014-08-15 17:13 - 00895182 _____ () C:\Users\LEAH\Desktop\FRST.txt
2014-08-16 13:42 - 2014-08-16 13:42 - 00632194 _____ () C:\Users\LEAH\Downloads\install (5).exe
2014-08-16 13:42 - 2014-08-15 17:12 - 00001868 _____ () C:\Users\LEAH\Desktop\Continue FLV Player.lnk
2014-08-16 12:52 - 2014-08-16 12:52 - 00632193 _____ () C:\Users\LEAH\Downloads\install (4).exe
2014-08-16 00:05 - 2013-01-06 21:44 - 00000000 ____D () C:\Users\LEAH\AppData\Local\CrashDumps
2014-08-15 23:08 - 2014-08-15 23:09 - 00024663 _____ () C:\Users\LEAH\Desktop\fiberrecoveryscan.htm
2014-08-15 20:29 - 2014-08-15 14:47 - 00002577 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-15 17:14 - 2014-08-15 17:14 - 00632189 _____ () C:\Users\LEAH\Downloads\install (3).exe
2014-08-15 17:12 - 2014-08-15 17:12 - 00632191 _____ () C:\Users\LEAH\Downloads\install (2).exe
2014-08-15 17:10 - 2014-08-15 17:10 - 02100224 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (2).exe
2014-08-15 17:08 - 2014-08-15 17:08 - 02100224 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64 (1).exe
2014-08-15 17:08 - 2014-08-15 17:08 - 00074135 _____ () C:\Users\LEAH\Desktop\Downloading Farbar Recovery Scan Tool.htm
2014-08-15 17:08 - 2014-08-15 17:08 - 00000000 ____D () C:\Users\LEAH\Desktop\Downloading Farbar Recovery Scan Tool_files
2014-08-15 16:25 - 2014-08-15 16:25 - 02100224 _____ (Farbar) C:\Users\LEAH\Downloads\FRST64.exe
2014-08-15 15:33 - 2014-08-15 15:33 - 00632192 _____ () C:\Users\LEAH\Downloads\install (1).exe
2014-08-15 15:31 - 2014-08-15 15:31 - 00632193 _____ () C:\Users\LEAH\Downloads\install.exe
2014-08-15 14:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-08-15 14:25 - 2014-08-15 14:25 - 00000000 ____D () C:\Users\LEAH\Documents\ProcAlyzer Dumps
2014-08-15 14:20 - 2014-08-15 13:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 13:38 - 2009-07-13 21:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140816-003126.backup
2014-08-15 13:34 - 2014-08-15 13:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-15 13:33 - 2014-08-15 13:33 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-15 13:33 - 2014-08-15 13:33 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-15 13:33 - 2014-08-15 13:33 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-08-15 13:33 - 2014-08-15 13:33 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-08-15 13:33 - 2014-08-15 13:33 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-15 13:31 - 2014-08-15 13:30 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\LEAH\Downloads\spybot-2.4.exe
2014-08-15 13:09 - 2014-08-15 13:09 - 00000327 _____ () C:\Users\LEAH\AppData\Local\LMIR0001.tmp_r.bat
2014-08-15 12:52 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 12:52 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 12:20 - 2014-08-15 12:20 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\supportdotcom
2014-08-15 12:20 - 2014-08-15 12:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 12:20 - 2014-08-15 12:20 - 00000000 _____ () C:\Windows\setupact.log
2014-08-15 04:30 - 2014-08-11 19:06 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9DFA2F7-49D8-4BDA-88CB-519C621E9C35}
2014-08-15 01:12 - 2014-08-15 01:12 - 01295088 _____ (VideoPerformer) C:\Users\LEAH\Downloads\VideoPerformerSetup.exe
2014-08-15 00:36 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\vlc
2014-08-15 00:13 - 2011-12-17 03:41 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-14 23:52 - 2014-08-14 23:52 - 00064824 _____ () C:\Users\LEAH\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 23:26 - 2014-08-14 23:26 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForLEAH.job
2014-08-14 23:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 22:27 - 2014-08-14 22:27 - 00001284 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-08-14 22:13 - 2014-08-14 22:13 - 30418128 _____ (Panda Security ) C:\Users\LEAH\Desktop\PandaCloudCleaner.exe
2014-08-14 05:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 03:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 03:22 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:05 - 2013-01-09 15:19 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 03:00 - 2014-06-17 21:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 15:46 - 2014-08-13 15:46 - 00000000 ____D () C:\Users\LEAH\AppData\Local\ProcessScriptSymbolic
2014-08-12 11:56 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-12 02:59 - 2014-08-12 02:24 - 00000000 ___DC () C:\Users\LEAH\AppData\Local\MigWiz
