Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST Log: Slow Computer with SweetIM Toolbar and Other Adware or Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 DearWatson

DearWatson

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 19 March 2015 - 10:31 PM

Hello,

 

Yesterday, my wife reported to me that her Windows 7 laptop was running slowly, and in my infinite wisdom, I ran a few of the standard cleaning programs (Malwarebytes, SpyBot, AdwCleaner, CCleaner, etc.) and found that there were some problems with adware and malware on the machine.  The one I recognized was SweetIM toolbar, but there were others as well.  I've run scans and cleaned the computer several times, but I'm sure that I haven't taken care of everything.

 

Below, I've posted an FRST log for the computer.  If someone could please take a look at this and provide any guidance for how to proceed from here, I'd greatly appreciate it.  Thank you for your help.

 

---

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Laura (administrator) on LAURA-PC on 19-03-2015 21:42:31
Running from C:\Users\Laura\Downloads
Loaded Profiles: Laura (Available profiles: Laura)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5728624 2015-03-11] (Box, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-849771209-2680076823-3672445544-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-849771209-2680076823-3672445544-1000\...\Run: [GoogleChromeAutoLaunch_4A482ADE7BA14BD80C73B5D8EC859C6B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-849771209-2680076823-3672445544-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-849771209-2680076823-3672445544-1000 -> {9334D0B6-A317-44BF-B277-24D21F546365} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLD_en
SearchScopes: HKU\S-1-5-21-849771209-2680076823-3672445544-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-26] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-849771209-2680076823-3672445544-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-849771209-2680076823-3672445544-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-849771209-2680076823-3672445544-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-849771209-2680076823-3672445544-1000: @talk.google.com/O1DPlugin -> C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-849771209-2680076823-3672445544-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laura\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-849771209-2680076823-3672445544-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laura\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Laura\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laura\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\dictionarycom.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\etsy.xml [2011-11-30]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\facebook.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\google-images.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\imdb.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\iucat-author-search.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\iucat-keyword-search.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\iucat-title-search.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\jstor.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\mla-international.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\netflix.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\newegg.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\oed.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\tastespotting.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\weather-channel.xml [2011-12-02]
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\searchplugins\youtube.xml [2011-12-02]
FF Extension: IE Tab + - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\coralietab@mozdev.org [2011-12-02]
FF Extension: Lightshot (screenshot tool) - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-06]
FF Extension: Add to Search Bar - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2011-11-30]
FF Extension: SearchLoad Options - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\searchloadoptions@esteban.torres.xpi [2011-12-02]
FF Extension: WiseStamp - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\wisestamp@wisestamp.com.xpi [2011-12-02]
FF Extension: Session Manager - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-12-02]
FF Extension: Facebook PhotoZoom - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi [2011-12-02]
FF Extension: Adblock Plus - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\1bj54n8n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2011-11-30]
CHR Extension: (Google Drive) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-05-29]
CHR Extension: (Adblock Plus) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-13]
CHR Extension: (Webpage Screenshot) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2011-11-30]
CHR Extension: (Adblock for Youtube™) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-01-21]
CHR Extension: (Session Buddy) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2011-11-30]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-03-13]
CHR Extension: (SimpleUndoClose) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhohdghchmjepmigjojkehidlielknj [2014-04-13]
CHR Extension: (IE Tab) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2011-11-30]
CHR Extension: (Universal Search & IE8 Accelerators) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmcgifbelcmjecmkapejifljephjabjd [2011-11-30]
CHR Extension: (Google Play Music) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2011-12-07]
CHR Extension: (Chromepad) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodgendbhboaendecabighpnngpodeij [2011-11-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Clickable Links) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2011-11-30]
CHR Extension: (TheKnot) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndboimgjimmfcgcphneepkoffoelkiio [2012-07-19]
CHR Extension: (Google Wallet) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Elegant Calculator) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\oimhajmcdpnegdjkhihjfjciigahabcn [2011-11-30]
CHR HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ndboimgjimmfcgcphneepkoffoelkiio] - C:\Users\Laura\AppData\Local\CRE\ndboimgjimmfcgcphneepkoffoelkiio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ndboimgjimmfcgcphneepkoffoelkiio] - C:\Users\Laura\AppData\Local\CRE\ndboimgjimmfcgcphneepkoffoelkiio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pofhdgajlemdcnakaolfdejgepfdfpdh] - C:\ProgramData\SaveAs\pofhdgajlemdcnakaolfdejgepfdfpdh.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2015-02-10] (Box, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 21:42 - 2015-03-19 21:43 - 00027515 _____ () C:\Users\Laura\Downloads\FRST.txt
2015-03-19 21:42 - 2015-03-19 21:42 - 00000000 ____D () C:\FRST
2015-03-19 21:41 - 2015-03-19 21:41 - 02095616 _____ (Farbar) C:\Users\Laura\Downloads\FRST64.exe
2015-03-19 16:17 - 2015-03-19 16:17 - 00027196 _____ () C:\Users\Laura\Desktop\dds.txt
2015-03-19 16:17 - 2015-03-19 16:17 - 00008487 _____ () C:\Users\Laura\Desktop\attach.txt
2015-03-19 16:16 - 2015-03-19 16:16 - 00688992 ____R (Swearware) C:\Users\Laura\Downloads\dds.scr
2015-03-19 16:12 - 2015-03-19 16:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Laura\Downloads\tdsskiller.exe
2015-03-19 16:06 - 2015-03-19 16:06 - 00001393 _____ () C:\Users\Laura\Desktop\JRT.txt
2015-03-19 16:01 - 2015-03-19 16:01 - 01388672 _____ (Thisisu) C:\Users\Laura\Downloads\JRT.exe
2015-03-19 15:54 - 2015-03-19 15:59 - 00002120 _____ () C:\Users\Laura\Desktop\Rkill.txt
2015-03-19 15:53 - 2015-03-19 15:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Laura\Downloads\rkill.exe
2015-03-19 15:49 - 2015-03-19 16:21 - 00017028 _____ () C:\windows\PFRO.log
2015-03-19 15:49 - 2015-03-19 16:21 - 00000112 _____ () C:\windows\setupact.log
2015-03-19 15:49 - 2015-03-19 15:49 - 00000000 _____ () C:\windows\setuperr.log
2015-03-19 15:41 - 2015-03-19 15:47 - 00000000 ____D () C:\AdwCleaner
2015-03-19 15:41 - 2015-03-19 15:41 - 02171392 _____ () C:\Users\Laura\Downloads\AdwCleaner.exe
2015-03-19 06:13 - 2015-03-19 06:13 - 00021387 _____ () C:\ComboFix.txt
2015-03-19 05:40 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-19 05:40 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-19 05:40 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-19 05:40 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-19 05:40 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-19 05:40 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-19 05:40 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-19 05:40 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-19 05:37 - 2015-03-19 06:14 - 00000000 ____D () C:\Qoobox
2015-03-19 05:36 - 2015-03-19 06:07 - 00000000 ____D () C:\windows\erdnt
2015-03-19 05:29 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150319-052947.backup
2015-03-19 05:24 - 2015-03-19 05:24 - 05615380 ____R (Swearware) C:\Users\Laura\Downloads\ComboFix.exe
2015-03-19 04:33 - 2015-03-19 21:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-19 04:33 - 2015-03-19 04:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-19 04:33 - 2015-03-19 04:33 - 00001362 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-19 04:33 - 2015-03-19 04:33 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-19 04:33 - 2015-03-19 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-19 04:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-03-19 04:31 - 2015-03-19 04:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Laura\Downloads\spybot-2.4.exe
2015-03-18 21:20 - 2015-03-18 21:29 - 00000000 ____D () C:\Program Files (x86)\SlimComputer
2015-03-18 21:20 - 2015-03-18 21:20 - 00000000 ____D () C:\Users\Laura\AppData\Local\SlimWare Utilities Inc
2015-03-18 21:19 - 2015-03-18 21:19 - 00911680 _____ (SlimWare Utilities, Inc.) C:\Users\Laura\Downloads\SlimComputer-setup.exe
2015-03-18 21:19 - 2015-03-18 21:19 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-03-17 20:48 - 2015-03-19 01:52 - 00013000 _____ () C:\Users\Laura\Desktop\IW PRIZE APPS 2015.xlsx
2015-03-17 00:38 - 2015-03-17 00:38 - 00055846 _____ () C:\Users\Laura\Documents\cc_20150317_003822.reg
2015-03-17 00:26 - 2015-03-17 14:15 - 00000000 ___RD () C:\Users\Laura\Documents\Box Sync
2015-03-17 00:26 - 2015-03-17 00:26 - 00001569 _____ () C:\Users\Laura\Desktop\Box Sync.lnk
2015-03-17 00:17 - 2015-03-19 16:23 - 00000000 ____D () C:\Users\Laura\AppData\Local\Box Sync
2015-03-17 00:16 - 2015-03-18 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-03-17 00:15 - 2015-03-17 00:15 - 00000000 ____D () C:\Program Files\Box
2015-03-17 00:14 - 2015-03-17 00:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-17 00:11 - 2015-03-17 00:12 - 25790184 _____ (Box Inc.) C:\Users\Laura\Downloads\BoxSyncSetup.exe
2015-03-16 20:27 - 2015-03-17 19:31 - 00000000 ____D () C:\Users\Laura\Desktop\IW PRIZE 2015
2015-03-16 15:23 - 2015-03-17 19:31 - 00002969 _____ () C:\Users\Laura\Downloads\OutlookAttachView.cfg
2015-03-16 14:19 - 2015-03-16 14:19 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieBrowserModeList
2015-03-12 22:48 - 2015-03-16 14:54 - 00104544 _____ (NirSoft) C:\Users\Laura\Downloads\OutlookAttachView.exe
2015-03-12 22:48 - 2015-03-16 14:54 - 00026827 _____ () C:\Users\Laura\Downloads\readme.txt
2015-03-12 22:48 - 2015-03-16 14:54 - 00020514 _____ () C:\Users\Laura\Downloads\OutlookAttachView.chm
2015-03-10 22:57 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 22:57 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 22:57 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 22:57 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 22:57 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-10 22:57 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-10 22:57 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-10 22:57 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-10 22:57 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 22:57 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-10 22:57 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 22:57 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-10 22:57 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 22:57 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-10 22:57 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 22:57 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 22:57 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 22:57 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 22:57 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 22:57 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 22:57 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 22:57 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 22:57 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-10 22:57 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-10 22:57 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-10 22:57 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-10 22:57 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-10 22:57 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-10 22:57 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-10 22:57 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-10 22:57 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-10 22:57 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 22:57 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 22:57 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-10 22:57 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-10 22:56 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 22:56 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 22:56 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-10 22:55 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:55 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 22:55 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 22:55 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 22:55 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 22:55 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 22:55 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 22:55 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 22:55 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-10 22:55 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-10 22:55 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-10 22:55 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-10 22:55 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-10 22:55 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-10 22:55 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-10 22:55 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-10 22:55 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 22:55 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 22:55 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-10 22:55 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 22:54 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 22:54 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-10 22:54 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-10 22:54 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-10 22:54 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-10 22:54 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-10 22:54 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-10 22:54 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 22:54 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-10 22:54 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 22:54 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-10 22:54 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-10 22:54 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 22:54 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-10 22:54 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 22:54 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-10 22:54 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 22:54 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-10 22:54 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 22:54 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 22:54 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-10 22:54 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-10 22:54 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-10 22:54 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:54 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-10 22:54 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 22:54 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:54 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-10 22:54 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-10 22:54 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-10 22:54 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-10 22:54 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-10 22:54 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 22:54 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-10 22:54 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-10 22:54 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-10 22:54 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-10 22:54 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-10 22:54 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-10 22:54 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 22:54 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-10 22:54 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-10 22:54 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 22:54 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 22:54 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 22:54 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-10 22:54 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-10 22:54 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 22:54 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-10 22:54 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-10 22:54 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-10 22:54 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 22:54 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-10 22:54 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-10 22:54 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-10 22:54 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-10 22:54 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 22:54 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-10 22:54 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 22:54 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-10 22:53 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 22:53 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 22:53 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-10 09:53 - 2015-03-19 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-03 16:39 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-03 16:39 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-03 16:39 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-03 16:39 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-25 04:00 - 2015-01-08 19:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 04:00 - 2015-01-08 19:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-23 20:40 - 2015-03-15 19:58 - 00000000 ____D () C:\Users\Laura\Desktop\DESKTOP FOLDER
2015-02-18 21:39 - 2015-02-18 21:39 - 00000000 ____D () C:\Users\Laura\Desktop\New folder (2)
2015-02-18 21:39 - 2015-02-18 21:39 - 00000000 ____D () C:\Users\Laura\Desktop\Friends' Writing
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 21:25 - 2011-12-05 19:04 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849771209-2680076823-3672445544-1000UA.job
2015-03-19 21:16 - 2011-10-25 11:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 20:45 - 2012-12-13 12:55 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 19:42 - 2011-10-25 10:58 - 01867181 _____ () C:\windows\WindowsUpdate.log
2015-03-19 18:26 - 2011-10-25 11:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 16:29 - 2009-07-14 01:13 - 00786578 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-19 16:29 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 16:29 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 16:21 - 2011-10-25 11:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-19 16:21 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-19 06:14 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2015-03-19 05:55 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2015-03-19 05:37 - 2011-12-05 19:04 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849771209-2680076823-3672445544-1000Core.job
2015-03-19 05:01 - 2011-12-03 16:27 - 00000000 ____D () C:\Users\Laura\AppData\Local\CrashDumps
2015-03-19 02:00 - 2011-12-02 19:37 - 00000000 ____D () C:\Users\Laura\AppData\Local\Adobe
2015-03-18 21:33 - 2014-04-13 12:53 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 21:30 - 2011-12-08 19:52 - 00000000 ____D () C:\Users\Laura\AppData\Local\Spotify
2015-03-18 21:27 - 2011-12-08 19:52 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Spotify
2015-03-18 18:50 - 2011-11-30 13:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-18 02:26 - 2014-04-21 16:02 - 00000000 ____D () C:\Users\Laura\AppData\Local\IE Tab
2015-03-17 21:38 - 2013-04-29 18:48 - 00416256 ___SH () C:\Users\Laura\Desktop\Thumbs.db
2015-03-17 19:30 - 2012-08-22 20:11 - 00000000 ____D () C:\Users\Laura\Desktop\W202
2015-03-17 12:37 - 2012-01-10 11:42 - 00000000 ____D () C:\Users\Laura\Documents\CVs and Resumes
2015-03-16 15:17 - 2013-05-05 15:07 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\TeamViewer
2015-03-15 22:50 - 2014-03-19 23:19 - 00000000 ____D () C:\Users\Laura\Documents\Conference Papers
2015-03-11 04:36 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-03-11 03:47 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-11 03:47 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 03:46 - 2012-08-20 13:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-11 03:46 - 2009-07-14 00:45 - 00419384 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 03:42 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-11 03:42 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-11 03:20 - 2009-07-13 22:34 - 00000478 _____ () C:\windows\win.ini
2015-03-04 04:19 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-03-02 02:17 - 2012-01-17 20:55 - 00000000 ____D () C:\Users\Laura\Documents\CFPs 2012-2014

Some content of TEMP:
====================
C:\Users\Laura\AppData\Local\Temp\Quarantine.exe
C:\Users\Laura\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 00:48

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:02 AM

Posted 23 March 2015 - 07:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-849771209-2680076823-3672445544-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ndboimgjimmfcgcphneepkoffoelkiio] - C:\Users\Laura\AppData\Local\CRE\ndboimgjimmfcgcphneepkoffoelkiio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndboimgjimmfcgcphneepkoffoelkiio] - C:\Users\Laura\AppData\Local\CRE\ndboimgjimmfcgcphneepkoffoelkiio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pofhdgajlemdcnakaolfdejgepfdfpdh] - C:\ProgramData\SaveAs\pofhdgajlemdcnakaolfdejgepfdfpdh.crx [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 DearWatson

DearWatson
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 23 March 2015 - 11:52 PM

Hi nasdaq,

 

Thank you for your reply and your help!  I've followed your instructions, and I post the contents of the Fixlog.txt file below.  How does this look?

 

The computer seems to be running well so far.  It's not the speediest machine (I think RAM may account for that, though; only 4 GB on a Windows 7 64-bit system), but I'm not noticing any problems with internet browsers or running programs.  I'll certainly keep you posted.

 

Thank you again for your help with these issues.  I very much appreciate your advice.

 

---

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Laura at 2015-03-24 00:32:06 Run:1
Running from C:\Users\Laura\Downloads
Loaded Profiles: Laura (Available profiles: Laura)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-849771209-2680076823-3672445544-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ndboimgjimmfcgcphneepkoffoelkiio] - C:\Users\Laura\AppData\Local\CRE\ndboimgjimmfcgcphneepkoffoelkiio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndboimgjimmfcgcphneepkoffoelkiio] - C:\Users\Laura\AppData\Local\CRE\ndboimgjimmfcgcphneepkoffoelkiio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pofhdgajlemdcnakaolfdejgepfdfpdh] - C:\ProgramData\SaveAs\pofhdgajlemdcnakaolfdejgepfdfpdh.crx [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-849771209-2680076823-3672445544-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-849771209-2680076823-3672445544-1000\SOFTWARE\Google\Chrome\Extensions\ndboimgjimmfcgcphneepkoffoelkiio" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndboimgjimmfcgcphneepkoffoelkiio" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pofhdgajlemdcnakaolfdejgepfdfpdh" => Key deleted successfully.
catchme => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 00:32:24 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:02 AM

Posted 24 March 2015 - 08:10 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:02 AM

Posted 29 March 2015 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users