Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Keep getting popups with Shopper Master and Lucky Shopper

Started by sdrspudman , Mar 06 2015 05:03 PM

  • This topic is locked This topic is locked

#46
sdrspudman
Posted 25 March 2015 - 04:19 PM

sdrspudman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by lawill (administrator) on THEBIFF on 25-03-2015 18:11:26
Running from C:\Users\lawill\Desktop
Loaded Profiles: lawill (Available profiles: lawill)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\3.0.259.1\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-06-11] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-06-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-06-11] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\...\Run: [CCleaner Monitoring] => C:\PROGRAM FILES\CCLEANER\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2025283895-1953685814-2999071867-1001 -> DefaultScope {A2E5F672-55A5-45E6-87EE-E699CA5DE3E9} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2025283895-1953685814-2999071867-1001 -> {A2E5F672-55A5-45E6-87EE-E699CA5DE3E9} URL = http://www.bing.com/...q={searchTerms}
BHO-x32: Roaming Rate -> {8d0ea870-e492-4825-a734-a0ed7d65882a} -> C:\Program Files (x86)\Roaming Rate\Extensions\8d0ea870-e492-4825-a734-a0ed7d65882a.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.170.153.146
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-11]
 
Chrome: 
=======
CHR Profile: C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
CHR Extension: (YouTube) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (SiteAdvisor) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-12]
CHR Extension: (Roaming Rate) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakbbjdafppanhjenjdgalacpbpeplgh [2015-03-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\lawill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0128431427321498mcinstcleanup; C:\windows\TEMP\012843~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-06-11] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-06-11] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-06-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-13] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-23] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 18:11 - 2015-03-25 18:12 - 00016515 _____ () C:\Users\lawill\Desktop\FRST.txt
2015-03-25 18:08 - 2015-03-25 18:11 - 00000000 ____D () C:\FRST
2015-03-25 18:08 - 2015-03-25 18:08 - 02095616 _____ (Farbar) C:\Users\lawill\Desktop\FRST64.exe
2015-03-25 00:40 - 2015-03-25 00:40 - 00001147 _____ () C:\DelFix1.txt
2015-03-25 00:39 - 2015-03-25 00:39 - 00000761 _____ () C:\Users\lawill\Desktop\DelFix.txt
2015-03-25 00:34 - 2015-03-25 00:39 - 00000761 _____ () C:\DelFix.txt
2015-03-15 13:48 - 2015-03-15 13:48 - 00000837 _____ () C:\Users\lawill\Desktop\checkup.txt
2015-03-13 02:48 - 2015-03-25 18:04 - 01963079 _____ () C:\windows\WindowsUpdate.log
2015-03-13 02:07 - 2015-03-25 00:55 - 00001689 _____ () C:\windows\setupact.log
2015-03-13 02:07 - 2015-03-13 02:20 - 00019984 _____ () C:\windows\PFRO.log
2015-03-13 02:07 - 2015-03-13 02:07 - 00000000 _____ () C:\windows\setuperr.log
2015-03-12 23:52 - 2015-03-12 23:52 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-12 23:06 - 2015-03-25 18:04 - 00075759 _____ () C:\Users\lawill\AppData\Local\BTServer.log
2015-03-12 22:55 - 2015-03-22 22:02 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 22:55 - 2015-03-12 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-12 22:54 - 2015-03-25 18:04 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 22:54 - 2015-03-25 00:59 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 22:54 - 2015-03-12 22:54 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-12 22:54 - 2015-03-12 22:54 - 00003650 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-12 22:53 - 2015-03-12 22:54 - 00000000 ____D () C:\Users\lawill\AppData\Local\Deployment
2015-03-12 22:53 - 2015-03-12 22:53 - 00000000 ____D () C:\Users\lawill\AppData\Local\Apps\2.0
2015-03-12 20:53 - 2015-03-12 20:53 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-12 10:12 - 2015-03-12 10:12 - 00000000 ____D () C:\ProgramData\InstallSightSDK
2015-03-12 10:11 - 2015-03-13 02:07 - 00000000 ____D () C:\ProgramData\NMfqFQ
2015-03-12 10:11 - 2015-03-13 02:01 - 00000000 ____D () C:\ProgramData\WebGuard
2015-03-12 10:01 - 2015-03-12 10:01 - 00004900 _____ () C:\Users\lawill\Documents\bookmarks_3_12_15.html
2015-03-11 21:35 - 2015-03-11 21:35 - 00000273 _____ () C:\Users\lawill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-03-11 17:15 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-03-11 17:15 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-03-11 17:11 - 2015-02-06 19:09 - 00396419 _____ () C:\windows\system32\ApnDatabase.xml
2015-03-11 17:11 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-03-11 17:11 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-03-11 17:11 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-03-11 17:11 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
2015-03-11 17:11 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
2015-03-11 17:11 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\windows\system32\calc.exe
2015-03-11 17:11 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\windows\SysWOW64\calc.exe
2015-03-11 17:06 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 17:06 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 17:06 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 17:06 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 17:06 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 17:06 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 17:06 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 17:06 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-03-11 17:06 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-03-11 17:06 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\windows\system32\photowiz.dll
2015-03-11 17:06 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\windows\SysWOW64\photowiz.dll
2015-03-11 17:06 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 17:06 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 17:06 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 17:06 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 17:06 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 17:06 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 17:05 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-03-11 17:05 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-03-11 17:05 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-03-11 17:05 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 17:05 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2015-03-11 17:05 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
2015-03-11 17:05 - 2015-01-29 23:00 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rfcomm.sys
2015-03-11 17:05 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll
2015-03-11 17:05 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll
2015-03-11 17:05 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc42u.dll
2015-03-11 17:05 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc42.dll
2015-03-11 17:05 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\atlthunk.dll
2015-03-11 17:05 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-03-11 17:05 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2015-03-11 17:05 - 2014-10-28 22:46 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2015-03-11 17:05 - 2014-10-28 22:46 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2015-03-11 17:05 - 2014-10-28 22:45 - 01198080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-03-11 17:05 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\printui.exe
2015-03-11 17:05 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-03-11 17:05 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\findnetprinters.dll
2015-03-11 17:05 - 2014-10-28 22:03 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe
2015-03-11 17:05 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\printui.exe
2015-03-11 17:05 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\windows\SysWOW64\compstui.dll
2015-03-11 17:05 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-03-11 17:05 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2015-03-11 17:05 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\windows\SysWOW64\findnetprinters.dll
2015-03-11 17:05 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\atlthunk.dll
2015-03-11 17:05 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-03-11 17:05 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2015-03-11 17:05 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2015-03-11 17:05 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2015-03-11 17:05 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2015-03-11 17:05 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2015-03-11 17:04 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 17:04 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 17:04 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-03-11 17:04 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-03-11 17:04 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-03-11 17:04 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-03-11 17:04 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 17:04 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-03-11 17:04 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-03-11 17:04 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\StorageContextHandler.dll
2015-03-11 17:04 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\windows\SysWOW64\StorageContextHandler.dll
2015-03-11 17:04 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WSCollect.exe
2015-03-11 17:04 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\WSReset.exe
2015-03-11 17:04 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2015-03-11 17:04 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-11 17:03 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 17:03 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\eappgnui.dll
2015-03-11 17:03 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappgnui.dll
2015-03-11 17:03 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\eapp3hst.dll
2015-03-11 17:03 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\eapphost.dll
2015-03-11 17:03 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\windows\SysWOW64\eapp3hst.dll
2015-03-11 17:03 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\windows\SysWOW64\eapphost.dll
2015-03-11 17:03 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\eappcfg.dll
2015-03-11 17:03 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappcfg.dll
2015-03-11 17:03 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-11 17:03 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-11 17:03 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 17:03 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
2015-03-11 17:03 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\eappprxy.dll
2015-03-11 17:03 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappprxy.dll
