Author Topic: [Resolved-K] Adware in Firefox and possible malware affecting Chrome  (Read 4952 times)

Offline beallman85

  • Bronze Member
  • Posts: 9
Hi guys,

Was hoping you could help me please? I am having issues with both Firefox and Chrome. With Firefox, I am getting several ad pop-ups within webpages which definitely should not be there. With Chrome, an extension keeps opening itself, leaving a .ini file on the desktop periodically and even when I remove it and disable the extension, odd URL addresses are always running in the background when I use Chrome.

I have used Adware Cleaner and Hitman Pro but they have obviously not solved the issues.

My logs are as follows:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by Ben and Rachel at 10:16:25 on 2015-08-23
Microsoft Windows 10 Home  10.0.10240.0.1252.44.1033.18.8113.5616 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
svchost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\RTFTrack.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Ben and Rachel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6120.42011.0_x64__8wekyb3d8bbwe\HxMail.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6120.42011.0_x64__8wekyb3d8bbwe\HxTsr.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Users\Ben and Rachel\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Ben and Rachel\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\Ben and Rachel\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Ben and Rachel\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uRun: [Spotify Web Helper] "C:\Users\Ben and Rachel\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Ben and Rachel\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
mRun: [Yoga Picks] C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe -s
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: SafeKey - C:\Users\Ben and Rachel\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - C:\Users\Ben and Rachel\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{70da1f7c-13a3-4b27-a97b-a1ee861dbb02} : DHCPNameServer = 169.254.54.64
TCP: Interfaces\{76af3562-0231-4896-bdec-62ead1a75154} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_LENOVO_DOLBYDRAGON] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
x64-Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [AutoStartTransition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe AutoRun
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2014-3-26 645992]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2015-2-17 875928]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2015-2-17 344704]
R0 RapportHades64;RapportHades64;C:\WINDOWS\System32\drivers\RapportHades64.sys [2015-7-23 139896]
R0 RapportKE64;RapportKE64;C:\WINDOWS\System32\drivers\RapportKE64.sys [2015-7-23 394584]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-15 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R1 RapportCerberus_1507063;RapportCerberus_1507063;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [2015-8-17 958232]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-7-29 500088]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-7-29 489240]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 CCSDK;CCSDK;C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [2014-12-29 592880]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-5-7 2753720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DACoreService;Dragon Assistant Core;C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [2014-12-29 448400]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-5-7 368048]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-3-26 16232]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-18 351120]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-12-29 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-12-29 169432]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service;C:\WINDOWS\System32\LenovoWiFiHotspotSvr.exe [2014-12-29 198192]
R2 LsvUIService;LsvUIService;C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [2014-12-29 70416]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-8-5 155368]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\MSC\McAPExe.exe [2015-5-7 782608]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [2015-7-23 1694152]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-5-7 368048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-5-7 368048]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-5-7 368048]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-5-7 368048]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-5-7 373704]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2013-12-13 230920]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-12-13 69640]
R2 PG_Service_Launcher;PG_Service_Launcher;C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [2014-2-25 512776]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-7-29 2255128]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-12-29 390632]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-6-3 249032]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R2 ymc;ymc;C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [2014-12-29 33040]
R2 YogaPicks.AppService;YogaPicks.AppService;C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [2014-12-29 19440]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2015-8-1 42328]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2015-2-17 77536]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2014-3-1 27032]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-7-14 25816]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2015-2-17 412440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2015-2-17 347800]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2015-5-7 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2015-2-17 496888]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2015-6-28 529080]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-8-5 37960]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2015-5-7 254792]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\WINDOWS\System32\drivers\RtkBtfilter.sys [2015-3-11 593624]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2014-12-29 8876248]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane.sys [2015-7-10 3453144]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 SensorsHIDClassDriver;UMDF Reflector service for Sensors HID Class Driver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-6-3 42696]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-22 80720]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2015-2-13 80920]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-14 1133880]
S2 PGService;PGService;C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [2014-2-25 167176]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2015-6-16 207208]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2015-8-6 43664]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-3-1 38296]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2014-12-29 450520]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2014-12-29 561408]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-7-14 64216]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2015-6-28 109728]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-31 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-7-3 410880]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-31 1031680]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-31 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-15 685568]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2015-08-23 09:09:13   16148   ----a-w-   C:\WINDOWS\System32\GREENYARDS_Ben and Rachel_HistoryPrediction.bin
2015-08-22 10:15:18   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-22 10:05:19   16706560   ----a-w-   C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-08-15 06:08:44   8613200   ----a-w-   C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2015-08-15 06:07:58   384000   ----a-w-   C:\WINDOWS\System32\LockAppBroker.dll
2015-08-15 06:07:58   3584   ----a-w-   C:\WINDOWS\System32\drivers\en-US\mountmgr.sys.mui
2015-08-15 06:07:58   311808   ----a-w-   C:\WINDOWS\SysWow64\LockAppBroker.dll
2015-08-15 06:07:57   911360   ----a-w-   C:\WINDOWS\System32\SharedStartModel.dll
2015-08-15 06:07:57   193536   ----a-w-   C:\WINDOWS\System32\SharedStartModelShim.dll
2015-08-15 06:07:57   1290752   ----a-w-   C:\WINDOWS\System32\Windows.UI.Shell.dll
2015-08-15 06:07:56   503808   ----a-w-   C:\WINDOWS\System32\tileobjserver.dll
2015-08-15 06:07:56   282112   ----a-w-   C:\WINDOWS\System32\VEEventDispatcher.dll
2015-08-15 06:07:56   217088   ----a-w-   C:\WINDOWS\SysWow64\VEEventDispatcher.dll
2015-08-15 06:07:55   81920   ----a-w-   C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll
2015-08-15 06:07:55   253952   ----a-w-   C:\WINDOWS\System32\SettingsHandlers_UserAccount.dll
2015-08-15 06:07:54   122880   ----a-w-   C:\WINDOWS\System32\VEDataLayerHelpers.dll
2015-08-06 19:58:23   43664   ----a-w-   C:\WINDOWS\System32\drivers\hitmanpro37.sys
2015-08-06 19:57:04   --------   d-----w-   C:\ProgramData\HitmanPro
2015-08-06 18:29:29   --------   d-----w-   C:\AdwCleaner
2015-08-03 20:48:14   --------   d-----w-   C:\Users\Ben and Rachel\AppData\Local\MicrosoftEdge
2015-08-03 20:43:39   --------   d-----w-   C:\Users\Ben and Rachel\AppData\Local\CEF
2015-08-01 19:47:32   --------   d-----w-   C:\WINDOWS\System32\SleepStudy
2015-08-01 19:00:22   --------   d-----w-   C:\Users\Ben and Rachel\AppData\Local\NetworkTiles
2015-08-01 09:09:35   42328   ----a-w-   C:\WINDOWS\System32\drivers\AcpiVpc.sys
2015-08-01 09:07:04   --------   d-----w-   C:\Users\Ben and Rachel\AppData\Local\Publishers
2015-08-01 09:06:30   --------   d-----w-   C:\Users\Ben and Rachel\AppData\Local\Comms
2015-08-01 09:06:18   --------   d-----w-   C:\Users\Ben and Rachel\AppData\Local\TileDataLayer
2015-07-31 06:51:04   --------   dc----w-   C:\WINDOWS\Panther
2015-07-31 06:47:42   --------   d-----w-   C:\Windows.old
2015-07-31 06:40:29   778936   ----a-w-   C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-07-31 06:40:29   35480   ----a-w-   C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-07-31 06:40:29   102608   ----a-w-   C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 06:40:25   35480   ----a-w-   C:\WINDOWS\System32\TsWpfWrp.exe
2015-07-31 06:40:25   124112   ----a-w-   C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 06:40:25   1166520   ----a-w-   C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-07-30 22:18:39   --------   d-sh--w-   C:\Recovery
2015-07-30 22:09:38   --------   d-----w-   C:\WINDOWS\System32\wbem\Performance
2015-07-30 21:55:39   2718208   ----a-w-   C:\WINDOWS\SysWow64\PrintConfig.dll
2015-07-30 21:55:10   --------   d-----w-   C:\WINDOWS\SysWow64\RTCOM
2015-07-30 21:55:10   --------   d-----w-   C:\Program Files\Realtek
2015-07-30 21:55:02   200   ----a-w-   C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-07-30 21:55:02   180   ----a-w-   C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-07-30 21:55:00   86528   ----a-w-   C:\WINDOWS\SysWow64\OpenCL.DLL
2015-07-30 21:55:00   82432   ----a-w-   C:\WINDOWS\System32\OpenCL.DLL
2015-07-30 21:54:15   --------   d-----w-   C:\Program Files (x86)\Common Files\Intel
2015-07-30 21:53:55   --------   d-----w-   C:\Program Files\Synaptics
.
==================== Find3M  ====================
.
2015-08-13 04:23:47   2178560   ----a-w-   C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-08-13 04:22:26   2093056   ----a-w-   C:\WINDOWS\System32\wlidsvc.dll
2015-08-13 04:20:39   414208   ----a-w-   C:\WINDOWS\System32\AppXDeploymentClient.dll
2015-08-13 04:17:58   1795072   ----a-w-   C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-08-13 03:53:21   311808   ----a-w-   C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2015-08-11 10:04:24   2462648   ----a-w-   C:\WINDOWS\System32\mfcore.dll
2015-08-11 10:04:23   4532304   ----a-w-   C:\WINDOWS\explorer.exe
