Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with CloudScout, keep seeing pop-ups!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Lisandre

Lisandre

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 10 August 2015 - 09:00 PM

I downloaded an unsafe program by mistake and now I am stuck with pop-ups all the time, false links and web sites in new windows that open randomly. It's always written under the adds : Adds by Cloudscout. Or sometimes a new window opens and a lady starts talking about something with the security system and I can't close the page unless I open the task manager.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by Lisandre (administrator) on LISANDRE-PC (10-08-2015 21:39:05)
Running from C:\Users\Lisandre\Downloads
Loaded Profiles: Lisandre (Available Profiles: Lisandre)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Google Inc.) C:\Users\Lisandre\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Users\Lisandre\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Users\Lisandre\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(Google Inc.) C:\Users\Lisandre\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Google Inc.) C:\Users\Lisandre\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisandre\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe --silent
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [agentantidote.exe] => C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe [943168 2012-02-22] (Druide informatique inc.)
HKLM-x32\...\Run: [agentantidote64.exe] => C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe [77888 2012-02-22] (Druide informatique inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3930916530-1330040173-1174263-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
AppInit_DLLs: C:\ProgramData\LolliScan\LolliScan64.dll => C:\ProgramData\LolliScan\LolliScan64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\LolliScan\LolliScan32.dll => "C:\ProgramData\LolliScan\LolliScan32.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-08-10]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Lisandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-01-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisandre\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50576;https=127.0.0.1:50576
HKU\S-1-5-21-3930916530-1330040173-1174263-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/fr/bienvenue
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3930916530-1330040173-1174263-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3930916530-1330040173-1174263-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{087B03C8-B4CE-422A-9850-831FFF2B355C}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-07] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-26] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-26] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll [2013-10-03] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Lisandre\AppData\Local\Hola\firefox_hola\app\vlc No File
FF Plugin HKU\S-1-5-21-3930916530-1330040173-1174263-1000: @hola.org/vlc,version=1.8.369 -> C:\Users\Lisandre\AppData\Local\Hola\firefox_hola\app\vlc No File
FF Plugin HKU\S-1-5-21-3930916530-1330040173-1174263-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lisandre\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3930916530-1330040173-1174263-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lisandre\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-11]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-01]
CHR Extension: (Google Drive) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-01]
CHR Extension: (YouTube) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-01]
CHR Extension: (Google Search) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-04-26]
CHR Extension: (AdBlock) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-26]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Lisandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKU\S-1-5-21-3930916530-1330040173-1174263-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
StartMenuInternet: Google Chrome - C:\Users\Lisandre\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-08] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-03] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-10-27] (Sony Mobile Communications)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 auueiidi; \??\C:\windows\system32\drivers\auueiidi.sys [X]
S3 cpuz134; \??\C:\Users\Lisandre\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-10 21:39 - 2015-08-10 21:40 - 00025751 _____ C:\Users\Lisandre\Downloads\FRST.txt
2015-08-10 21:38 - 2015-08-10 21:39 - 00000000 ____D C:\FRST
2015-08-10 21:36 - 2015-08-10 21:36 - 02171392 _____ (Farbar) C:\Users\Lisandre\Downloads\FRST64.exe
2015-08-10 21:24 - 2015-08-10 21:24 - 00001036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-08-10 20:52 - 2015-08-10 20:52 - 05490752 _____ (Secunia) C:\Users\Lisandre\Downloads\PSISetup (2).exe
2015-08-10 19:28 - 2015-08-10 19:28 - 05490752 _____ (Secunia) C:\Users\Lisandre\Downloads\PSISetup (1).exe
2015-08-10 19:28 - 2015-08-10 19:28 - 00000000 ____D C:\Users\Lisandre\AppData\Local\Secunia PSI
2015-08-10 19:28 - 2015-08-10 19:28 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-08-10 19:25 - 2015-08-10 19:26 - 05490752 _____ (Secunia) C:\Users\Lisandre\Downloads\PSISetup.exe
2015-08-10 19:07 - 2015-08-10 19:07 - 02248704 _____ C:\Users\Lisandre\Downloads\AdwCleaner.exe
2015-08-10 18:12 - 2015-08-10 21:34 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-10 18:11 - 2015-08-10 18:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-10 18:11 - 2015-08-10 18:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-10 18:11 - 2015-06-18 08:52 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-10 18:11 - 2015-06-18 08:52 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-10 18:11 - 2015-06-18 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-10 18:07 - 2015-08-10 18:07 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Lisandre\Downloads\mbam-setup.exe
2015-08-10 18:02 - 2015-08-10 18:04 - 00002038 _____ C:\Users\Lisandre\Desktop\Rkill.txt
2015-08-10 18:02 - 2015-08-10 18:02 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Lisandre\Downloads\iExplore.exe
2015-08-03 19:12 - 2015-08-03 19:12 - 00008450 _____ C:\windows\system32\.crusader
2015-08-03 18:34 - 2015-08-03 18:34 - 00001948 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-03 18:34 - 2015-08-03 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-03 18:34 - 2015-08-03 18:34 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-03 18:27 - 2015-08-03 18:29 - 11032736 _____ (SurfRight B.V.) C:\Users\Lisandre\Downloads\HitmanPro_x64.exe
2015-08-03 18:25 - 2015-08-03 19:13 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-03 18:25 - 2015-08-03 18:27 - 10113976 _____ (SurfRight B.V.) C:\Users\Lisandre\Downloads\HitmanPro (1).exe
2015-08-03 18:21 - 2015-08-03 18:23 - 10113976 _____ (SurfRight B.V.) C:\Users\Lisandre\Downloads\HitmanPro.exe
2015-08-03 18:06 - 2015-08-03 18:06 - 00772016 _____ (Reimage®) C:\Users\Lisandre\Downloads\ReimageRepair.exe
2015-08-01 21:07 - 2015-08-10 19:12 - 00000000 ____D C:\AdwCleaner
2015-08-01 21:06 - 2015-08-01 21:06 - 02248704 _____ C:\Users\Lisandre\Downloads\adwcleaner_4.208.exe