2015-03-11 17:01 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 17:01 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 17:01 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 17:01 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-03-11 17:01 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 17:01 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 17:01 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 17:01 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 17:01 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 17:01 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 17:01 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-11 17:01 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 17:01 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 17:01 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 17:01 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-03-11 17:01 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 17:01 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 17:01 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 17:01 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-03-11 17:01 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-03-11 17:01 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-03-11 17:01 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 17:01 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 17:01 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 17:01 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 17:01 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 17:01 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-03-11 17:01 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-03-11 17:01 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 17:01 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-03-11 17:01 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 17:01 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 17:01 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 17:01 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 17:01 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 17:01 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 17:01 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 17:01 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 17:01 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 17:01 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 17:01 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 17:01 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 17:01 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-11 17:01 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\windows\explorer.exe
2015-03-11 17:01 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2015-03-11 17:00 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2015-03-11 17:00 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2015-03-11 17:00 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 17:00 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 17:00 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\windows\system32\LockScreenContentServer.exe
2015-03-10 06:49 - 2015-03-10 06:49 - 00001046 _____ () C:\Users\lawill\Desktop\MBytes.txt
2015-03-09 17:32 - 2015-03-11 19:07 - 00000020 _____ () C:\Users\lawill\AppData\Roaming\appdataFr3.bin
2015-03-08 23:01 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-03-08 23:01 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-03-08 23:01 - 2014-12-11 20:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-03-08 23:01 - 2014-12-08 21:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-03-07 17:56 - 2015-03-07 18:07 - 00000000 ____D () C:\Users\lawill\Desktop\FRST
2015-03-06 17:50 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-03-06 17:50 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-03-06 17:50 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-03-06 17:50 - 2014-12-13 17:28 - 00513488 _____ () C:\windows\SysWOW64\locale.nls
2015-03-06 17:50 - 2014-12-13 17:28 - 00513488 _____ () C:\windows\system32\locale.nls
2015-03-06 17:50 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2015-03-06 17:50 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2015-03-06 17:50 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2015-03-06 17:50 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2015-03-06 17:36 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-06 17:36 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-06 17:36 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-03-06 17:36 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-03-06 17:36 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-06 17:36 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-06 17:36 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-03-06 17:36 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-03-06 17:36 - 2014-10-28 22:51 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-06 17:36 - 2014-10-28 22:50 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-06 17:36 - 2014-10-28 22:06 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-06 17:36 - 2014-10-28 22:06 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-06 17:36 - 2014-10-28 22:02 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-03-06 17:36 - 2014-10-28 22:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-03-06 17:36 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-03-06 17:36 - 2014-10-28 21:31 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-06 17:36 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-03-06 17:36 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-03-06 17:36 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-03-06 17:36 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-03-06 17:36 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-03-06 17:35 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-06 17:35 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-06 17:20 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 18:11 - 2014-06-11 16:04 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-25 18:09 - 2014-12-08 14:01 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2025283895-1953685814-2999071867-1001
2015-03-25 18:05 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
2015-03-25 01:29 - 2014-06-11 15:30 - 02022368 _____ () C:\Users\Public\CAFADEBUG.log
2015-03-23 18:15 - 2014-03-18 05:53 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-23 18:11 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-23 18:09 - 2014-06-11 16:17 - 00002560 _____ () C:\windows\system32\VfService.trf
2015-03-23 18:09 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-23 18:08 - 2013-08-22 11:36 - 00000000 ___RD () C:\windows\ToastData
2015-03-23 18:08 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-23 18:08 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-23 18:08 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-23 18:08 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\WinStore
2015-03-23 18:08 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-23 18:08 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-22 21:13 - 2013-08-22 11:20 - 00000000 ____D () C:\windows\CbsTemp
2015-03-22 21:11 - 2014-12-29 11:31 - 00000000 ____D () C:\windows\system32\MRT
2015-03-22 21:04 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-03-22 17:55 - 2014-12-29 11:31 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-15 13:52 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
2015-03-13 02:48 - 2014-12-08 13:54 - 00000000 ____D () C:\Users\lawill
2015-03-13 00:39 - 2014-12-09 13:31 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 22:55 - 2014-12-08 14:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-12 22:46 - 2013-08-22 10:44 - 00346744 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-12 18:52 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\GroupPolicy
2015-03-12 10:38 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\rescache
2015-03-06 17:20 - 2015-01-11 22:12 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-06 17:19 - 2013-08-22 11:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2015-03-06 17:18 - 2014-06-11 16:04 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-06 14:29 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\Vss
2015-03-04 19:01 - 2015-02-03 12:37 - 00000000 ____D () C:\Program Files (x86)\The Fancy Pants Adventure World 1
2015-03-04 17:24 - 2014-12-29 17:39 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2014-12-29 17:39 - 00178144 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-03-09 17:32 - 2015-03-11 19:07 - 0000020 _____ () C:\Users\lawill\AppData\Roaming\appdataFr3.bin
2015-03-12 23:06 - 2015-03-25 18:04 - 0075759 _____ () C:\Users\lawill\AppData\Local\BTServer.log
2015-03-12 23:52 - 2015-03-12 23:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\lawill\AppData\Local\Temp\obexpf.dll
C:\Users\lawill\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-22 22:04
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by lawill at 2015-03-25 18:14:09
Running from C:\Users\lawill\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.17 - Lenovo)
Energy Manager (x32 Version: 1.5.0.17 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.0 - Lenovo) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.5 - Stoneware, Inc.)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.806.012214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2025283895-1953685814-2999071867-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
25-03-2015 00:38:22 End of disinfection
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-03-12 23:04 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2F981AC6-A603-4595-B7A3-1B98F4F17C7C} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {3CDFB379-E4C0-4E0F-BAFA-46C0B5FA1227} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {5D8BE535-9CB8-4576-B14A-EE59A8A242D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {6375C7CE-03A2-47B9-B097-7C522F379641} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {65D425EF-EF8E-4E3C-B47B-A004FA365008} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {7ADD6FE8-D926-456F-B251-239BCCB61DB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {889776D6-5E25-4381-938E-D16B8770881E} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {A05659C9-EEA2-4A1D-A593-8B352EFEC3DF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-23] (Synaptics Incorporated)
Task: {B2366A21-F746-44CC-AD1F-D37F7FEC8362} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-03-22] (Microsoft Corporation)
Task: {E2EB359A-5F5F-48F5-833A-DF67F36FA01E} - System32\Tasks\CCleanerSkipUAC => C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE [2014-11-21] (Piriform Ltd)
Task: {ED6DB43E-E3E4-456E-8C4E-DBF95F904D30} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {F109A2DE-FCD1-481B-9084-A64CA1479174} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-06-11 15:34 - 2014-01-22 17:04 - 00084992 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-06-11 16:10 - 2012-04-24 22:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-11 16:17 - 2014-06-11 16:17 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-06-11 16:17 - 2014-06-11 16:17 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-06-11 15:30 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-03-12 04:37 - 2014-03-07 12:21 - 00080312 _____ () C:\windows\system32\igfxexps.dll
2015-03-22 22:01 - 2015-03-14 06:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-22 22:01 - 2015-03-14 06:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-22 22:01 - 2015-03-14 06:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-22 22:01 - 2015-03-14 06:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1 - 216.170.153.146
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\...\StartupApproved\Run: => "Pokki"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2025283895-1953685814-2999071867-500 - Administrator - Disabled)
Guest (S-1-5-21-2025283895-1953685814-2999071867-501 - Limited - Disabled)
lawill (S-1-5-21-2025283895-1953685814-2999071867-1001 - Administrator - Enabled) => C:\Users\lawill
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/25/2015 00:24:44 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (03/23/2015 06:11:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (03/23/2015 06:11:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (03/15/2015 07:17:03 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application
 