2014-08-11 23:27 - 2014-08-11 23:27 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-08-11 23:27 - 2014-08-11 23:26 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-11 23:27 - 2014-07-03 07:44 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-08-11 23:27 - 2013-01-08 00:05 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-08-11 23:26 - 2014-08-11 23:26 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\Yahoo!
2014-08-11 19:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-11 19:30 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 19:14 - 2013-03-12 20:32 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-11 19:14 - 2013-01-07 22:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-06 21:06 - 2014-08-14 02:50 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-14 02:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 10:36 - 2009-07-13 21:34 - 00000540 _____ () C:\Windows\win.ini
2014-08-04 20:32 - 2009-07-14 00:08 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-04 15:34 - 2014-08-04 15:34 - 00000000 ____D () C:\Windows\SysWOW64\CursorODBCSchema
2014-08-04 15:33 - 2014-08-04 15:33 - 00000000 ____D () C:\Users\LEAH\AppData\Local\Downloaded Installations
2014-08-04 15:31 - 2014-08-04 15:31 - 00058172 _____ () C:\Users\LEAH\Downloads\java_installer (3).exe
2014-08-04 15:31 - 2014-08-04 15:31 - 00051196 _____ () C:\Users\LEAH\Downloads\java_installer (4).exe
2014-08-04 15:01 - 2013-01-06 23:27 - 00000000 ____D () C:\Users\LEAH\AppData\Local\Deployment
2014-08-04 15:00 - 2014-08-04 15:00 - 00000153 _____ () C:\Users\LEAH\Downloads\pixel (14)
2014-08-04 14:52 - 2014-08-04 14:52 - 00000157 _____ () C:\Users\LEAH\Downloads\Unconfirmed 636465.crdownload
2014-08-04 14:52 - 2014-08-04 14:52 - 00000157 _____ () C:\Users\LEAH\Downloads\Unconfirmed 11641.crdownload
2014-08-04 12:40 - 2014-08-04 12:40 - 00057980 _____ () C:\Users\LEAH\Downloads\6323.tmp
2014-08-04 12:23 - 2014-08-04 12:23 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (13)
2014-08-04 11:12 - 2014-08-04 11:12 - 00000148 _____ () C:\Users\LEAH\Downloads\afs
2014-08-04 06:24 - 2014-08-04 06:24 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (12)
2014-08-04 06:18 - 2014-08-04 06:18 - 00000156 _____ () C:\Users\LEAH\Downloads\s
2014-08-04 06:10 - 2014-08-04 06:10 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (11)
2014-08-04 06:05 - 2014-08-04 06:05 - 00000154 _____ () C:\Users\LEAH\Downloads\Unconfirmed 121480.crdownload
2014-08-04 04:50 - 2014-08-04 04:50 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (10)
2014-08-04 04:12 - 2014-08-04 04:12 - 00000157 _____ () C:\Users\LEAH\Downloads\WLBidRequestHandler
2014-08-04 04:12 - 2014-08-04 04:12 - 00000157 _____ () C:\Users\LEAH\Downloads\if
2014-08-04 03:25 - 2014-08-04 03:24 - 00574412 _____ () C:\Users\LEAH\Downloads\37C7.tmp
2014-08-03 23:29 - 2014-08-03 23:29 - 00000148 _____ () C:\Users\LEAH\Downloads\Unconfirmed 514775.crdownload
2014-08-03 22:51 - 2014-08-03 22:51 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (9)
2014-08-03 22:37 - 2014-08-03 22:37 - 00000155 _____ () C:\Users\LEAH\Downloads\pixel (8)
2014-08-03 21:58 - 2014-08-03 21:58 - 00000155 _____ () C:\Users\LEAH\Downloads\adi
2014-08-03 21:19 - 2014-08-03 21:19 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (7)
2014-08-03 21:06 - 2014-08-03 21:06 - 00000148 _____ () C:\Users\LEAH\Downloads\index.php
2014-08-03 20:54 - 2014-08-03 20:54 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (6)
2014-08-03 20:46 - 2014-08-03 20:46 - 00000157 _____ () C:\Users\LEAH\Downloads\tcerider.php
2014-08-03 20:41 - 2014-08-03 20:41 - 00000157 _____ () C:\Users\LEAH\Downloads\pixel (5)
2014-08-03 19:26 - 2014-08-03 19:26 - 00000155 _____ () C:\Users\LEAH\Downloads\push (1)
2014-08-03 19:20 - 2014-08-03 19:20 - 00000148 _____ () C:\Users\LEAH\Downloads\push
2014-08-03 19:14 - 2014-08-03 19:14 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (4)
2014-08-03 18:59 - 2014-08-03 18:59 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (3)
2014-08-03 17:57 - 2014-08-03 17:57 - 00000156 _____ () C:\Users\LEAH\Downloads\Unconfirmed 307460.crdownload
2014-08-03 17:20 - 2014-08-03 17:20 - 00000156 _____ () C:\Users\LEAH\Downloads\pixel (2)
2014-08-03 16:34 - 2014-07-13 16:33 - 00000310 _____ () C:\Windows\SysWOW64\ff.bin
2014-08-03 16:32 - 2014-08-03 16:32 - 00000148 _____ () C:\Users\LEAH\Downloads\pixel (1)
2014-08-03 16:29 - 2014-06-13 12:14 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-07-31 18:41 - 2014-08-14 02:51 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-14 02:51 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 09:50 - 2014-07-31 09:50 - 00000157 _____ () C:\Users\LEAH\Downloads\v=5;m=3;l=45798;c=675832;b=2906061;ts=20140731105033;r=http---www.lifescript.com-health-centers-adhd_pediatric-tips-10_easy_tips_to_pare.aspx-utm_source=adon&utm_medium=cpc&utm_content=114426_1829_173&utm_campaign=adhd_child
2014-07-29 18:20 - 2013-04-19 23:33 - 00000000 ____D () C:\Windows\Minidump
2014-07-28 02:35 - 2014-07-28 02:35 - 00000155 _____ () C:\Users\LEAH\Downloads\v=5;m=3;l=37851;c=675832;b=2906063;ts=20140728033506;r=http---showadsak.pubmatic.com-AdServer-AdServerServlet-pubId=30062&siteId=40976&adId=63416&kadwidth=160&kadheight=600&SAVersion=2&js=1&kdntu.9361560686957091&pmUniAdId=0
2014-07-25 15:52 - 2013-03-13 12:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 15:52 - 2013-03-13 12:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 09:52 - 2014-08-14 02:51 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 09:02 - 2014-08-14 02:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 09:01 - 2014-08-14 02:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 08:51 - 2014-08-14 02:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 08:30 - 2014-08-14 02:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 08:28 - 2014-08-14 02:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 08:28 - 2014-08-14 02:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 08:25 - 2014-08-14 02:51 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-14 02:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 08:11 - 2014-08-14 02:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 08:10 - 2014-08-14 02:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 08:04 - 2014-08-14 02:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 08:03 - 2014-08-14 02:51 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 08:00 - 2014-08-14 02:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 08:00 - 2014-08-14 02:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 07:59 - 2014-08-14 02:51 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 07:47 - 2014-08-14 02:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 07:40 - 2014-08-14 02:51 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-14 02:51 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 07:34 - 2014-08-14 02:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 07:33 - 2014-08-14 02:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 07:30 - 2014-08-14 02:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-14 02:51 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 07:28 - 2014-08-14 02:51 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:21 - 2014-08-14 02:51 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 07:19 - 2014-08-14 02:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 07:18 - 2014-08-14 02:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 07:17 - 2014-08-14 02:51 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 07:17 - 2014-08-14 02:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 07:12 - 2014-08-14 02:51 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 07:10 - 2014-08-14 02:51 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 07:10 - 2014-08-14 02:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 07:08 - 2014-08-14 02:51 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-14 02:51 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-14 02:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-14 02:51 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-14 02:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-14 02:51 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-14 02:51 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 06:39 - 2014-08-14 02:51 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 06:36 - 2014-08-14 02:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 06:34 - 2014-08-14 02:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-14 02:51 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-14 02:51 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-14 02:51 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 06:07 - 2014-08-14 02:51 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 06:07 - 2014-08-14 02:51 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 06:03 - 2014-08-14 02:51 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-14 02:51 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 05:26 - 2014-08-14 02:51 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-14 02:51 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-14 02:51 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-14 02:51 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-14 02:51 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 03:02 - 2013-03-13 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-08 22:58
 
==================== End Of Log ============================
 
I hope this the right one... 

  • 0

Advertisements


#47
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see no reason as to why it is auto booting to safe mode

Could you press the windows and R key together
In the dialogue that opens type :

Msconfig

When the next window opens select the Boot tab and ensure that safe boot is not selected

Capture.JPG
  • 0

#48
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

don't understand to press the windows and the R key together...do you want me to reboot..


  • 0

#49
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

sorry i figure it out ... did that and what do you want me to click on start on normally mood


  • 0

#50
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

going to take it out of safe mood... it is check.....


  • 0

#51
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

do you  want me to restart....


  • 0

#52
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

going to restart....computer in order for changes to take place..


  • 0

#53
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

did restart and it did take it out of safe mode... the icons on task is relay small how do I change it....I am on a disability and on limited budget.. so what would you recommend for me to used for anti- virus..and mil ware...I don't have any money to buy anything... and I am thinking about taking the course.....   


  • 0

#54
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So the box was checked ?  Weird my logs should have shown that.. 
 
OK onwards and upwards
 
Right click the task bar and select properties
In the dialogue that opens ensure that use small icons is unticked
 
Capture.JPG
 
Does that cure that problem ?
 
OK for antivirus

Download Avast Free to your desktop

Run the downloaded file and select Custom install

Capture.JPG

Remove the ticks on the central element for :

Secure Line
Grime fighter


Then continue and install the programme. A reboot may be required
Be aware that the programme will speak to you if it detects a virus and when it updates :)

There is a small video here that will take you through registration it step by step


Once done could you let me know how the computer is behaving
  • 0

#55
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

Yes..you are the best.....


  • 0

Advertisements


#56
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

right now it is scanning.. now do you want me to keep ccleaner and anything else i have downloaded ... will this work on keeping my reg ok....


  • 0

#57
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I will remove my tools when you are happy with how the computer is running :)  Just let me know


  • 0

#58
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

it seems to be faster.... i ck my ccleaner and it did snow some issues.. do I removed. them....and keep my virus cleaner that i have now install on my cpu...


  • 0

#59
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What I will do now is remove my tools, do not use crapcleaner registry section just use it to remove temporary files

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

Then click OK (or press Enter ).
Wait for the uninstall process to complete.

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#60
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

so if you only want me to run ccleaner for to frem temp files... then what do you recommend to used for reg cleaner,.. at this time i am not able to pay for stuff....as far java don't I need to have it to used the internet...


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP