Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with removing Gameharbor pop-up!!


  • This topic is locked This topic is locked
4 replies to this topic

#1 KingTimbo

KingTimbo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 September 2014 - 03:00 PM

Hey guys,

 

Just going to start off saying that I'm new to the sire and hopefully you guys can help me out. I'm now a victim of the Gameharbor adware pop-up and I want it gone. It only pops on start up and never again. I've tried to locate the guy but have had no luck in trying to remove it manually. Anti-malware software won't do the trick. I've read some other posts on this site of others having the same problem, only to have it fixed by an individual who has fixlists.txt. I'm going to assume each fixlist is different for the user.

 

Here is my log from FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Andy (administrator) on ANDY-PC on 12-09-2014 12:54:17
Running from C:\Users\Andy\Desktop\frst
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek) C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtWLan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M90 Mouse\CorsTra.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [Corsair Garros] => C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe [1768960 2012-05-22] (Corsair Components  Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKU\S-1-5-21-4262929446-3380273396-1510540707-1000\...\Run: [GoogleQuery] => C:\Program Files (x86)\Deluge\gql.exe
HKU\S-1-5-21-4262929446-3380273396-1510540707-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Andy\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-4262929446-3380273396-1510540707-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4262929446-3380273396-1510540707-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-4262929446-3380273396-1510540707-1000\...\MountPoints2: {4c3cb71e-b144-11e2-b268-b61b4923904e} - E:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.18 64.59.150.134
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: rogers.com/firehorn -> C:\Program Files (x86)\Rogers\Rogers One Number\npRogersOneNumber64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR DefaultSearchKeyword: Default -> 8980452BFDF6581F3CBA6FF9C9225FED46FCCEE14CEEF7F10F3127474BE2AFE9
CHR DefaultSearchURL: Default -> BA073B5BEEF6226E3A8CD28434E9A8D73B2175E500188CD6974DFF7F3894DA25
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Dark atmosphere) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek [2014-01-08]
CHR Extension: (AdBlock) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-23]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Andy\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-06-26] (Perfect World Entertainment Inc)
R2 AsusSE; C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [36864 2012-03-20] (Realtek) [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 CORSGMS; C:\Windows\System32\drivers\CORSGMS.sys [25600 2012-03-27] ( )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2975960 2013-09-25] (Realtek Semiconductor Corporation                           )
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-12-15] (TENCENT) [File not signed]
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-07-09] (Rsupport Corporation)
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 sclbl; \??\C:\AeriaGames\ScarletBlade\avital\scarbt64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 12:48 - 2014-09-12 12:54 - 00000000 ____D () C:\FRST
2014-09-12 12:46 - 2014-09-12 12:54 - 00000000 ____D () C:\Users\Andy\Desktop\frst
2014-09-12 12:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-12 12:35 - 2014-09-12 12:36 - 00000000 ____D () C:\AdwCleaner
2014-09-12 12:35 - 2014-09-12 12:35 - 01373475 _____ () C:\Users\Andy\Downloads\adwcleaner_3.310.exe
2014-09-12 12:34 - 2014-09-12 12:35 - 00026585 _____ () C:\Users\Andy\Downloads\Addition.txt
2014-09-12 12:33 - 2014-09-12 12:35 - 00041974 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-09-12 12:24 - 2014-09-12 12:24 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-09-12 12:24 - 2014-09-12 12:24 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-09-12 10:51 - 2014-09-12 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 10:49 - 2014-09-12 10:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-12 00:56 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:56 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:56 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:56 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:56 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:56 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:56 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:56 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:56 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:56 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:56 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:56 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:56 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:56 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:56 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:56 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:56 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:56 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:56 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:56 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:56 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:56 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:56 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:56 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:56 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:56 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:56 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:56 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:56 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:56 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:56 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:56 