2015-08-11 10:04:15   1087296   ----a-w-   C:\WINDOWS\System32\mfplat.dll
2015-08-11 10:03:20   8021840   ----a-w-   C:\WINDOWS\System32\ntoskrnl.exe
2015-08-11 10:03:09   442208   ----a-w-   C:\WINDOWS\System32\drivers\storport.sys
2015-08-11 10:02:57   554744   ----a-w-   C:\WINDOWS\System32\directmanipulation.dll
2015-08-11 10:02:56   80720   ----a-w-   C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-11 10:02:49   292856   ----a-w-   C:\WINDOWS\System32\LockAppHost.exe
2015-08-11 09:52:49   993104   ----a-w-   C:\WINDOWS\System32\ReAgent.dll
2015-08-11 09:50:47   1643872   ----a-w-   C:\WINDOWS\System32\diagtrack.dll
2015-08-11 09:40:22   4048808   ----a-w-   C:\WINDOWS\SysWow64\explorer.exe
2015-08-11 09:40:12   918320   ----a-w-   C:\WINDOWS\SysWow64\mfplat.dll
2015-08-11 09:40:08   2151208   ----a-w-   C:\WINDOWS\SysWow64\mfcore.dll
2015-08-11 09:38:22   454000   ----a-w-   C:\WINDOWS\SysWow64\directmanipulation.dll
2015-08-11 09:37:48   243800   ----a-w-   C:\WINDOWS\SysWow64\LockAppHost.exe
2015-08-11 09:26:03   845664   ----a-w-   C:\WINDOWS\SysWow64\ReAgent.dll
2015-08-11 09:22:04   21875200   ----a-w-   C:\WINDOWS\System32\edgehtml.dll
2015-08-11 09:21:13   148992   ----a-w-   C:\WINDOWS\System32\tetheringservice.dll
2015-08-11 09:21:04   52224   ----a-w-   C:\WINDOWS\System32\tetheringclient.dll
2015-08-11 09:20:42   2224640   ----a-w-   C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-08-11 09:20:02   483328   ----a-w-   C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-08-11 09:19:45   235520   ----a-w-   C:\WINDOWS\System32\SettingsHandlers_Notifications.dll
2015-08-11 09:18:44   235008   ----a-w-   C:\WINDOWS\System32\UserMgrProxy.dll
2015-08-11 09:16:32   2416640   ----a-w-   C:\WINDOWS\System32\MFMediaEngine.dll
2015-08-11 09:14:02   404480   ----a-w-   C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 09:13:42   413184   ----a-w-   C:\WINDOWS\System32\diagtrack_win.dll
2015-08-11 09:11:40   2446336   ----a-w-   C:\WINDOWS\System32\InputService.dll
2015-08-11 09:11:18   553472   ----a-w-   C:\WINDOWS\System32\GamePanel.exe
2015-08-11 09:10:47   293376   ----a-w-   C:\WINDOWS\System32\TextInputFramework.dll
2015-08-11 09:10:12   324096   ----a-w-   C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-11 09:10:06   778752   ----a-w-   C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2015-08-11 09:09:55   32768   ----a-w-   C:\WINDOWS\System32\wuautoappupdate.dll
2015-08-11 09:08:04   893440   ----a-w-   C:\WINDOWS\System32\MbaeApiPublic.dll
2015-08-11 09:08:04   563200   ----a-w-   C:\WINDOWS\System32\MbaeApi.dll
2015-08-11 09:07:52   593920   ----a-w-   C:\WINDOWS\System32\wcmsvc.dll
2015-08-11 09:07:47   1178112   ----a-w-   C:\WINDOWS\System32\wwansvc.dll
2015-08-11 09:07:44   115712   ----a-w-   C:\WINDOWS\System32\MbaeParserTask.exe
2015-08-11 09:06:50   2662400   ----a-w-   C:\WINDOWS\System32\Windows.UI.Logon.dll
2015-08-11 09:06:19   7523328   ----a-w-   C:\WINDOWS\System32\Chakra.dll
2015-08-11 09:05:48   342016   ----a-w-   C:\WINDOWS\System32\LocationGeofences.dll
2015-08-11 09:05:27   269312   ----a-w-   C:\WINDOWS\System32\LocationFramework.dll
2015-08-11 09:05:23   78848   ----a-w-   C:\WINDOWS\System32\LocationFrameworkInternalPS.dll
2015-08-11 09:05:20   137216   ----a-w-   C:\WINDOWS\System32\LocationPermissions.dll
2015-08-11 09:05:10   996352   ----a-w-   C:\WINDOWS\System32\RDXService.dll
2015-08-11 09:05:07   3527168   ----a-w-   C:\WINDOWS\System32\tquery.dll
2015-08-11 09:03:09   2558976   ----a-w-   C:\WINDOWS\System32\mssrch.dll
2015-08-11 09:02:53   186368   ----a-w-   C:\WINDOWS\System32\cloudAP.dll
2015-08-11 09:02:15   621056   ----a-w-   C:\WINDOWS\System32\enterprisecsps.dll
2015-08-11 09:02:08   3588096   ----a-w-   C:\WINDOWS\System32\win32kfull.sys
2015-08-11 09:02:03   1890304   ----a-w-   C:\WINDOWS\System32\dwmcore.dll
2015-08-11 09:01:38   1334784   ----a-w-   C:\WINDOWS\System32\UIAutomationCore.dll
2015-08-11 09:00:45   336384   ----a-w-   C:\WINDOWS\System32\SearchProtocolHost.exe
2015-08-11 09:00:06   274432   ----a-w-   C:\WINDOWS\System32\syncutil.dll
2015-08-11 08:59:51   123392   ----a-w-   C:\WINDOWS\System32\mssprxy.dll
2015-08-11 08:59:33   42496   ----a-w-   C:\WINDOWS\SysWow64\tetheringclient.dll
2015-08-11 08:59:29   1106432   ----a-w-   C:\WINDOWS\System32\sysmain.dll
2015-08-11 08:59:27   642560   ----a-w-   C:\WINDOWS\System32\rdbui.dll
2015-08-11 08:58:11   372224   ----a-w-   C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
2015-08-11 08:57:51   13024768   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-08-11 08:57:12   159744   ----a-w-   C:\WINDOWS\SysWow64\UserMgrProxy.dll
2015-08-11 08:51:35   1916928   ----a-w-   C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-08-11 08:51:33   1823232   ----a-w-   C:\WINDOWS\SysWow64\InputService.dll
2015-08-11 08:50:59   131584   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
2015-08-11 08:50:58   200704   ----a-w-   C:\WINDOWS\SysWow64\TextInputFramework.dll
2015-08-11 08:50:47   420352   ----a-w-   C:\WINDOWS\SysWow64\GamePanel.exe
2015-08-11 08:49:50   586752   ----a-w-   C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2015-08-11 08:49:30   247808   ----a-w-   C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-11 08:48:25   671232   ----a-w-   C:\WINDOWS\SysWow64\MbaeApiPublic.dll
2015-08-11 08:47:09   448512   ----a-w-   C:\WINDOWS\SysWow64\MbaeApi.dll
2015-08-11 08:45:48   18805760   ----a-w-   C:\WINDOWS\SysWow64\edgehtml.dll
2015-08-11 08:45:09   1820672   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2015-08-11 08:43:39   2748416   ----a-w-   C:\WINDOWS\SysWow64\tquery.dll
2015-08-11 08:42:33   5454848   ----a-w-   C:\WINDOWS\SysWow64\Chakra.dll
2015-08-11 08:40:45   1593856   ----a-w-   C:\WINDOWS\SysWow64\dwmcore.dll
2015-08-11 08:40:32   1964544   ----a-w-   C:\WINDOWS\SysWow64\mssrch.dll
2015-08-11 08:40:12   1112064   ----a-w-   C:\WINDOWS\SysWow64\UIAutomationCore.dll
2015-08-11 08:39:28   280576   ----a-w-   C:\WINDOWS\SysWow64\SearchProtocolHost.exe
2015-08-11 08:38:43   162304   ----a-w-   C:\WINDOWS\SysWow64\ReInfo.dll
2015-08-08 15:38:46   794088   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-08-08 15:38:46   179688   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-08-08 07:29:58   1822280   ----a-w-   C:\WINDOWS\System32\ntdll.dll
2015-08-08 07:19:45   608936   ----a-w-   C:\WINDOWS\System32\fontdrvhost.exe
2015-08-08 07:01:18   1533496   ----a-w-   C:\WINDOWS\SysWow64\ntdll.dll
2015-08-08 06:48:13   539728   ----a-w-   C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-08-08 06:40:23   365056   ----a-w-   C:\WINDOWS\System32\atmfd.dll
2015-08-08 06:24:15   2415104   ----a-w-   C:\WINDOWS\System32\DWrite.dll
2015-08-08 06:24:06   1679360   ----a-w-   C:\WINDOWS\System32\FntCache.dll
2015-08-08 06:15:14   303104   ----a-w-   C:\WINDOWS\SysWow64\atmfd.dll
2015-08-08 06:00:44   1985024   ----a-w-   C:\WINDOWS\SysWow64\DWrite.dll
2015-08-06 05:59:13   113880   ----a-w-   C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-08-06 03:17:40   200528   ----a-w-   C:\WINDOWS\System32\drivers\wof.sys
2015-08-06 03:17:34   237392   ----a-w-   C:\WINDOWS\System32\drivers\rdyboost.sys
2015-08-06 02:22:03   685568   ----a-w-   C:\WINDOWS\System32\drivers\WdiWiFi.sys
2015-08-05 19:40:39   24   ----a-w-   C:\Users\Ben and Rachel\AppData\Roaming\appdataFr25.bin
2015-08-05 04:49:51   783112   ----a-w-   C:\WINDOWS\System32\mfsvr.dll
.
============= FINISH: 10:17:39.94 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 01/08/2015 10:06:09
System Uptime: 23/08/2015 03:55:11 (7 hours ago)
.
Motherboard: LENOVO |  | INVALID
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz | U3E1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 425 GiB total, 364.045 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.818 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP5: 06/08/2015 21:11:21 - Checkpoint by HitmanPro
RP6: 15/08/2015 07:08:51 - Windows Update
RP7: 17/08/2015 09:39:21 - Installed Rapport
RP8: 22/08/2015 11:51:51 - Windows Update
RP9: 22/08/2015 11:55:15 - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe Flash Player 18 NPAPI
Adobe Refresh Manager
Amazon 1Button App
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Bonjour
CCSDK
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink MediaStory
CyberLink PowerDirector 10
Dependency Package Update
Dolby Digital Plus Home Theater
Dragon Assistant version 1.5.20
Google Chrome
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel® Trusted Connect Service Client
iTunes
Lenovo EasyCamera
Lenovo Experience Improvement
Lenovo FusionEngine
Lenovo Mobile Phone Wireless Import
Lenovo Motion Control
Lenovo Smart Voice
Lenovo Transition
Malwarebytes Anti-Malware version 2.1.8.1057
McAfee LiveSafe – Internet Security
McAfee SafeKey(uninstall only)
McAfee WebAdvisor
Metric Collection SDK 35
Microsoft Office 365 - en-us
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 40.0.2 (x86 en-US)
Mozilla Maintenance Service
Nitro Pro 9
Nuance Speech Component DA-A en-GB version 1.5.20
Nuance Speech Component DA-C version 1.1.22
Nuance Speech Component DA-L en-GB version 1.1.5
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Rapport
REALTEK Bluetooth Driver
Realtek Card Reader
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
SHAREit
Spotify
Synaptics Pointing Device Driver
Trusteer Endpoint Protection
UESDK
User Manuals
Yoga Picks
.
==== Event Viewer Messages From Past Week ========
.
23/08/2015 08:15:13, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
23/08/2015 03:56:46, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the PGService service to connect.
23/08/2015 03:56:46, Error: Service Control Manager [7000]  - The PGService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
23/08/2015 03:50:21, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session3 service to connect.
23/08/2015 03:50:21, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session3 service to connect.
23/08/2015 03:50:10, Error: Service Control Manager [7031]  - The User Data Storage_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
23/08/2015 03:50:10, Error: Service Control Manager [7031]  - The User Data Access_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
23/08/2015 03:50:10, Error: Service Control Manager [7031]  - The Sync Host_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
23/08/2015 03:50:10, Error: Service Control Manager [7031]  - The Contact Data_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
18/08/2015 08:13:47, Error: Service Control Manager [7031]  - The User Data Storage_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
18/08/2015 08:13:47, Error: Service Control Manager [7031]  - The User Data Access_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
18/08/2015 08:13:47, Error: Service Control Manager [7031]  - The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
18/08/2015 08:13:47, Error: Service Control Manager [7031]  - The Contact Data_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 20:12:14, Error: Service Control Manager [7031]  - The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 20:12:14, Error: Service Control Manager [7031]  - The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 20:12:14, Error: Service Control Manager [7031]  - The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 20:12:14, Error: Service Control Manager [7031]  - The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 09:35:03, Error: Service Control Manager [7031]  - The User Data Storage_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 09:35:03, Error: Service Control Manager [7031]  - The User Data Access_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 09:35:03, Error: Service Control Manager [7031]  - The Sync Host_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/08/2015 09:35:03, Error: Service Control Manager [7031]  - The Contact Data_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================


I appreciate your help. Thanks.

Ben
« Last Edit: August 31, 2015, 04:42:36 PM by kevinf80 »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #1 on: August 23, 2015, 04:10:27 AM »
Hello and welcome to SpywareHammer,

My screen name is kevinf80, either that or Kevin is good for replies. Ok lets continue:

P2P/illegal software Warning:

Quote
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the Forum policy on P2P and Illegal Software.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.
'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....
Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Let me see those logs in your reply....

Thank you,

Kevin...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #2 on: August 27, 2015, 03:17:35 PM »
Do you still need help??

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #3 on: August 30, 2015, 01:44:04 AM »
Hi Kevin,

Very sorry - I thought I was going to get an email saying someone had replied to my topic. I am running everything now and my logs will be below. Sorry again.

Ben

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #4 on: August 30, 2015, 02:31:07 AM »
Here goes - I think I have to post these across several replies as I'm exceeding the character limit:

Malware log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/08/2015
Scan Time: 08:41
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.29.05
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Ben and Rachel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377533
Time Elapsed: 11 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.MultiPlug, C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\extensions\azJ@bDOY.org\content, Quarantined, [1e7bd33bdab15fd72f06a7f9e123a65a],
PUP.Optional.MultiPlug, C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\extensions\azJ@bDOY.org, Quarantined, [1e7bd33bdab15fd72f06a7f9e123a65a],

Files: 4
PUP.Optional.MultiPlug, C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\extensions\azJ@bDOY.org\content\bg.js, Quarantined, [1e7bd33bdab15fd72f06a7f9e123a65a],
PUP.Optional.MultiPlug, C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\extensions\azJ@bDOY.org\bootstrap.js, Quarantined, [1e7bd33bdab15fd72f06a7f9e123a65a],
PUP.Optional.MultiPlug, C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\extensions\azJ@bDOY.org\chrome.manifest, Quarantined, [1e7bd33bdab15fd72f06a7f9e123a65a],
PUP.Optional.MultiPlug, C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\extensions\azJ@bDOY.org\install.rdf, Quarantined, [1e7bd33bdab15fd72f06a7f9e123a65a],

Physical Sectors: 0
(No malicious items detected)


(end)

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #5 on: August 30, 2015, 02:34:48 AM »


FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-08-2015
Ran by Ben and Rachel (administrator) on GREENYARDS (30-08-2015 09:00:11)
Running from C:\Users\Ben and Rachel\Desktop
Loaded Profiles: Ben and Rachel (Available Profiles: Ben and Rachel)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Ben and Rachel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6120.42011.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6120.42011.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-12-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-948950112-1921841323-782461941-1001\...\Run: [Spotify Web Helper] => C:\Users\Ben and Rachel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-08] (Spotify Ltd)
HKU\S-1-5-21-948950112-1921841323-782461941-1001\...\Run: [Spotify] => C:\Users\Ben and Rachel\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-08] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-05-07]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-05-07]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-07] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-07-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-07-21] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{70da1f7c-13a3-4b27-a97b-a1ee861dbb02}: [DhcpNameServer] 169.254.54.64
Tcpip\..\Interfaces\{76af3562-0231-4896-bdec-62ead1a75154}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-07] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: McAfee WebAdvisor - C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-05-07]

Chrome:
=======
CHR Profile: C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-21]
CHR Extension: (Google Docs) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-21]
CHR Extension: (YouTube) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-21]
CHR Extension: (Google Search) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-21]
CHR Extension: (Google Sheets) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-03]
CHR Extension: (Google Wallet) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-21]
CHR Extension: (Gmail) - C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-05]
CHR HKU\S-1-5-21-948950112-1921841323-782461941-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-07-31] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-07-31] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [448400 2014-03-24] (Nuance Communications, Inc.)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-29] (Lenovo(beijing) Limited)
S3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-12-29] (Lenovo)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-08-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-07-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab LTD)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-07-31] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-07-31] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-07-31] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-30] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-12-29] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-07] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-06] ()
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [958744 2015-08-28] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-08-04] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-08-04] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-08-04] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-08-04] (IBM Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-07-31] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #6 on: August 30, 2015, 02:37:33 AM »