2015-08-01 20:54 - 2015-08-01 20:55 - 00000000 ____D C:\windows\system32\MpEngineStore
2015-08-01 17:46 - 2015-08-01 17:46 - 00000000 ____D C:\Users\Lisandre\AppData\Roaming\QuickScan
2015-08-01 17:42 - 2015-08-01 17:57 - 190808856 _____ (Microsoft Corporation) C:\Users\Lisandre\Downloads\msert (1).exe
2015-08-01 17:32 - 2015-08-01 17:40 - 187753240 _____ (Microsoft Corporation) C:\Users\Lisandre\Downloads\msert.exe
2015-07-29 23:54 - 2015-07-29 23:54 - 00000000 ____D C:\Users\Lisandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-29 16:10 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-29 16:10 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-29 16:10 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-29 16:10 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-29 16:10 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-29 16:10 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-29 16:10 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-29 16:10 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-24 20:48 - 2015-07-24 20:48 - 00732864 _____ C:\windows\Minidump\072415-20436-01.dmp
2015-07-20 19:37 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-20 19:37 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-20 19:37 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-20 19:37 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-20 19:37 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-20 19:37 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-20 19:37 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-20 19:37 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-20 19:37 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-20 19:37 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-19 12:44 - 2015-07-19 12:44 - 00000000 ____D C:\Users\Lisandre\AppData\Local\{6AD140A3-7835-4ED9-9BCE-AAD72976051A}
2015-07-15 20:12 - 2015-07-15 20:12 - 00262144 _____ C:\windows\system32\config\elam
2015-07-15 19:23 - 2015-07-15 19:23 - 00000000 ____D C:\Users\Lisandre\AppData\Local\{4B71B1B6-F0F0-4589-B332-C1CBD6FB082E}
2015-07-14 23:13 - 2015-07-14 23:13 - 18524336 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-14 22:42 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-14 22:42 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-14 22:42 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-14 22:42 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-07-14 22:42 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-14 22:42 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-14 22:42 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-14 22:42 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-14 22:42 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-14 22:42 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-14 22:42 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-14 22:41 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-14 22:41 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-14 22:41 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-14 22:41 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-14 22:41 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-14 22:41 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-14 22:41 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-14 22:41 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-14 22:41 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-14 22:41 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-14 22:41 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-14 22:41 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-14 22:41 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-07-14 22:41 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-14 22:41 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-07-14 22:41 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-14 22:41 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-14 22:41 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-14 22:41 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-14 22:41 - 2015-06-09 14:03 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-14 22:41 - 2015-06-09 14:03 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 22:40 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-14 22:40 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-14 22:40 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-07-14 22:40 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-14 22:40 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-14 22:40 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-14 22:40 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-07-14 22:40 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-14 22:40 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-14 22:40 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-14 22:40 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-14 22:40 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-07-14 22:40 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-07-14 22:40 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-14 22:40 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-14 22:40 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 22:40 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-14 22:40 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-14 22:40 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-14 22:40 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-14 22:40 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-14 22:40 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-14 22:40 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-07-14 22:40 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-14 22:40 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-14 22:40 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-14 22:40 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-14 22:40 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-14 22:40 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-07-14 22:40 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-14 22:40 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-14 22:40 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-14 22:40 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-14 22:40 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-07-14 22:40 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-14 22:40 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 22:40 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-14 22:40 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-14 22:40 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-14 22:40 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-14 22:40 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-14 22:40 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-07-14 22:40 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-14 22:40 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-14 22:39 - 2015-06-11 13:57 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-07-14 22:39 - 2015-06-11 13:57 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-07-14 22:39 - 2015-06-11 13:56 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-07-14 22:39 - 2015-06-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-07-14 22:38 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-14 22:38 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-14 22:38 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-14 22:38 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-14 22:38 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-14 22:38 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-14 22:38 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-14 22:38 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-14 22:38 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-14 22:38 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-14 22:38 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-14 22:38 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-14 22:38 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-14 22:38 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-14 22:38 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-14 22:38 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-14 22:38 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-14 22:38 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-14 22:38 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-14 22:38 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-14 22:38 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-14 22:38 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-14 22:38 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-14 22:38 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-14 22:38 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-14 22:38 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-14 22:38 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-14 22:38 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-14 22:38 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-14 22:38 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-14 22:38 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-14 22:38 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-14 22:38 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-14 22:38 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-14 22:38 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-14 22:38 - 2015-06-11 13:57 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-07-14 22:38 - 2015-06-11 13:56 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-07-14 22:38 - 2015-06-11 13:56 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-07-11 18:51 - 2015-07-11 18:51 - 00000000 ____D C:\Users\Lisandre\AppData\Local\{136DD67A-710E-4C6F-B681-1991C7B00E42}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-10 21:39 - 2013-01-19 13:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-10 21:37 - 2009-07-14 00:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-10 21:37 - 2009-07-14 00:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-10 21:22 - 2012-07-21 21:17 - 00001090 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000UA.job
2015-08-10 21:22 - 2012-05-13 10:51 - 00001002 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-10 21:22 - 2012-01-04 23:04 - 00001070 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 20:56 - 2015-06-17 18:45 - 00001208 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000UA.job
2015-08-10 20:52 - 2012-01-04 23:04 - 00001066 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-10 19:22 - 2012-01-04 11:50 - 01903601 _____ C:\windows\WindowsUpdate.log
2015-08-10 19:16 - 2012-01-11 23:29 - 00000000 ___RD C:\Users\Lisandre\Dropbox
2015-08-10 19:15 - 2012-01-11 23:05 - 00000000 ____D C:\Users\Lisandre\AppData\Roaming\Dropbox
2015-08-10 19:13 - 2013-07-10 10:47 - 00060233 _____ C:\windows\setupact.log
2015-08-10 19:13 - 2010-11-20 23:47 - 00410588 _____ C:\windows\PFRO.log
2015-08-10 19:13 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-10 19:03 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SchCache
2015-08-10 19:02 - 2012-01-04 19:11 - 00000000 ____D C:\Users\Lisandre
2015-08-10 18:31 - 2012-01-04 20:29 - 00003960 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CF10C066-BEBE-48C7-A040-8B2B84223682}
2015-08-10 17:13 - 2012-07-21 21:17 - 00001038 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000Core.job
2015-08-06 22:15 - 2013-05-29 18:03 - 00002388 _____ C:\Users\Lisandre\Desktop\Google Chrome.lnk
2015-08-03 19:15 - 2013-03-05 16:49 - 00000000 ___RD C:\Users\Lisandre\Google Drive
2015-08-03 19:12 - 2012-01-07 11:34 - 00000000 ____D C:\Users\Lisandre\AppData\Roaming\Mozilla
2015-08-01 21:01 - 2012-02-04 17:53 - 00000000 ____D C:\Users\Lisandre\AppData\Local\CrashDumps
2015-08-01 20:53 - 2015-06-24 00:42 - 00000112 _____ C:\ProgramData\W6ncN8x.dat
2015-08-01 17:20 - 2010-11-21 02:19 - 00747910 _____ C:\windows\system32\perfh00C.dat
2015-08-01 17:20 - 2010-11-21 02:19 - 00150402 _____ C:\windows\system32\perfc00C.dat
2015-08-01 17:20 - 2009-07-14 01:13 - 01669656 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-30 21:38 - 2012-01-05 22:46 - 00000000 ____D C:\Users\Lisandre\AppData\Roaming\Apple Computer
2015-07-29 23:56 - 2015-06-17 18:45 - 00001156 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000Core.job
2015-07-29 19:00 - 2014-05-06 22:02 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-27 16:53 - 2009-07-14 01:08 - 00032482 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-07-24 20:48 - 2013-12-30 15:53 - 457228159 _____ C:\windows\MEMORY.DMP
2015-07-24 20:48 - 2012-04-14 17:37 - 00000000 ____D C:\windows\Minidump
2015-07-22 17:33 - 2009-07-14 00:45 - 00306248 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-19 00:37 - 2015-04-04 22:17 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-19 00:37 - 2015-04-04 22:17 - 00000000 ___SD C:\windows\system32\GWX
2015-07-18 23:51 - 2015-06-17 18:45 - 00004184 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000UA
2015-07-18 23:51 - 2015-06-17 18:45 - 00003788 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000Core
2015-07-16 17:14 - 2013-03-05 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-16 17:08 - 2012-07-21 21:17 - 00004066 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000UA
2015-07-16 17:08 - 2012-07-21 21:17 - 00003670 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3930916530-1330040173-1174263-1000Core
2015-07-15 20:07 - 2012-01-04 23:04 - 00004066 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 20:07 - 2012-01-04 23:04 - 00003814 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 00:06 - 2012-01-22 20:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 23:19 - 2013-08-14 13:56 - 00000000 ____D C:\windows\system32\MRT
2015-07-14 23:13 - 2012-05-13 10:51 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 23:13 - 2012-05-13 10:51 - 00003940 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 23:13 - 2012-01-08 11:34 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 22:44 - 2013-03-05 16:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 22:30 - 2014-12-23 18:58 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2013-02-09 22:32 - 2014-12-20 13:37 - 0003584 _____ () C:\Users\Lisandre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-10 17:36 - 2012-02-10 17:36 - 0017408 _____ () C:\Users\Lisandre\AppData\Local\WebpageIcons.db
2012-01-04 22:04 - 2012-01-04 22:04 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-06-24 00:42 - 2015-08-01 20:53 - 0000112 _____ () C:\ProgramData\W6ncN8x.dat
 