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:56 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:56 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:56 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:56 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:56 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:56 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:56 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:56 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:56 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:56 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:56 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:56 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:56 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:56 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:56 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:56 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:56 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:56 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:56 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:56 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:56 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:56 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:56 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:56 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:51 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:51 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 20:42 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 20:42 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 20:42 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 20:42 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 20:42 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 20:42 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 20:42 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 20:42 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 20:42 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 20:42 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 20:42 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-06 13:35 - 2014-09-06 13:35 - 00000000 ____D () C:\Users\Andy\Documents\Electronic Arts
2014-09-06 13:30 - 2014-09-03 18:24 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-06 13:21 - 2014-09-06 13:21 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (3).torrent
2014-09-06 13:21 - 2014-09-06 13:21 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (2).torrent
2014-09-06 13:19 - 2014-09-06 13:19 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (1).torrent
2014-09-06 12:54 - 2014-09-09 09:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-06 12:45 - 2014-09-09 09:24 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-05 22:06 - 2014-09-06 13:22 - 00000000 ____D () C:\Users\Andy\Downloads\The SIMS 4 Deluxe Edition [L]
2014-09-05 22:03 - 2014-09-05 22:03 - 01942352 _____ (BitTorrent Inc.) C:\Users\Andy\Downloads\uTorrent (1).exe
2014-09-05 22:02 - 2014-09-05 22:02 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-03 23:21 - 2014-09-03 23:21 - 00000000 _____ () C:\Users\Andy\AppData\Local\{83D53D7A-ED99-4E29-8F21-AE3BF9FD6689}
2014-08-27 12:27 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 12:27 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 12:27 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 17:33 - 2014-08-22 17:34 - 00313875 _____ () C:\Users\Andy\Downloads\skse_1_07_01_installer (1).exe
2014-08-21 12:35 - 2014-08-21 12:35 - 00000000 ____D () C:\Users\Andy\AppData\Local\IsolatedStorage
2014-08-19 08:56 - 2014-08-19 08:56 - 00313875 _____ () C:\Users\Andy\Downloads\skse_1_07_01_installer.exe
2014-08-15 00:13 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 00:13 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 00:13 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 00:13 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 00:13 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 00:13 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 00:13 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 00:13 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 21:05 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 21:05 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 21:05 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 21:05 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 21:05 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 21:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 21:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 21:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 21:05 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 21:05 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 21:05 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 21:05 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 21:05 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 21:05 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 21:05 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 21:05 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 21:05 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 21:05 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 21:04 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 21:04 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 21:04 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 21:04 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 12:54 - 2014-09-12 12:48 - 00000000 ____D () C:\FRST
2014-09-12 12:54 - 2014-09-12 12:46 - 00000000 ____D () C:\Users\Andy\Desktop\frst
2014-09-12 12:53 - 2013-04-29 11:08 - 01614837 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 12:49 - 2013-04-29 22:59 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 12:49 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 12:49 - 2009-07-13 21:51 - 00116142 _____ () C:\Windows\setupact.log