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 09:01 - 2015-08-30 09:01 - 00374364 _____ C:\Users\Apps\creator-about-modals.spa
2015-08-30 09:00 - 2015-08-30 09:00 - 00029811 _____ C:\Users\Ben and Rachel\Desktop\FRST.txt
2015-08-30 09:00 - 2015-08-30 09:00 - 00000000 ____D C:\FRST
2015-08-30 08:59 - 2015-08-30 08:59 - 02186752 _____ (Farbar) C:\Users\Ben and Rachel\Desktop\FRST64.exe
2015-08-30 08:52 - 2015-08-30 08:52 - 00016148 _____ C:\WINDOWS\system32\GREENYARDS_Ben and Rachel_HistoryPrediction.bin
2015-08-30 08:40 - 2015-08-30 08:40 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-30 08:39 - 2015-08-30 08:39 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ben and Rachel\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-30 06:59 - 2015-08-30 06:59 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-30 06:59 - 2015-08-30 06:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-30 06:58 - 2015-08-30 06:59 - 00000000 ____D C:\Program Files\iTunes
2015-08-30 06:58 - 2015-08-30 06:58 - 00000000 ____D C:\Program Files\iPod
2015-08-30 06:58 - 2015-08-30 06:58 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-28 19:31 - 2015-08-20 07:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 19:31 - 2015-08-20 07:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 19:31 - 2015-08-20 07:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 19:31 - 2015-08-20 06:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-28 19:31 - 2015-08-20 06:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 19:31 - 2015-08-20 06:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-28 19:31 - 2015-08-20 06:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 19:31 - 2015-08-20 06:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 19:31 - 2015-08-20 06:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 19:31 - 2015-08-20 06:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-28 19:31 - 2015-08-20 05:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-28 19:31 - 2015-08-18 08:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 19:31 - 2015-08-18 08:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 19:31 - 2015-08-18 08:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 19:31 - 2015-08-18 08:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 19:31 - 2015-08-18 08:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 19:31 - 2015-08-18 08:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 19:31 - 2015-08-18 08:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 19:31 - 2015-08-18 08:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 19:31 - 2015-08-18 08:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 19:31 - 2015-08-18 08:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 19:31 - 2015-08-18 08:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 19:31 - 2015-08-18 07:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 19:31 - 2015-08-18 07:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 19:31 - 2015-08-18 07:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 19:31 - 2015-08-18 07:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 19:31 - 2015-08-18 07:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 19:31 - 2015-08-18 07:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 19:31 - 2015-08-18 07:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 19:31 - 2015-08-18 07:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 19:31 - 2015-08-18 07:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 19:31 - 2015-08-18 07:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 19:31 - 2015-08-18 07:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 19:31 - 2015-08-18 07:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 19:31 - 2015-08-18 07:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 19:31 - 2015-08-18 07:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 19:31 - 2015-08-18 07:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 19:31 - 2015-08-18 07:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 19:31 - 2015-08-18 07:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 19:31 - 2015-08-18 07:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 19:31 - 2015-08-18 07:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 19:31 - 2015-08-18 07:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 19:31 - 2015-08-18 07:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 19:31 - 2015-08-18 07:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 19:31 - 2015-08-18 05:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 18:37 - 2015-08-28 18:41 - 155835672 _____ (Apple Inc.) C:\Users\Ben and Rachel\Downloads\iTunes6464Setup (1).exe
2015-08-23 10:54 - 2015-08-23 10:54 - 00013417 ____H C:\Users\Ben and Rachel\Documents\~WRL3384.tmp
2015-08-23 10:17 - 2015-08-23 10:17 - 00041195 _____ C:\Users\Ben and Rachel\Desktop\dds.txt
2015-08-23 10:17 - 2015-08-23 10:17 - 00008782 _____ C:\Users\Ben and Rachel\Desktop\attach.txt
2015-08-22 11:17 - 2015-08-22 11:17 - 00688992 ____R (Swearware) C:\Users\Ben and Rachel\Desktop\dds.com
2015-08-22 11:15 - 2015-08-22 11:15 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-22 11:15 - 2015-08-22 11:15 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-22 11:15 - 2015-08-22 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-22 11:14 - 2015-08-22 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-22 11:05 - 2015-08-13 05:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 11:05 - 2015-08-13 05:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-22 11:05 - 2015-08-11 11:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-22 11:05 - 2015-08-11 10:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 11:05 - 2015-08-11 10:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-22 11:05 - 2015-08-11 10:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-22 11:05 - 2015-08-11 10:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-22 11:05 - 2015-08-11 10:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-22 11:05 - 2015-08-11 10:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-22 11:05 - 2015-08-11 10:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-22 11:05 - 2015-08-11 10:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-22 11:05 - 2015-08-11 10:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-22 11:05 - 2015-08-11 09:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-22 11:05 - 2015-08-11 09:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-22 11:05 - 2015-08-11 09:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-22 11:05 - 2015-08-11 09:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-22 11:04 - 2015-08-13 05:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-22 11:04 - 2015-08-13 05:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-22 11:04 - 2015-08-13 04:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-22 11:04 - 2015-08-11 11:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-22 11:04 - 2015-08-11 11:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-22 11:04 - 2015-08-11 11:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-22 11:04 - 2015-08-11 11:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-22 11:04 - 2015-08-11 11:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-22 11:04 - 2015-08-11 11:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-22 11:04 - 2015-08-11 10:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-22 11:04 - 2015-08-11 10:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-22 11:04 - 2015-08-11 10:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-22 11:04 - 2015-08-11 10:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-22 11:04 - 2015-08-11 10:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-22 11:04 - 2015-08-11 10:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-22 11:04 - 2015-08-11 10:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-22 11:04 - 2015-08-11 10:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-22 11:04 - 2015-08-11 10:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-22 11:04 - 2015-08-11 10:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-22 11:04 - 2015-08-11 10:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-22 11:04 - 2015-08-11 10:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-22 11:04 - 2015-08-11 10:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-22 11:04 - 2015-08-11 10:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-22 11:04 - 2015-08-11 10:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-22 11:04 - 2015-08-11 10:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-22 11:04 - 2015-08-11 10:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-22 11:04 - 2015-08-11 10:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:04 - 2015-08-11 10:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-22 11:04 - 2015-08-11 10:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-22 11:04 - 2015-08-11 10:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-22 11:04 - 2015-08-11 10:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-22 11:04 - 2015-08-11 10:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-22 11:04 - 2015-08-11 10:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-22 11:04 - 2015-08-11 10:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-22 11:04 - 2015-08-11 10:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-22 11:04 - 2015-08-11 10:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-22 11:04 - 2015-08-11 10:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-22 11:04 - 2015-08-11 10:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-22 11:04 - 2015-08-11 10:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-22 11:04 - 2015-08-11 10:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-22 11:04 - 2015-08-11 10:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-22 11:04 - 2015-08-11 10:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-22 11:04 - 2015-08-11 10:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-22 11:04 - 2015-08-11 10:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-22 11:04 - 2015-08-11 10:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-22 11:04 - 2015-08-11 09:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 11:04 - 2015-08-11 09:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-22 11:04 - 2015-08-11 09:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-22 11:04 - 2015-08-11 09:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-22 11:04 - 2015-08-11 09:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-22 11:04 - 2015-08-11 09:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-22 11:04 - 2015-08-11 09:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-22 11:04 - 2015-08-11 09:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-22 11:04 - 2015-08-11 09:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-22 11:04 - 2015-08-11 09:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-22 11:04 - 2015-08-11 09:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-22 11:04 - 2015-08-11 09:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:04 - 2015-08-11 09:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-22 11:04 - 2015-08-11 09:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-22 11:04 - 2015-08-11 09:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-22 11:04 - 2015-08-11 09:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-22 11:04 - 2015-08-11 09:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-22 11:04 - 2015-08-11 09:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-22 11:04 - 2015-08-11 09:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-17 09:39 - 2015-08-17 09:39 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2015-08-17 09:39 - 2015-08-17 09:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2015-08-15 07:08 - 2015-08-08 08:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-15 07:08 - 2015-08-08 08:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-15 07:08 - 2015-08-08 08:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-15 07:08 - 2015-08-08 07:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-15 07:08 - 2015-08-08 07:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-15 07:08 - 2015-08-08 07:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-15 07:08 - 2015-08-08 07:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-15 07:08 - 2015-08-08 07:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-15 07:08 - 2015-08-08 07:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-15 07:08 - 2015-08-06 04:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-15 07:08 - 2015-08-06 04:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-15 07:08 - 2015-08-06 03:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-15 07:08 - 2015-08-05 05:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-15 07:08 - 2015-08-05 05:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-15 07:08 - 2015-08-05 05:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-15 07:08 - 2015-08-05 04:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-15 07:08 - 2015-08-05 04:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-15 07:08 - 2015-08-05 04:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-15 07:08 - 2015-08-04 05:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-15 07:08 - 2015-08-04 05:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-15 07:08 - 2015-08-04 05:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-15 07:08 - 2015-08-04 04:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-15 07:08 - 2015-08-04 03:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-15 07:08 - 2015-08-04 03:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-15 07:08 - 2015-08-03 03:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-15 07:08 - 2015-08-03 03:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-15 07:08 - 2015-08-03 03:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-15 07:08 - 2015-08-03 03:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-15 07:08 - 2015-08-03 03:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-15 07:08 - 2015-08-03 03:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-15 07:08 - 2015-08-03 03:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-15 07:08 - 2015-08-03 03:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-15 07:08 - 2015-08-03 03:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-15 07:08 - 2015-08-03 03:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-15 07:08 - 2015-08-03 03:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-15 07:08 - 2015-08-03 02:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-15 07:08 - 2015-08-03 02:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-15 07:08 - 2015-08-03 02:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-15 07:08 - 2015-08-03 02:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-15 07:08 - 2015-08-03 02:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-15 07:08 - 2015-08-03 02:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-15 07:08 - 2015-08-03 02:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-15 07:08 - 2015-08-03 02:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-15 07:08 - 2015-08-03 02:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-15 07:08 - 2015-08-03 02:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-15 07:08 - 2015-08-03 02:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-15 07:08 - 2015-08-03 02:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-15 07:08 - 2015-08-03 02:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-15 07:08 - 2015-08-03 02:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-15 07:08 - 2015-08-03 02:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-15 07:08 - 2015-08-03 02:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-15 07:08 - 2015-08-03 02:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-15 07:08 - 2015-08-03 02:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-15 07:08 - 2015-08-03 02:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-15 07:08 - 2015-08-03 02:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-15 07:08 - 2015-08-03 02:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-15 07:08 - 2015-08-03 02:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-15 07:08 - 2015-08-03 01:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-15 07:07 - 2015-08-03 02:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-15 07:07 - 2015-08-03 02:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-15 07:07 - 2015-08-03 02:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-15 07:07 - 2015-08-03 02:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-15 07:07 - 2015-08-03 02:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-15 07:07 - 2015-08-03 02:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-15 07:07 - 2015-08-03 02:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-15 07:07 - 2015-08-03 02:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-15 07:07 - 2015-08-03 02:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-15 07:07 - 2015-08-03 02:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-15 07:07 - 2015-08-03 02:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-08 17:32 - 2015-08-30 09:01 - 01867297 _____ C:\Users\Apps\musixmatch-lyrics-cp.spa
2015-08-08 17:32 - 2015-08-08 17:32 - 00449780 _____ C:\Users\snapshot_blob.bin
2015-08-08 17:32 - 2015-08-08 17:32 - 00410937 _____ C:\Users\natives_blob.bin
2015-08-08 09:32 - 2015-08-22 11:43 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-08 09:32 - 2015-08-08 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-08 09:30 - 2015-08-30 08:40 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-08 09:30 - 2015-08-30 07:09 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-08 09:30 - 2015-08-08 09:35 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-08 09:30 - 2015-08-08 09:35 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-06 21:24 - 2015-08-06 21:24 - 00242712 _____ C:\Users\Ben and Rachel\Downloads\Firefox Setup Stub 39.0.exe
2015-08-06 21:13 - 2015-08-06 21:13 - 00004438 _____ C:\WINDOWS\system32\.crusader
2015-08-06 20:58 - 2015-08-06 21:15 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-08-06 20:57 - 2015-08-06 21:14 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-06 20:57 - 2015-08-06 20:57 - 11032736 _____ (SurfRight B.V.) C:\Users\Ben and Rachel\Downloads\HitmanPro_x64.exe
2015-08-06 20:56 - 2015-08-06 20:56 - 10113976 _____ (SurfRight B.V.) C:\Users\Ben and Rachel\Downloads\HitmanPro.exe
2015-08-06 19:29 - 2015-08-06 19:35 - 00000000 ____D C:\AdwCleaner
2015-08-06 19:29 - 2015-08-06 19:29 - 02248704 _____ C:\Users\Ben and Rachel\Downloads\adwcleaner_4.208.exe
2015-08-05 19:23 - 2015-07-30 07:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-05 19:23 - 2015-07-30 07:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-05 19:23 - 2015-07-30 07:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-05 19:23 - 2015-07-30 07:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-05 19:23 - 2015-07-30 07:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-05 19:23 - 2015-07-30 07:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-05 19:23 - 2015-07-30 07:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-05 19:23 - 2015-07-30 07:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-05 19:23 - 2015-07-30 07:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-05 19:23 - 2015-07-30 07:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-05 19:23 - 2015-07-30 07:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-05 19:23 - 2015-07-30 07:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-05 19:23 - 2015-07-30 06:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-05 19:23 - 2015-07-30 05:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-05 19:23 - 2015-07-30 05:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-05 19:23 - 2015-07-30 05:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-05 19:23 - 2015-07-30 05:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-05 19:23 - 2015-07-30 05:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-05 19:23 - 2015-07-30 05:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-05 19:23 - 2015-07-30 05:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-05 19:23 - 2015-07-30 05:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-05 19:23 - 2015-07-30 05:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-05 19:23 - 2015-07-30 05:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-05 19:23 - 2015-07-30 05:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-05 19:23 - 2015-07-30 05:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-05 19:23 - 2015-07-30 05:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-05 19:23 - 2015-07-30 05:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-05 19:23 - 2015-07-30 05:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-05 19:23 - 2015-07-30 04:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-05 19:23 - 2015-07-30 04:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-05 19:23 - 2015-07-30 04:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-05 19:23 - 2015-07-30 04:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-05 19:23 - 2015-07-30 04:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-05 19:23 - 2015-07-30 04:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-05 19:23 - 2015-07-30 04:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-05 19:23 - 2015-07-30 04:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-05 19:23 - 2015-07-30 04:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-05 19:23 - 2015-07-30 04:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-05 19:23 - 2015-07-30 04:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-05 19:23 - 2015-07-30 04:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-05 19:23 - 2015-07-30 04:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-05 19:23 - 2015-07-30 04:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-05 19:23 - 2015-07-30 04:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-05 19:23 - 2015-07-30 04:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-05 19:23 - 2015-07-30 04:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-05 19:23 - 2015-07-30 04:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-05 19:23 - 2015-07-30 04:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-05 19:23 - 2015-07-30 04:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-05 19:23 - 2015-07-30 04:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-05 19:23 - 2015-07-30 04:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-05 19:23 - 2015-07-30 04:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-05 19:23 - 2015-07-30 04:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-05 19:23 - 2015-07-30 04:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-05 19:23 - 2015-07-30 04:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-05 19:23 - 2015-07-30 04:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-05 19:23 - 2015-07-30 04:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-05 19:23 - 2015-07-30 04:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-05 19:23 - 2015-07-30 03:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-05 19:23 - 2015-07-30 03:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-03 21:48 - 2015-08-03 21:48 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\MicrosoftEdge
2015-08-03 21:43 - 2015-08-03 21:43 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\CEF
2015-08-01 20:47 - 2015-08-01 20:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-01 20:00 - 2015-08-01 20:00 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\NetworkTiles
2015-08-01 10:17 - 2015-08-01 10:17 - 00001058 _____ C:\Users\Ben and Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-08-01 10:09 - 2015-08-01 10:09 - 00042328 _____ (Lenovo Corporation) C:\WINDOWS\system32\Drivers\AcpiVpc.sys
2015-08-01 10:09 - 2015-08-01 10:09 - 00002372 _____ C:\Users\Ben and Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-01 10:07 - 2015-08-01 10:07 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\Publishers
2015-08-01 10:06 - 2015-08-15 07:02 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\Comms
2015-08-01 10:06 - 2015-08-01 10:06 - 00000020 ___SH C:\Users\Ben and Rachel\ntuser.ini
2015-08-01 10:06 - 2015-08-01 10:06 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\TileDataLayer
2015-07-31 07:51 - 2015-08-01 10:07 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-31 07:47 - 2015-07-31 07:47 - 00000000 ____D C:\Windows.old
2015-07-31 07:46 - 2015-07-31 07:46 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-07-31 07:46 - 2015-07-31 07:46 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-07-31 07:46 - 2015-07-31 07:46 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-07-31 07:46 - 2015-07-31 07:46 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-07-31 07:46 - 2015-07-31 07:46 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-07-31 07:46 - 2015-07-31 07:46 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-07-31 07:46 - 2015-07-31 07:46 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-07-31 07:43 - 2015-07-31 07:43 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-07-31 07:41 - 2015-07-31 07:41 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-31 07:41 - 2015-07-31 07:41 - 00000000 ____D C:\Program Files\MSBuild
2015-07-31 07:41 - 2015-07-31 07:41 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-07-31 07:41 - 2015-07-31 07:41 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-31 07:40 - 2015-06-18 03:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-07-31 07:40 - 2015-06-18 03:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 07:40 - 2015-06-18 03:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-07-31 07:40 - 2015-05-30 06:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-07-31 07:40 - 2015-05-30 06:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 07:40 - 2015-05-30 06:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #7 on: August 30, 2015, 02:38:21 AM »
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 09:01 - 2015-05-30 06:57 - 00604627 _____ C:\Users\Apps\local-files-desktop.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 02332541 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 02157553 _____ C:\Users\Apps\glue-resources.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00902685 _____ C:\Users\Apps\zlink.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00765562 _____ C:\Users\Apps\playlist-desktop.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00755498 _____ C:\Users\Apps\artist.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00744414 _____ C:\Users\Apps\browse.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00550315 _____ C:\Users\Apps\genre.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00544866 _____ C:\Users\Apps\notification-center.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00533102 _____ C:\Users\Apps\settings.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00528578 _____ C:\Users\Apps\collection.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00517417 _____ C:\Users\Apps\discover.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00508698 _____ C:\Users\Apps\collection-artist.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00484090 _____ C:\Users\Apps\album.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00481436 _____ C:\Users\Apps\article.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00473567 _____ C:\Users\Apps\messages.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00466223 _____ C:\Users\Apps\collection-album.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00453569 _____ C:\Users\Apps\social-feed.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00450255 _____ C:\Users\Apps\charts.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00395528 _____ C:\Users\Apps\collection-songs.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00392443 _____ C:\Users\Apps\zlogin.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00385249 _____ C:\Users\Apps\social-chart.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00368364 _____ C:\Users\Apps\buddy-list.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00318676 _____ C:\Users\Apps\chart.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00305834 _____ C:\Users\Apps\radio.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00278982 _____ C:\Users\Apps\folder.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00274556 _____ C:\Users\Apps\share.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00257987 _____ C:\Users\Apps\zlink-queue.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00245286 _____ C:\Users\Apps\profile.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00234135 _____ C:\Users\Apps\search.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00216144 _____ C:\Users\Apps\findfriends.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00187183 _____ C:\Users\Apps\suggest.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00181480 _____ C:\Users\Apps\hub.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00158229 _____ C:\Users\Apps\follow.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00080505 _____ C:\Users\Apps\about.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00072933 _____ C:\Users\Apps\error.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00053462 _____ C:\Users\Apps\ad.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00050934 _____ C:\Users\Apps\licenses.spa
2015-08-30 09:01 - 2015-05-26 19:27 - 00014086 _____ C:\Users\locales\en-US.pak
2015-08-30 09:01 - 2015-05-26 19:27 - 00008009 _____ C:\Users\locales\el.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00007791 _____ C:\Users\locales\ru.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00007076 _____ C:\Users\locales\ja.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006969 _____ C:\Users\locales\hu.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006950 _____ C:\Users\locales\fr-CA.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006899 _____ C:\Users\locales\fr.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006876 _____ C:\Users\locales\fi.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006875 _____ C:\Users\locales\pl.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006808 _____ C:\Users\locales\es-419.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006793 _____ C:\Users\locales\nl.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006756 _____ C:\Users\locales\de.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006740 _____ C:\Users\locales\zsm.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006739 _____ C:\Users\locales\it.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006731 _____ C:\Users\locales\es.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006726 _____ C:\Users\locales\tr.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006719 _____ C:\Users\locales\zh-Hant.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006717 _____ C:\Users\locales\pt-BR.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006672 _____ C:\Users\locales\sv.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006540 _____ C:\Users\locales\arb.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00006469 _____ C:\Users\locales\en.mo
2015-08-30 09:01 - 2015-05-26 19:27 - 00000000 ____D C:\Users\locales
2015-08-30 09:01 - 2015-05-26 19:27 - 00000000 _____ C:\Users\Ben.redir
2015-08-30 09:01 - 2015-05-05 22:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-30 08:44 - 2015-07-10 13:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-30 08:41 - 2015-07-14 20:17 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-30 08:40 - 2015-07-14 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-30 08:40 - 2015-07-14 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-30 08:36 - 2015-05-05 22:03 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\Spotify
2015-08-30 08:07 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-30 07:44 - 2015-05-05 22:01 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Roaming\Spotify
2015-08-30 07:12 - 2015-07-30 23:12 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-30 07:09 - 2015-07-30 22:55 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-30 07:06 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-30 07:05 - 2015-07-30 22:51 - 00006404 _____ C:\WINDOWS\PFRO.log
2015-08-30 07:05 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-30 07:04 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-30 07:04 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-30 07:03 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-30 06:58 - 2015-05-28 21:26 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-30 06:58 - 2015-05-28 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-30 06:47 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-30 06:47 - 2015-05-28 21:27 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Roaming\Apple Computer
2015-08-30 06:46 - 2015-05-05 21:31 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47D0B876-DDEE-44F4-BF42-4DCEE1565AA6}
2015-08-30 06:44 - 2015-07-10 13:20 - 00017351 _____ C:\WINDOWS\setupact.log
2015-08-28 19:18 - 2015-07-23 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-28 19:18 - 2015-05-07 19:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-28 18:44 - 2015-07-10 10:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-23 15:03 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-08-23 15:03 - 2015-05-05 21:26 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Roaming\Nitro PDF
2015-08-23 04:18 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-23 03:52 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-17 09:38 - 2015-07-10 13:20 - 00357552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-17 09:37 - 2015-05-05 21:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-17 09:37 - 2015-05-05 21:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-17 09:35 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 09:35 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-16 19:29 - 2015-07-12 21:47 - 00002292 _____ C:\Users\Ben and Rachel\Desktop\BDSW.RDP
2015-08-15 07:15 - 2015-05-08 17:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-15 07:10 - 2015-05-08 17:43 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-15 07:10 - 2015-05-05 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-15 07:01 - 2015-05-05 22:28 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-08 17:32 - 2015-05-26 19:27 - 45066808 _____ C:\Users\libcef.dll
2015-08-08 17:32 - 2015-05-26 19:27 - 10207504 _____ C:\Users\icudtl.dat
2015-08-08 17:32 - 2015-05-26 19:27 - 07675448 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-08-08 17:32 - 2015-05-26 19:27 - 04487782 _____ C:\Users\devtools_resources.pak
2015-08-08 17:32 - 2015-05-26 19:27 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-08-08 17:32 - 2015-05-26 19:27 - 02184260 _____ C:\Users\cef.pak
2015-08-08 17:32 - 2015-05-26 19:27 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-08-08 17:32 - 2015-05-26 19:27 - 02018360 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-08-08 17:32 - 2015-05-26 19:27 - 01649208 _____ C:\Users\libGLESv2.dll
2015-08-08 17:32 - 2015-05-26 19:27 - 00967736 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-08-08 17:32 - 2015-05-26 19:27 - 00838712 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-08-08 17:32 - 2015-05-26 19:27 - 00622967 _____ C:\Users\cef_200_percent.pak
2015-08-08 17:32 - 2015-05-26 19:27 - 00468951 _____ C:\Users\cef_100_percent.pak
2015-08-08 17:32 - 2015-05-26 19:27 - 00098360 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-08-08 17:32 - 2015-05-26 19:27 - 00080952 _____ C:\Users\libEGL.dll
2015-08-08 17:32 - 2015-05-26 19:27 - 00073272 _____ C:\Users\wow_helper.exe
2015-08-08 17:32 - 2015-05-26 19:27 - 00000020 _____ C:\Users\inst_ver.dat
2015-08-08 16:38 - 2015-07-10 12:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 16:38 - 2015-07-10 12:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-08 09:32 - 2015-06-21 17:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-06 19:22 - 2015-05-07 20:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-08-06 19:21 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Performance
2015-08-06 03:31 - 2015-07-30 22:58 - 00000000 ____D C:\Users\Ben and Rachel
2015-08-06 03:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-05 20:40 - 2015-07-11 06:35 - 00000024 _____ C:\Users\Ben and Rachel\AppData\Roaming\appdataFr25.bin
2015-08-05 19:19 - 2014-12-29 23:00 - 00000000 ____D C:\ProgramData\McAfee
2015-08-05 19:18 - 2015-05-07 20:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-05 19:17 - 2015-06-16 11:18 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-08-05 19:17 - 2015-06-16 11:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-08-04 21:45 - 2015-07-23 17:40 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-08-04 21:45 - 2015-07-23 17:40 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-08-03 21:40 - 2015-05-04 21:40 - 00000000 ____D C:\Users\Ben and Rachel\AppData\Local\Packages
2015-08-02 16:29 - 2015-07-12 21:27 - 00002340 ____H C:\Users\Ben and Rachel\Documents\Default.rdp
2015-08-02 16:29 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-01 19:54 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-01 10:29 - 2015-05-06 19:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-08-01 10:17 - 2015-07-10 14:12 - 00000000 ____D C:\WINDOWS\OCR
2015-08-01 10:09 - 2015-05-07 20:02 - 00000000 ___RD C:\Users\Ben and Rachel\OneDrive
2015-08-01 10:06 - 2015-07-30 22:58 - 00000000 ___RD C:\Users\Ben and Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-01 10:06 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-01 10:06 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-01 10:06 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-01 10:06 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-01 10:06 - 2014-12-29 22:24 - 00000000 ___HD C:\Intel
2015-07-31 07:51 - 2015-07-10 12:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-31 07:47 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-07-31 07:47 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-07-31 07:47 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-07-31 07:47 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-31 07:21 - 2014-12-29 22:27 - 00000000 ____D C:\WINDOWS\SysWOW64\sda