Files to move or delete:
====================
C:\ProgramData\W6ncN8x.dat
 
 
Some files in TEMP:
====================
C:\Users\Lisandre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4xpbfv.dll
C:\Users\Lisandre\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisandre\AppData\Local\Temp\ReimageExpressSetup.exe
C:\Users\Lisandre\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Lisandre\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisandre\AppData\Local\Temp\sqlite3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-27 09:53
 
==================== End of log ============================Attached File  Addition.txt   40.24KB   2 downloads

 

 



BC AdBot (Login to Remove)

 


m

#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:55 PM

Posted 11 August 2015 - 02:07 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Please allow me some time to consult with my instructor and I will be back with more information.

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:55 PM

Posted 12 August 2015 - 12:21 PM

Hello Lisandre,

Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
Shall we begin then?

===

Do you use Hola? From your logs it is installed on your machine.

Regards,
Alex

#4 Lisandre

Lisandre
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 12 August 2015 - 04:38 PM

Yes I use Hola on my computer.

 

Thank you for your help!



#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:55 PM

Posted 13 August 2015 - 02:38 AM

Hello Lisandre,

Please download the Microsoft Fixit from here and run it. The Fixit will reset your Internet Explorer proxy settings.

After that please check your browsers and see if the popups return again.

Regards,
Alex



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:55 PM

Posted 16 August 2015 - 06:02 AM

Hello there,

Are you still with me? It's been three days since my last post.

Regards,
Alex

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:55 PM

Posted 18 August 2015 - 07:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users