2014-09-12 12:43 - 2013-04-29 22:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 12:37 - 2009-07-13 21:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 12:37 - 2009-07-13 21:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 12:36 - 2014-09-12 12:35 - 00000000 ____D () C:\AdwCleaner
2014-09-12 12:35 - 2014-09-12 12:35 - 01373475 _____ () C:\Users\Andy\Downloads\adwcleaner_3.310.exe
2014-09-12 12:35 - 2014-09-12 12:34 - 00026585 _____ () C:\Users\Andy\Downloads\Addition.txt
2014-09-12 12:35 - 2014-09-12 12:33 - 00041974 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-09-12 12:24 - 2014-09-12 12:24 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-09-12 12:24 - 2014-09-12 12:24 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-09-12 12:14 - 2010-11-20 20:47 - 00288430 _____ () C:\Windows\PFRO.log
2014-09-12 12:05 - 2013-09-14 13:41 - 00000000 ____D () C:\Nexon
2014-09-12 11:59 - 2013-12-16 11:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-12 10:51 - 2014-09-12 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 10:50 - 2014-09-12 10:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-12 00:55 - 2013-05-01 16:23 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:55 - 2009-07-13 22:13 - 00766336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:54 - 2013-08-14 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:51 - 2013-04-29 20:54 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 00:50 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 00:50 - 2013-04-30 08:21 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype
2014-09-09 09:24 - 2014-09-06 12:54 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-09 09:24 - 2014-09-06 12:45 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-09 09:24 - 2014-02-17 00:32 - 00000000 ____D () C:\ProgramData\Origin
2014-09-09 09:24 - 2013-07-18 22:43 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-09-08 20:43 - 2013-06-19 00:00 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-09-08 00:13 - 2013-05-04 22:26 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\uTorrent
2014-09-06 13:35 - 2014-09-06 13:35 - 00000000 ____D () C:\Users\Andy\Documents\Electronic Arts
2014-09-06 13:33 - 2014-06-17 18:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-06 13:22 - 2014-09-05 22:06 - 00000000 ____D () C:\Users\Andy\Downloads\The SIMS 4 Deluxe Edition [L]
2014-09-06 13:21 - 2014-09-06 13:21 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (3).torrent
2014-09-06 13:21 - 2014-09-06 13:21 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (2).torrent
2014-09-06 13:19 - 2014-09-06 13:19 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (1).torrent
2014-09-06 12:55 - 2014-02-17 00:33 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Origin
2014-09-05 22:03 - 2014-09-05 22:03 - 01942352 _____ (BitTorrent Inc.) C:\Users\Andy\Downloads\uTorrent (1).exe
2014-09-05 22:02 - 2014-09-05 22:02 - 00045189 _____ () C:\Users\Andy\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-04 19:10 - 2014-09-11 20:42 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 19:05 - 2014-09-11 20:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 23:29 - 2013-04-30 08:21 - 00000000 ____D () C:\ProgramData\Skype
2014-09-03 23:21 - 2014-09-03 23:21 - 00000000 _____ () C:\Users\Andy\AppData\Local\{83D53D7A-ED99-4E29-8F21-AE3BF9FD6689}
2014-09-03 18:24 - 2014-09-06 13:30 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-08-31 22:28 - 2013-07-02 01:31 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-08-28 09:59 - 2009-07-13 21:45 - 00270560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 18:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-22 19:07 - 2014-08-27 12:27 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 12:27 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 12:27 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 17:34 - 2014-08-22 17:33 - 00313875 _____ () C:\Users\Andy\Downloads\skse_1_07_01_installer (1).exe
2014-08-21 12:35 - 2014-08-21 12:35 - 00000000 ____D () C:\Users\Andy\AppData\Local\IsolatedStorage
2014-08-19 11:05 - 2014-09-12 00:56 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 10:39 - 2014-09-12 00:56 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 08:56 - 2014-08-19 08:56 - 00313875 _____ () C:\Users\Andy\Downloads\skse_1_07_01_installer.exe
2014-08-18 16:01 - 2014-09-12 00:56 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 15:49 - 2014-07-20 14:27 - 00000000 ____D () C:\Users\Andy\AppData\Local\Skyrim
2014-08-18 15:29 - 2014-09-12 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 15:29 - 2014-09-12 00:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 15:26 - 2014-09-12 00:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 15:20 - 2014-09-12 00:56 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 15:19 - 2014-09-12 00:56 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 15:15 - 2014-09-12 00:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 15:15 - 2014-09-12 00:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 15:14 - 2014-09-12 00:56 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 15:14 - 2014-09-12 00:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 15:08 - 2014-09-12 00:56 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 15:08 - 2014-09-12 00:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 15:08 - 2014-09-12 00:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 15:05 - 2014-09-12 00:56 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 15:03 - 2014-09-12 00:56 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 15:03 - 2014-09-12 00:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 15:03 - 2014-09-12 00:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 14:57 - 2014-09-12 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 14:56 - 2014-09-12 00:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 14:51 - 2014-09-12 00:56 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 14:46 - 2014-09-12 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 14:45 - 2014-09-12 00:56 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 14:45 - 2014-09-12 00:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 14:44 - 2014-09-12 00:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 14:44 - 2014-09-12 00:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 14:42 - 2014-09-12 00:56 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 14:40 - 2014-09-12 00:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 14:39 - 2014-09-12 00:56 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 14:39 - 2014-09-12 00:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 14:39 - 2014-09-12 00:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 14:38 - 2014-09-12 00:56 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 14:37 - 2014-09-12 00:56 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 14:36 - 2014-09-12 00:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 14:35 - 2014-09-12 00:56 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 14:27 - 2014-09-12 00:56 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 14:25 - 2014-09-12 00:56 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 14:25 - 2014-09-12 00:56 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 14:23 - 2014-09-12 00:56 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 14:23 - 2014-09-12 00:56 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 14:22 - 2014-09-12 00:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 14:19 - 2014-09-12 00:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 14:17 - 2014-09-12 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 14:17 - 2014-09-12 00:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 14:16 - 2014-09-12 00:56 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 14:15 - 2014-09-12 00:56 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 14:15 - 2014-09-12 00:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 14:09 - 2014-09-12 00:56 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 14:08 - 2014-09-12 00:56 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 14:07 - 2014-09-12 00:56 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 13:55 - 2014-09-12 00:56 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 13:46 - 2014-09-12 00:56 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 13:38 - 2014-09-12 00:56 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 13:38 - 2014-09-12 00:56 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 13:36 - 2014-09-12 00:56 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 15:52 - 2014-06-10 22:08 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-08-16 15:52 - 2013-05-03 09:03 - 00000000 ____D () C:\Users\Andy\AppData\Local\TERA
2014-08-16 15:50 - 2013-11-23 20:41 - 00000000 ____D () C:\AeriaGames
2014-08-16 15:49 - 2013-09-04 23:37 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-15 22:01 - 2013-05-01 18:15 - 00215304 _____ () C:\Windows\DirectX.log
2014-08-15 08:13 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\00ca05f472a878cee41a7ab7ccc2319b.dll
C:\Users\Andy\AppData\Local\Temp\5095bd2e69e781acebc42000c42f917b.dll
C:\Users\Andy\AppData\Local\Temp\5ceqkf0l.de3.exe
C:\Users\Andy\AppData\Local\Temp\5eba75caa6aa42293a6b8c34689e53ec.dll
C:\Users\Andy\AppData\Local\Temp\8b2c03b16a6698ccecc43dd381d770f4.dll
C:\Users\Andy\AppData\Local\Temp\AutoUI.exe
C:\Users\Andy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Andy\AppData\Local\Temp\bdfilters.dll
C:\Users\Andy\AppData\Local\Temp\bitool.dll
C:\Users\Andy\AppData\Local\Temp\BRSVC_23065028_hlp.exe
C:\Users\Andy\AppData\Local\Temp\d71a00ef80ae1d9c4a627715bf66d14d.dll
C:\Users\Andy\AppData\Local\Temp\DXSETUP.exe
C:\Users\Andy\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Andy\AppData\Local\Temp\f9500ca3762f1a40bb6a8af4da6ab909.dll
C:\Users\Andy\AppData\Local\Temp\Hawt.dll
C:\Users\Andy\AppData\Local\Temp\hcuninstaller_20130510_213850_3904.exe
C:\Users\Andy\AppData\Local\Temp\jansi-32-git-MCPC-Plus-jenkins-MCPC-Plus-112.dll
C:\Users\Andy\AppData\Local\Temp\NGM.exe
C:\Users\Andy\AppData\Local\Temp\NGMDll.dll
C:\Users\Andy\AppData\Local\Temp\NGMResource.dll
C:\Users\Andy\AppData\Local\Temp\NGMSetup.exe
C:\Users\Andy\AppData\Local\Temp\raptrpatch.exe
C:\Users\Andy\AppData\Local\Temp\raptr_stub.exe
C:\Users\Andy\AppData\Local\Temp\riftuninstall.exe
C:\Users\Andy\AppData\Local\Temp\Samsung_MonSetup.exe
C:\Users\Andy\AppData\Local\Temp\Samsung_MonSetup_091006.exe
C:\Users\Andy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andy\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Andy\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Andy\AppData\Local\Temp\tbuTor.dll
C:\Users\Andy\AppData\Local\Temp\unicows.dll
C:\Users\Andy\AppData\Local\Temp\Uninstaller-2580.exe
C:\Users\Andy\AppData\Local\Temp\Uninstaller-4276.exe
C:\Users\Andy\AppData\Local\Temp\Uninstaller-5020.exe
C:\Users\Andy\AppData\Local\Temp\Uninstaller-6012.exe
C:\Users\Andy\AppData\Local\Temp\utt5A55.tmp.exe
C:\Users\Andy\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Andy\AppData\Local\Temp\winzip170-64ml_wrapped.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 18:50
 
==================== End Of Log ============================

 

 

 

And please find attached a copy of my addition.txt

 

 

It would be amazing to get this guy off my computer!

 

 

Thanks in advance!

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 13 September 2014 - 07:11 AM

Hi,

this is your fixlist:


Please download this attached Attached File  fixlist.txt   151bytes   7 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 KingTimbo

KingTimbo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 13 September 2014 - 10:13 AM

It worked!

 

But I am curious as to how this fixes the problem. What does the fixlist do?



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 13 September 2014 - 11:25 AM

The fixlist provided the instructions for FRST to delete the registry value that was responsible for this pop-up to appear at start up.
Update Flashplayer and Java.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 19 September 2014 - 03:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users