==================== Files in the root of some directories =======

2015-05-07 20:55 - 2015-05-07 20:55 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-12 11:56 - 2015-07-12 19:57 - 0000020 _____ () C:\Users\Ben and Rachel\AppData\Roaming\appdataFr2.bin
2015-07-11 06:35 - 2015-08-05 20:40 - 0000024 _____ () C:\Users\Ben and Rachel\AppData\Roaming\appdataFr25.bin
2015-05-04 21:39 - 2015-07-30 22:24 - 0122146 _____ () C:\Users\Ben and Rachel\AppData\Local\BTServer.log
2015-07-30 22:55 - 2015-07-30 22:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Ben and Rachel\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben and Rachel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-30 07:01

==================== End of FRST.txt ============================

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #8 on: August 30, 2015, 02:39:21 AM »
FRST Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-08-2015
Ran by Ben and Rachel (2015-08-30 09:01:25)
Running from C:\Users\Ben and Rachel\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-948950112-1921841323-782461941-500 - Administrator - Disabled)
Ben and Rachel (S-1-5-21-948950112-1921841323-782461941-1001 - Administrator - Enabled) => C:\Users\Ben and Rachel
DefaultAccount (S-1-5-21-948950112-1921841323-782461941-503 - Limited - Disabled)
Guest (S-1-5-21-948950112-1921841323-782461941-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dragon Assistant version 1.5.20 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.20 - Nuance Communications, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab)
Lenovo Motion Control (x32 Version: 2.5.1.0224 - PointGrab) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.4 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.10181 - Lenovo)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4113 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.1.10 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.124 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Nuance Speech Component DA-A en-GB version 1.5.20 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.20 - Nuance Communications, Inc.)
Nuance Speech Component DA-C version 1.1.22 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.22 - Nuance Communications, Inc.)
Nuance Speech Component DA-L en-GB version 1.1.5 (HKLM-x32\...\{CA54E6DD-70F8-4AE5-8427-522A52FC4408}_is1) (Version: 1.1.5 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Rapport (x32 Version: 3.5.1507.63 - Trusteer) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111213 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0235 - REALTEK Semiconductor Corp.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Spotify (HKU\S-1-5-21-948950112-1921841323-782461941-1001\...\Spotify) (Version: 1.0.12.161.g64b0797c - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.63 - Trusteer)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-948950112-1921841323-782461941-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

15-08-2015 07:08:51 Windows Update
17-08-2015 09:39:21 Installed Rapport
22-08-2015 11:51:51 Windows Update
22-08-2015 11:55:15 Windows Update
28-08-2015 18:51:14 Windows Update
28-08-2015 18:52:04 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {218B3C17-4900-4BB5-A2CE-9007FE48FCFB} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {28145E37-9167-475A-A1B2-74C0014926AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2DDD42B2-6591-4607-93F6-7A17F9A1E645} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)
Task: {340F1727-94CE-43FC-B94C-48909826DCDB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {3F1AC5DA-4C78-4C8C-B003-F25830D9A24C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {42A16045-140C-4CC0-89AB-26A0B5C6F074} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {42E6B871-2209-44ED-B212-9EB15A1C9CDC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {43757F0E-8342-449B-9D80-7BA3419E59E3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {578DEFE1-40AF-4077-BD0F-4448E71D3C07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {67261A49-A765-4413-9A54-3286A39CC5AF} - \DriverAssist.Autostart -> No File <==== ATTENTION
Task: {6EADB934-1CEF-464C-87FA-A2B2D3BDACCF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {79C21A78-6073-4D73-A95E-FD21F4C43502} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7A52FA4A-BF70-4D8E-AFD5-210D38FAC15B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-15] (Microsoft Corporation)
Task: {7E0F8E79-AE67-4EB0-A11B-B1EB85704CF2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03] (Synaptics Incorporated)
Task: {805A7B7D-0B84-4D3D-9A1F-7D7BF1309B68} - \DriverAssist.Scanning -> No File <==== ATTENTION
Task: {80D33192-F86C-432E-90F1-0611EE279BF8} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-12-29] (Lenovo)
Task: {83A61740-BF30-4422-A62F-50BC3D04CFE0} - System32\Tasks\{CAD90D39-F636-4210-9CE1-A0D412E5F62E} => pcalua.exe -a "c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe" -c -uninstallApp 1557927977.go.sky.com
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-31] (Microsoft Corporation)
Task: {90AE5961-8B08-48A8-B73D-8E9B10199A66} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A336F8B9-03C1-4A96-84BC-0B338AD05187} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A4D4C1BF-4C43-4B05-80B1-E30BFECA5D2D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {B37E733F-3CC2-4D7F-BB69-92E9DF82626D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {C550A1AE-7A40-419E-8393-BE7A6E5A9169} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D0296075-EC0B-4D47-AD24-467739FC8F54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D20063B2-7882-46A4-8C2C-5F1116E14379} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D42FE0F8-57A2-400D-A183-21D9FABC63BF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D502307F-090D-42C1-A23B-A0815DCDEBC8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {D713AF57-6748-4DEB-880A-D033134751D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D9B6579A-48D6-4940-AD7F-979BE23CD7C5} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-05-06] (Lenovo)
Task: {DAF8BE1C-840A-455A-B89A-87E15F640953} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E2E7B888-256B-4DD2-BB67-4463B152A92B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F356068A-B019-4980-B7E6-E9AE2FA606B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {F6422CAB-B2F4-45D6-BE5A-8FCE9F3E857D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-31 07:46 - 2015-07-31 07:46 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-08-22 11:04 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-07 19:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-29 23:03 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-29 22:59 - 2014-01-07 00:14 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2014-12-29 23:05 - 2014-12-29 23:05 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-12-29 22:58 - 2014-07-10 02:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-08-28 19:31 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 19:31 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-05-07 20:17 - 2015-05-07 20:17 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-15 07:07 - 2015-08-03 02:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-22 11:05 - 2015-08-11 09:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-15 07:07 - 2015-08-03 02:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2014-12-29 23:05 - 2014-12-29 23:05 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-12-29 23:05 - 2014-12-29 23:05 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2015-08-22 11:04 - 2015-08-11 10:10 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2014-12-29 23:04 - 2014-03-24 23:44 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-12-29 23:04 - 2014-03-24 23:44 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-12-29 23:04 - 2014-03-24 23:44 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-12-29 23:04 - 2014-03-24 23:44 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-12-29 23:04 - 2014-03-24 23:44 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-12-29 23:04 - 2014-03-24 23:44 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-02-25 01:39 - 2014-02-25 01:39 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2014-12-29 22:24 - 2013-09-16 21:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-12-29 23:05 - 2014-12-29 23:05 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-12-29 23:05 - 2014-12-29 23:05 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-12-29 23:05 - 2014-12-29 23:05 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-02-25 01:39 - 2014-02-25 01:39 - 02690312 _____ () C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
2015-08-22 11:43 - 2015-08-18 06:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-22 11:43 - 2015-08-18 06:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-22 11:43 - 2015-08-18 06:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
2015-05-05 22:03 - 2015-08-30 09:01 - 45066296 _____ () C:\Users\Ben and Rachel\AppData\Roaming\Spotify\libcef.dll
2015-05-05 22:03 - 2015-08-30 09:01 - 01649208 _____ () C:\Users\Ben and Rachel\AppData\Roaming\Spotify\libglesv2.dll
2015-05-05 22:03 - 2015-08-30 09:01 - 00080952 _____ () C:\Users\Ben and Rachel\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-948950112-1921841323-782461941-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3EEF1357-6ED7-49B0-99A3-1E2867F4EC93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD8E74C5-4C6C-4546-839E-7B2EE488618D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2CE464B2-5C09-48FC-BF78-61D06722619A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A140B7E5-BE61-4631-9B18-B2276CC90A99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{94F2D819-AB52-45EF-BAE8-C2633E65F69A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{D3BEE31B-4A6B-4805-BFA6-74DA5430B9B6}C:\users\ben and rachel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ben and rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4BDC2F3C-EF80-4783-B8C6-442531B209F7}C:\users\ben and rachel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ben and rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{392398C4-9964-4714-8446-1D98D925B284}] => (Allow) C:\Users\Ben and Rachel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{DB6796D5-F5E0-4901-B191-D5A8AE7DBD90}] => (Allow) C:\Users\Ben and Rachel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1D432878-013D-495D-A111-8E8E89DD5E31}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5FCDBFAA-AC4C-4051-ABE8-CA351A9F96C8}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{B4745491-5645-43EF-A5F1-8007E24D1A00}] => (Allow) LPort=55100
FirewallRules: [{92E6E321-BCFB-4F86-8E87-BFD32FACF8CC}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{86449E1B-BF71-4987-92E7-FAF240EA3526}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{478B418A-438D-4949-ACDF-C22A818DA397}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{5AC66D87-1529-4677-ABC4-A3B5C593A485}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{7EAFD5EB-1212-4C5E-A86D-594CED5B8156}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{33877D39-83E8-4F21-B109-9F22664DF170}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{F4844340-691E-4A26-ACBD-8BD3D70F38BC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{D69C1338-294A-4717-A9EA-C63D87A20CA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35E86C0A-CE4B-4202-B8BE-DEA4B71D0698}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F80863E8-2E0F-437C-883F-717DB2215661}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5AA1D21B-BA58-4EC9-81A6-0348A2142D3D}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2015 06:53:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/28/2015 06:51:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/24/2015 08:02:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (08/24/2015 08:02:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188

Error: (08/24/2015 08:02:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/24/2015 07:20:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 96113109

Error: (08/24/2015 07:20:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 96113109

Error: (08/24/2015 07:20:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 04:38:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140

Error: (08/23/2015 04:38:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140


System errors:
=============
Error: (08/30/2015 07:12:13 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (08/30/2015 07:03:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/30/2015 07:03:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/30/2015 07:03:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/30/2015 07:03:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2015 07:59:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/29/2015 07:59:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/29/2015 07:59:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/29/2015 07:59:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/29/2015 07:59:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office:
=========================
Error: (08/28/2015 06:53:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (08/28/2015 06:51:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (08/24/2015 08:02:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (08/24/2015 08:02:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188

Error: (08/24/2015 08:02:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/24/2015 07:20:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 96113109

Error: (08/24/2015 07:20:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 96113109

Error: (08/24/2015 07:20:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 04:38:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140

Error: (08/23/2015 04:38:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 43%
Total physical RAM: 8112.96 MB
Available physical RAM: 4544.35 MB
Total Virtual: 9392.96 MB
Available Virtual: 5348.93 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:424.54 GB) (Free:362.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 48333721)

Partition: GPT.

==================== End of Addition.txt ============================

Roguekiller:

RogueKiller V10.10.2.0 [Aug 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Ben and Rachel [Administrator]
Started from : C:\Users\Ben and Rachel\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/30/2015 09:23:09

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70da1f7c-13a3-4b27-a97b-a1ee861dbb02} | DhcpNameServer : 169.254.54.64 ([UNITED STATES (US)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{70da1f7c-13a3-4b27-a97b-a1ee861dbb02} | DhcpNameServer : 169.254.54.64 ([UNITED STATES (US)])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LX012-SSHD-8GB +++++
--- User ---
[MBR] 0f68e15219c95e95aa2b8e9ec82717a1
[BSP] 23d3dc83c2dc30b0756d8b6d0030bd77 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 434734 MB
5 - Basic data partition | Offset (sectors): 895227904 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 947656704 | Size: 14217 MB
User = LL1 ... OK
User = LL2 ... OK


Thanks for your help.

Ben

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #9 on: August 30, 2015, 03:28:31 AM »
Hello Ben,

Thanks for the logs, to receive a notification of thread replies select the "Notify" tab at the top of the thread, accept the prompt....

Continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please follow these instructions:-

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #10 on: August 31, 2015, 06:46:46 AM »
Hi Kevin,

Logs as follows:

FRST - This one crashed in the middle of running and closed. I ran it a second time and it worked fine.

Fix result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by Ben and Rachel (2015-08-31 12:45:38) Run:2
Running from C:\Users\Ben and Rachel\Desktop
Loaded Profiles: Ben and Rachel &  (Available Profiles: Ben and Rachel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {28145E37-9167-475A-A1B2-74C0014926AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {67261A49-A765-4413-9A54-3286A39CC5AF} - \DriverAssist.Autostart -> No File <==== ATTENTION
Task: {6EADB934-1CEF-464C-87FA-A2B2D3BDACCF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {79C21A78-6073-4D73-A95E-FD21F4C43502} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {805A7B7D-0B84-4D3D-9A1F-7D7BF1309B68} - \DriverAssist.Scanning -> No File <==== ATTENTION
Task: {90AE5961-8B08-48A8-B73D-8E9B10199A66} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A336F8B9-03C1-4A96-84BC-0B338AD05187} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D0296075-EC0B-4D47-AD24-467739FC8F54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D20063B2-7882-46A4-8C2C-5F1116E14379} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D42FE0F8-57A2-400D-A183-21D9FABC63BF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DAF8BE1C-840A-455A-B89A-87E15F640953} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E2E7B888-256B-4DD2-BB67-4463B152A92B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F6422CAB-B2F4-45D6-BE5A-8FCE9F3E857D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Emptytemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
wfpcapture => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28145E37-9167-475A-A1B2-74C0014926AB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67261A49-A765-4413-9A54-3286A39CC5AF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverAssist.Autostart => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EADB934-1CEF-464C-87FA-A2B2D3BDACCF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79C21A78-6073-4D73-A95E-FD21F4C43502} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{805A7B7D-0B84-4D3D-9A1F-7D7BF1309B68} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverAssist.Scanning => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90AE5961-8B08-48A8-B73D-8E9B10199A66} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A336F8B9-03C1-4A96-84BC-0B338AD05187} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0296075-EC0B-4D47-AD24-467739FC8F54} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D20063B2-7882-46A4-8C2C-5F1116E14379} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D42FE0F8-57A2-400D-A183-21D9FABC63BF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAF8BE1C-840A-455A-B89A-87E15F640953} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2E7B888-256B-4DD2-BB67-4463B152A92B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6422CAB-B2F4-45D6-BE5A-8FCE9F3E857D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
EmptyTemp: => 117.9 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 12:46:43 ====

Adware
# AdwCleaner v5.004 - Logfile created 31/08/2015 at 12:56:01
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Ben and Rachel - GREENYARDS
# Running from : C:\Users\Ben and Rachel\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[!] Data Not Restored : HKU\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[!] Data Not Restored : HKU\S-1-5-21-948950112-1921841323-782461941-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

***** [ Web browsers ] *****

[-] [C:\Users\Ben and Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\qhrojvby.default\prefs.js] [Preference] Deleted : user_pref("extensions.hh7vPo9mYMOyHbUZ.scode", "(function(){try{if(window.location.href.indexOf(\"qjYHqjU4rHa8rHrFrTY8rTsEqE\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Ben and Rachel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted :

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1559 bytes] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 10 Home x64
Ran by Ben and Rachel on 31/08/2015 at 13:13:28.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Ben and Rachel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Ben and Rachel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Ben and Rachel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Ben and Rachel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/08/2015 at 13:18:44.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Malicious Software Removal Tool

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 01 10:17:13 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 01 10:19:10 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 01 20:34:45 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 01 20:36:13 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 01 21:01:40 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 01 21:01:41 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 01 21:25:15 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 01 21:25:16 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sun Aug 02 16:37:35 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 02 16:38:06 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Wed Aug 05 19:40:46 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 05 19:42:19 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Thu Aug 06 03:29:30 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 06 03:29:34 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Thu Aug 06 03:43:44 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 06 03:43:47 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Thu Aug 06 07:07:51 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 06 07:08:08 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Thu Aug 06 19:47:08 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 06 19:47:51 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 19:22:09 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 19:22:11 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 19:30:35 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 19:30:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 19:36:31 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 19:36:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 19:41:29 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 19:41:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 19:46:30 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 19:46:31 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 19:54:10 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 19:54:23 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 19:59:08 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 19:59:09 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Fri Aug 07 20:36:36 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 07 20:36:38 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 08:04:56 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 08:04:57 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 09:02:11 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 09:02:12 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 17:42:05 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 17:43:31 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 19:53:44 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 19:53:46 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 20:17:14 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 20:17:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 20:26:08 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 20:26:09 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 20:39:35 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 20:39:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 21:27:55 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 21:27:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sat Aug 08 21:32:23 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 08 21:32:24 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sun Aug 09 10:47:36 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 09 10:47:39 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Mon Aug 10 08:06:22 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 10 08:06:31 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Mon Aug 10 18:17:49 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 10 18:17:52 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Mon Aug 10 19:46:09 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 10 19:46:10 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Mon Aug 10 20:13:53 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 10 20:13:55 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 07:10:44 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 07:15:35 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 07:33:06 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 07:33:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 07:38:59 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 07:39:02 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 08:35:45 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 08:35:46 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 08:47:10 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 08:47:11 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 08:55:30 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 08:55:32 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 09:18:37 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 09:18:39 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 09:27:59 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 09:28:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 15 09:34:15 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 15 09:34:18 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 16 17:26:12 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 16 17:34:08 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 16 17:34:43 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 16 18:28:31 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 16 18:28:35 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 16 20:15:20 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 16 20:15:24 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 17 08:55:33 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 17 08:55:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 17 09:30:28 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 17 09:30:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 17 09:49:21 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 17 09:49:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 17 20:09:28 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 17 20:10:15 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Tue Aug 18 08:38:07 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Tue Aug 18 08:46:07 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 18 08:46:20 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Tue Aug 18 19:57:57 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 18 19:58:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Aug 19 07:38:29 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 19 07:38:46 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Aug 19 08:16:01 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 19 08:16:05 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Aug 19 17:45:33 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 19 17:45:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Aug 19 17:54:02 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 19 17:54:09 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 22 11:51:58 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 22 12:12:40 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 04:07:01 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 04:09:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 08:24:49 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 08:24:53 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 09:40:53 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 09:40:53 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 09:52:30 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 09:52:31 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 10:00:57 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 10:00:58 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 10:07:40 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 10:07:41 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 10:32:24 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 10:32:25 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 11:29:30 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 11:29:31 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 11:43:12 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 11:43:13 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 15:20:52 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 15:20:55 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 15:53:50 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 15:53:51 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 16:17:01 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 16:17:02 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 24 19:40:59 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 24 19:41:53 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Fri Aug 28 18:50:59 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 28 18:51:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Fri Aug 28 19:27:49 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 28 19:28:05 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 08:11:31 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 29 08:11:32 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 08:20:57 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 29 08:20:58 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 08:25:46 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 30 07:01:21 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 30 07:02:07 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 30 09:22:32 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 30 09:44:07 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 30 09:44:12 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 31 13:17:42 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 31 13:18:54 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 31 13:26:37 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 31 13:26:38 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 31 13:29:03 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 31 13:35:43 2015


Return code: 0 (0x0)
11700.0)
Started On Mon Aug 31 13:34:52 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 31 13:34:52 2015


Return code: 0 (0x0)


Firefox seems to be working fine without ads. Although during the whole process Chrome added a new extension called Rapport 1.12. It seems similar to what was happening before although I don't see any issues with how Chrome is running currently.

Thanks

Ben

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #11 on: August 31, 2015, 06:54:08 AM »
Do you use Chrome for online banking, that extension is possibly related to Trusteer. Is that a possibility?

If no remaining issues or concerns do the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if we are ok to close out...

Cheers,

Kevin....
« Last Edit: August 31, 2015, 07:09:04 AM by kevinf80 »

Offline beallman85

  • Bronze Member
  • Posts: 9
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #12 on: August 31, 2015, 02:33:48 PM »
Yes, we are all good. Thank you so much for your efforts - everything appears to be working normally.

What you guys do is really great and is much appreciated.

Thanks again.

Ben

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved-K] Adware in Firefox and possible malware affecting Chrome
« Reply #13 on: August 31, 2015, 04:41:49 PM »
Since this issue appears to be resolved the topic has been closed. Glad we could help..... :t 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.