 
Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
 
Error: (03/13/2015 02:06:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
 
System errors:
=============
Error: (03/25/2015 06:11:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%1053
 
Error: (03/25/2015 06:11:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.
 
Error: (03/25/2015 06:11:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
%%1
 
Error: (03/25/2015 01:14:36 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
 
Error: (03/25/2015 01:14:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
 
Error: (03/25/2015 01:14:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
 
Error: (03/25/2015 01:14:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
 
Error: (03/25/2015 01:14:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
 
Error: (03/25/2015 01:14:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
 
Error: (03/25/2015 01:14:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
 
 
Microsoft Office Sessions:
=========================
Error: (03/25/2015 00:24:44 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (03/23/2015 06:11:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (03/23/2015 06:11:15 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (03/15/2015 07:17:03 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer
 
Error: (03/13/2015 02:06:45 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Context: Windows Application
 
 
Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer
 
Error: (03/13/2015 02:06:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 68%
Total physical RAM: 1931.21 MB
Available physical RAM: 600.39 MB
Total Pagefile: 3275.21 MB
Available Pagefile: 1726.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:257.15 GB) (Free:232.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9A32C9E9)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

Advertisements

#47
zep516
Posted 25 March 2015 - 09:03 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Roaming Rate -> {8d0ea870-e492-4825-a734-a0ed7d65882a} -> C:\Program Files (x86)\Roaming Rate\Extensions\8d0ea870-e492-4825-a734-a0ed7d65882a.dll No File
2015-03-12 10:11 - 2015-03-13 02:01 - 00000000 ____D () C:\ProgramData\WebGuard
C:\Users\lawill\AppData\Local\Temp\obexpf.dll
C:\Users\lawill\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Reset your browser settings for Chrome.
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings, click Reset settings.
5.In the dialog that appears, click Reset.

In your next reply post;
Fixlog.txt. That will be found on desktop

Thanks
Joe :)
  • 0

#48
sdrspudman
Posted 26 March 2015 - 12:59 PM

sdrspudman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by lawill at 2015-03-26 14:46:55 Run:1
Running from C:\Users\lawill\Desktop
Loaded Profiles: lawill (Available profiles: lawill)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Roaming Rate -> {8d0ea870-e492-4825-a734-a0ed7d65882a} -> C:\Program Files (x86)\Roaming Rate\Extensions\8d0ea870-e492-4825-a734-a0ed7d65882a.dll No File
2015-03-12 10:11 - 2015-03-13 02:01 - 00000000 ____D () C:\ProgramData\WebGuard
C:\Users\lawill\AppData\Local\Temp\obexpf.dll
C:\Users\lawill\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2025283895-1953685814-2999071867-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d0ea870-e492-4825-a734-a0ed7d65882a}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8d0ea870-e492-4825-a734-a0ed7d65882a}" => Key deleted successfully.
C:\ProgramData\WebGuard => Moved successfully.
C:\Users\lawill\AppData\Local\Temp\obexpf.dll => Moved successfully.
C:\Users\lawill\AppData\Local\Temp\sqlite3.dll => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 169.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:47:58 ====

  • 0

#49
sdrspudman
Posted 27 March 2015 - 11:45 AM

sdrspudman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

I"ve brought up the PC 4 times with no ads...so far so good.......and again....THANK YOU !!


  • 0

#50
zep516
Posted 27 March 2015 - 12:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello;

When time permits please run the online ESET scan. This scan could take a long time. This scan will also find items we have already taken care of too.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET scan results in your next reply.

Thanks
Joe :)
  • 0

#51
sdrspudman
Posted 27 March 2015 - 06:04 PM

sdrspudman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

  • 0

#52
zep516
Posted 29 March 2015 - 10:46 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

I think we can clean up our tools now. This exercise will remove all malware tools and log files. It will also clear out restore points and create a new one.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Thanks
Joe :)
  • 0

#53
sdrspudman
Posted 30 March 2015 - 09:28 PM

sdrspudman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
# DelFix v10.9 - Logfile created 30/03/2015 at 23:25:20
# Updated 27/02/2015 by Xplode
# Username : lawill - THEBIFF
# Operating System : Windows 8.1 Connected  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\Users\lawill\Desktop\Addition.txt
Deleted : C:\Users\lawill\Desktop\Fixlog.txt
Deleted : C:\Users\lawill\Desktop\FRST.txt
Deleted : C:\Users\lawill\Desktop\FRST64.exe
 
~ Cleaning system restore ...
 
Deleted : RP #22 [End of disinfection | 03/25/2015 04:38:22]
Deleted : RP #24 [Restore Point Created by FRST | 03/26/2015 18:46:59]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#54
zep516
Posted 14 April 2015 - 10:22 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

 

Thanks
Joe :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP