Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W7x64 rpcss.dll Trojan.Zekos.patched


  • This topic is locked This topic is locked
27 replies to this topic

#1 Trifox

Trifox

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 01 August 2014 - 12:24 PM

Helping my office neighbor clean up his system. I killed several other infections but Malwarebytes keeps reporting that it blocked this one.

 

FRST reports (also attached):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by TourFactory (administrator) on TOURFACTORY03 on 01-08-2014 09:15:24
Running from C:\tmp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozenda, Inc.) C:\Users\TourFactory\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1848161522-1740521670-3487218255-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
Startup: C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk
ShortcutTarget: Mozenda.lnk -> C:\Users\TourFactory\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe (Mozenda, Inc.)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtDzyzztBtAyD0BtA0FyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyBtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyCzz0AyCtCtG0D0D0ByDtG0DtCtDtCtG0D0Czy0BtGyE0B0CyB0AyDzz0FtAtCzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzztAtDzzzy0B0CtG0A0B0B0FtG0EtA0A0FtG0CzyyDyDtGtD0CtCyDtDtB0B0A0F0FyDtC2Q&cr=2016692416&ir=
SearchScopes: HKCU - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtDzyzztBtAyD0BtA0FyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyBtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyCzz0AyCtCtG0D0D0ByDtG0DtCtDtCtG0D0Czy0BtGyE0B0CyB0AyDzz0FtAtCzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzztAtDzzzy0B0CtG0A0B0B0FtG0EtA0A0FtG0CzyyDyDtGtD0CtCyDtDtB0B0A0F0FyDtC2Q&cr=2016692416&ir=
SearchScopes: HKCU - {F8278AA3-92C4-4E11-8D2D-5103249BE8D8} URL = https://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\TourFactory\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension [2013-10-10]

Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-24]
CHR Extension: (Google Drive) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-24]
CHR Extension: (Google Search) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-24]
CHR Extension: (cosstminn) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpghhknahlbkahkcdajpkfnanbegflpd [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
CHR Extension: (Gmail) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-24]
CHR Extension: (cosstminn) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpghhknahlbkahkcdajpkfnanbegflpd\2.0 [2014-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [515072 2014-07-30] (Microsoft Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [515072 2014-07-30] (Microsoft Corporation) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 03:20 - 2014-08-01 09:14 - 00000852 _____ () C:\Windows\setupact.log
2014-07-31 03:20 - 2014-07-31 03:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 03:03 - 2014-05-07 21:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-31 03:03 - 2014-05-07 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-31 03:02 - 2014-03-06 03:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-31 03:02 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-31 03:02 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-31 03:02 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-31 03:02 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-31 03:02 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-31 03:02 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-31 03:02 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-31 03:02 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-31 03:02 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-31 03:02 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-31 03:02 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-31 03:02 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-31 03:02 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-31 03:02 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-31 03:02 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-31 03:02 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-31 03:02 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-31 03:02 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-31 03:02 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-31 03:02 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-31 03:02 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-31 03:02 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-31 03:02 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-31 03:02 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-31 03:02 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-31 03:02 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-31 03:02 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-31 03:02 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-31 03:02 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-31 03:02 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-31 03:02 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-31 03:02 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-31 03:02 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-31 03:02 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-31 03:02 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-31 03:02 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-31 03:02 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-31 03:02 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-31 03:02 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-31 03:02 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-31 03:02 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-31 03:02 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-31 03:02 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-31 03:01 - 2014-03-06 02:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-31 03:01 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-31 03:01 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-31 03:01 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-30 15:49 - 2014-08-01 08:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 13:23 - 2014-07-30 13:23 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-30 13:23 - 2014-07-30 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 13:22 - 2014-07-30 15:48 - 00000000 ____D () C:\Users\TourFactory\Desktop\Wtools
2014-07-30 12:34 - 2014-07-30 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 12:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-30 12:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-30 12:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-30 12:32 - 2014-07-30 12:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-30 12:32 - 2014-07-30 12:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-30 12:31 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-28 11:28 - 2014-07-30 12:58 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-25 13:48 - 2014-07-30 12:58 - 00000000 ____D () C:\Users\TourFactory\Desktop\Malware
2014-07-25 13:24 - 2014-07-25 13:24 - 00040878 _____ () C:\Users\TourFactory\Documents\FRST.Addition.txt
2014-07-25 13:24 - 2014-07-25 13:24 - 00039706 _____ () C:\Users\TourFactory\Documents\FRST.txt
2014-07-25 13:08 - 2014-08-01 09:15 - 00000000 ____D () C:\FRST
2014-07-25 12:15 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-25 11:25 - 2014-07-30 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-25 11:25 - 2014-07-25 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 13:13 - 2014-07-25 12:08 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Baofqabo
2014-07-23 13:11 - 2014-07-25 12:07 - 00000000 ____D () C:\ProgramData\UvixOnkox
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-22 15:33 - 2014-07-23 15:39 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-22 15:33 - 2014-07-22 15:33 - 00000000 ____D () C:\Users\TourFactory\Documents\Optimizer Pro
2014-07-22 15:33 - 2014-07-22 15:33 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\globalUpdate
2014-07-22 15:33 - 2014-07-22 15:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-22 15:32 - 2014-07-23 11:00 - 00000000 ____D () C:\ProgramData\d05c065fd0d44846
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Torch
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Packages
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Chromatic Browser
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 _____ () C:\Windows\system32\seetla.dll
2014-07-17 15:01 - 2014-07-17 14:58 - 298731967 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea_New.pptx
2014-07-16 16:04 - 2014-07-17 14:58 - 291771694 _____ () C:\Users\TourFactory\Desktop\APR_TourFactory BayArea_Short.pptx
2014-07-07 10:39 - 2014-07-07 16:16 - 02263513 _____ () C:\Users\TourFactory\Desktop\Blake Presentation_TourFactory BayArea.pptx
2014-07-07 09:50 - 2014-07-07 16:20 - 278441697 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea - Copy.pptx
2014-07-03 15:16 - 2014-07-03 15:16 - 310551035 _____ () C:\Users\TourFactory\Desktop\SiliconValleyAssociates_TourFactory BayArea.pptx
2014-07-03 15:14 - 2014-07-03 15:16 - 298990252 _____ () C:\Users\TourFactory\Desktop\BH&G_TourFactory BayArea.pptx
2014-07-03 15:13 - 2014-07-17 11:34 - 298622880 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea.pptx
2014-07-03 15:11 - 2014-07-03 15:13 - 311006092 _____ () C:\Users\TourFactory\Desktop\KellerWilliams_TourFactory BayArea.pptx
2014-07-03 14:48 - 2014-07-03 14:49 - 311327949 _____ () C:\Users\TourFactory\Desktop\Coldwell Banker_TourFactory BayArea.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 09:15 - 2014-07-25 13:08 - 00000000 ____D () C:\FRST
2014-08-01 09:15 - 2013-11-06 17:06 - 00000000 ____D () C:\tmp
2014-08-01 09:14 - 2014-07-31 03:20 - 00000852 _____ () C:\Windows\setupact.log
2014-08-01 09:12 - 2013-10-10 10:29 - 01710430 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 09:08 - 2014-04-01 13:07 - 00000598 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1848161522-1740521670-3487218255-1000.job
2014-08-01 09:05 - 2013-10-24 14:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 09:00 - 2013-10-24 14:04 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 08:53 - 2014-07-30 15:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 03:26 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 03:26 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 03:25 - 2009-07-13 22:13 - 00797598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 03:20 - 2014-07-31 03:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 03:20 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 03:19 - 2013-11-06 16:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 03:19 - 2013-11-06 16:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-31 03:18 - 2013-12-09 17:09 - 00000000 ___RD () C:\Users\TourFactory\Dropbox
2014-07-31 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-31 03:01 - 2013-11-06 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-30 15:48 - 2014-07-30 13:22 - 00000000 ____D () C:\Users\TourFactory\Desktop\Wtools
2014-07-30 14:01 - 2011-02-10 07:25 - 00000000 ____D () C:\Windows\panther
2014-07-30 13:23 - 2014-07-30 13:23 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-30 13:23 - 2014-07-30 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 13:02 - 2013-12-09 17:07 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Dropbox
2014-07-30 13:00 - 2014-06-13 15:52 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozenda
2014-07-30 13:00 - 2013-11-25 14:08 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Mozenda
2014-07-30 13:00 - 2013-10-23 20:33 - 00000000 ____D () C:\Users\TourFactory
2014-07-30 13:00 - 2013-10-23 18:40 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2014-07-30 13:00 - 2010-11-21 00:17 - 00000000 ____D () C:\Windows\ShellNew
2014-07-30 13:00 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-30 13:00 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2014-07-30 13:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-30 13:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-30 12:59 - 2013-10-24 14:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-30 12:59 - 2013-10-24 13:04 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Microsoft Help
2014-07-30 12:59 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-30 12:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-30 12:58 - 2014-07-28 11:28 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-30 12:58 - 2014-07-25 13:48 - 00000000 ____D () C:\Users\TourFactory\Desktop\Malware
2014-07-30 12:58 - 2010-11-20 20:24 - 00515072 ____N (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-07-30 12:58 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-30 12:34 - 2014-07-30 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 12:34 - 2014-07-25 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 12:32 - 2014-07-30 12:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-30 12:32 - 2014-07-30 12:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-30 12:31 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-30 12:31 - 2014-07-25 12:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-30 12:20 - 2014-04-11 15:15 - 00000072 _____ () C:\Windows\system32\lryfy.muc
2014-07-30 12:19 - 2013-12-04 16:20 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BA784C1-D315-4C90-9E46-64832A2A2F99}
2014-07-30 12:14 - 2013-12-09 17:09 - 00000999 _____ () C:\Users\TourFactory\Desktop\Dropbox.lnk
2014-07-30 12:14 - 2013-12-09 17:07 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-30 11:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-07-30 11:48 - 2013-10-24 14:04 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Google
2014-07-25 13:24 - 2014-07-25 13:24 - 00040878 _____ () C:\Users\TourFactory\Documents\FRST.Addition.txt
2014-07-25 13:24 - 2014-07-25 13:24 - 00039706 _____ () C:\Users\TourFactory\Documents\FRST.txt
2014-07-25 12:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-07-25 12:08 - 2014-07-23 13:13 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Baofqabo
2014-07-25 12:07 - 2014-07-23 13:11 - 00000000 ____D () C:\ProgramData\UvixOnkox
2014-07-25 11:25 - 2014-07-25 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 16:07 - 2014-05-15 15:17 - 00000000 ____D () C:\Users\TourFactory\Desktop\Marianna
2014-07-24 15:46 - 2014-03-31 14:59 - 00019475 _____ () C:\Users\TourFactory\Desktop\All Reports APR.xlsx
2014-07-23 15:39 - 2014-07-22 15:33 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-23 11:00 - 2014-07-22 15:32 - 00000000 ____D () C:\ProgramData\d05c065fd0d44846
2014-07-22 15:33 - 2014-07-22 15:33 - 00000000 ____D () C:\Users\TourFactory\Documents\Optimizer Pro
2014-07-22 15:33 - 2014-07-22 15:33 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\globalUpdate
2014-07-22 15:33 - 2014-07-22 15:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Torch
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Packages
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Chromatic Browser
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator
2014-07-22 15:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-21 15:08 - 2013-10-24 14:04 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 14:36 - 2013-10-24 12:16 - 00000000 ____D () C:\Users\TourFactory\Desktop\Stephanie
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 _____ () C:\Windows\system32\seetla.dll
2014-07-17 14:58 - 2014-07-17 15:01 - 298731967 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea_New.pptx
2014-07-17 14:58 - 2014-07-16 16:04 - 291771694 _____ () C:\Users\TourFactory\Desktop\APR_TourFactory BayArea_Short.pptx
2014-07-17 11:34 - 2014-07-03 15:13 - 298622880 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea.pptx
2014-07-14 16:47 - 2013-10-24 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-14 16:47 - 2013-10-24 13:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 15:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 13:57 - 2013-11-25 14:57 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Windows Live
2014-07-10 16:35 - 2013-10-24 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 16:33 - 2013-10-24 14:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 13:19 - 2014-06-30 13:45 - 298966319 _____ () C:\Users\TourFactory\Desktop\Intero_TourFactory BayArea.pptx
2014-07-07 16:20 - 2014-07-07 09:50 - 278441697 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea - Copy.pptx
2014-07-07 16:16 - 2014-07-07 10:39 - 02263513 _____ () C:\Users\TourFactory\Desktop\Blake Presentation_TourFactory BayArea.pptx
2014-07-03 15:16 - 2014-07-03 15:16 - 310551035 _____ () C:\Users\TourFactory\Desktop\SiliconValleyAssociates_TourFactory BayArea.pptx
2014-07-03 15:16 - 2014-07-03 15:14 - 298990252 _____ () C:\Users\TourFactory\Desktop\BH&G_TourFactory BayArea.pptx
2014-07-03 15:13 - 2014-07-03 15:11 - 311006092 _____ () C:\Users\TourFactory\Desktop\KellerWilliams_TourFactory BayArea.pptx
2014-07-03 14:49 - 2014-07-03 14:48 - 311327949 _____ () C:\Users\TourFactory\Desktop\Coldwell Banker_TourFactory BayArea.pptx

Some content of TEMP:
====================
C:\Users\TourFactory\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzspjj4.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2014-07-30 12:58] - 0515072 ____N (Microsoft Corporation) 7395C1E42FB8E667AEC42BBDB0A8A5C8

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-21 12:59

==================== End Of Log ============================

 

Please let me know how to kill this last one. Thank you.

Attached Files

  • Attached File  FRST.txt   42.09KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:36 AM

Posted 01 August 2014 - 12:30 PM

Mod Edit: Moved to Malware logs forum ~~ boopme


Hello and Welcome to BleepingComputer Trifox,

my Name is Machiavelli and I will assist you with your problem.   :exclame: The fixes are specific to your problem and should only be used for the issue on your machine!  :exclame:
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is a important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:exclame: Below are a few tips :exclame:

  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

 

  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: rpcss.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

Edited by boopme, 01 August 2014 - 01:02 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Trifox

Trifox
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 01 August 2014 - 04:32 PM

Here it is (attached as well):

 

Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by TourFactory at 2014-08-01 11:53:08
Running from C:\tmp
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24][2010-11-20 20:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 20:24][2014-07-30 12:58] 0515072 ____N (Microsoft Corporation) 7395C1E42FB8E667AEC42BBDB0A8A5C8

====== End Of Search ======

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:36 AM

Posted 02 August 2014 - 02:38 AM

Hi,

 
Part I: Action
 
 

Step 1: FRST Fix
 
We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: Adwarecleaner
 
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here:C:\AdwCleaner\
 
Step 3: Junkware Removal Tool

 
thisisujrt.gifPlease download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
 
 
Part II: Logs request
 
 
 
For the next time I need to see following logs:-
  • FRST Log
  • Junkware Removal Tool log
  • Adwarecleaner Log
  • FRST fixlog
Please also tell me how your computer is running currently. If you have any issues please tell me which.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Trifox

Trifox
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 03 August 2014 - 03:23 PM

System is offsite, I will post logs Monday PDT. Thanks.



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:36 AM

Posted 04 August 2014 - 04:36 AM

OK, thanks for letting me know.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Trifox

Trifox
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 04 August 2014 - 04:57 PM

Ok when I did FRST64 w/fixlist.txt and then the Adwcleaner, when I rebooted I got a blank screen with cursor after the Windows 7 animation. I had to System Restore to get it to boot up correctly. When I did so, I noticed that a Windows Update had occurred between the time I sent you the original frst.txt and search.txt files. Perhaps that messed it up? I have attached new frst.txt and search.txt files. I have set the system to not automatically apply updates for now and wait for your reply.
 
The only visible thing that is wrong on the system is that MalwareBytes keeps popping up the "Trojan.Zekos.patched" rpcss.dll blocked message.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by TourFactory (administrator) on TOURFACTORY03 on 04-08-2014 11:33:33
Running from C:\tmp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozenda, Inc.) C:\Users\TourFactory\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1848161522-1740521670-3487218255-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
Startup: C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk
ShortcutTarget: Mozenda.lnk -> C:\Users\TourFactory\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe (Mozenda, Inc.)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtDzyzztBtAyD0BtA0FyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyBtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyCzz0AyCtCtG0D0D0ByDtG0DtCtDtCtG0D0Czy0BtGyE0B0CyB0AyDzz0FtAtCzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzztAtDzzzy0B0CtG0A0B0B0FtG0EtA0A0FtG0CzyyDyDtGtD0CtCyDtDtB0B0A0F0FyDtC2Q&cr=2016692416&ir=
SearchScopes: HKCU - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtDzyzztBtAyD0BtA0FyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyBtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyCzz0AyCtCtG0D0D0ByDtG0DtCtDtCtG0D0Czy0BtGyE0B0CyB0AyDzz0FtAtCzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzztAtDzzzy0B0CtG0A0B0B0FtG0EtA0A0FtG0CzyyDyDtGtD0CtCyDtDtB0B0A0F0FyDtC2Q&cr=2016692416&ir=
SearchScopes: HKCU - {F8278AA3-92C4-4E11-8D2D-5103249BE8D8} URL = https://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\TourFactory\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension [2013-10-10]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-24]
CHR Extension: (Google Drive) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-24]
CHR Extension: (Google Search) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-24]
CHR Extension: (cosstminn) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpghhknahlbkahkcdajpkfnanbegflpd [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
CHR Extension: (Gmail) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-24]
CHR Extension: (cosstminn) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpghhknahlbkahkcdajpkfnanbegflpd\2.0 [2014-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [515072 2014-07-30] (Microsoft Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [515072 2014-07-30] (Microsoft Corporation) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:38 - 2014-08-02 16:40 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieUserList
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieSiteList
2014-08-01 09:59 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 09:59 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 09:59 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 09:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 09:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 03:20 - 2014-08-04 09:32 - 00000908 _____ () C:\Windows\setupact.log
2014-07-31 03:20 - 2014-07-31 03:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 03:03 - 2014-05-07 21:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-31 03:03 - 2014-05-07 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-31 03:02 - 2014-03-06 03:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-31 03:02 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-31 03:02 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-31 03:02 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-31 03:02 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-31 03:02 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-31 03:02 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-31 03:02 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-31 03:02 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-31 03:02 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-31 03:02 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-31 03:02 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-31 03:02 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-31 03:02 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-31 03:02 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-31 03:02 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-31 03:02 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-31 03:02 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-31 03:02 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-31 03:02 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-31 03:02 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-31 03:02 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-31 03:02 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-31 03:02 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-31 03:02 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-31 03:02 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-31 03:02 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-31 03:02 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-31 03:02 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-31 03:02 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-31 03:02 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-31 03:02 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-31 03:02 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-31 03:02 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-31 03:02 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-31 03:02 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-31 03:02 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-31 03:02 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-31 03:02 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-31 03:02 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-31 03:02 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-31 03:02 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-31 03:02 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-31 03:02 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-31 03:01 - 2014-03-06 02:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-31 03:01 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-31 03:01 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-31 03:01 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-30 15:49 - 2014-08-04 11:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 13:23 - 2014-07-30 13:23 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-30 13:23 - 2014-07-30 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 13:22 - 2014-07-30 15:48 - 00000000 ____D () C:\Users\TourFactory\Desktop\Wtools
2014-07-30 12:34 - 2014-08-04 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 12:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-30 12:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-30 12:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-30 12:32 - 2014-07-30 12:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-30 12:32 - 2014-07-30 12:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-30 12:31 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-28 11:28 - 2014-07-30 12:58 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-25 13:48 - 2014-07-30 12:58 - 00000000 ____D () C:\Users\TourFactory\Desktop\Malware
2014-07-25 13:24 - 2014-07-25 13:24 - 00040878 _____ () C:\Users\TourFactory\Documents\FRST.Addition.txt
2014-07-25 13:24 - 2014-07-25 13:24 - 00039706 _____ () C:\Users\TourFactory\Documents\FRST.txt
2014-07-25 13:08 - 2014-08-04 11:33 - 00000000 ____D () C:\FRST
2014-07-25 12:15 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-25 11:25 - 2014-07-30 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-25 11:25 - 2014-07-25 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Packages
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 _____ () C:\Windows\system32\seetla.dll
2014-07-17 15:01 - 2014-07-17 14:58 - 298731967 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea_New.pptx
2014-07-16 16:04 - 2014-07-17 14:58 - 291771694 _____ () C:\Users\TourFactory\Desktop\APR_TourFactory BayArea_Short.pptx
2014-07-07 10:39 - 2014-07-07 16:16 - 02263513 _____ () C:\Users\TourFactory\Desktop\Blake Presentation_TourFactory BayArea.pptx
2014-07-07 09:50 - 2014-07-07 16:20 - 278441697 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea - Copy.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 11:33 - 2014-07-25 13:08 - 00000000 ____D () C:\FRST
2014-08-04 11:33 - 2013-11-06 17:06 - 00000000 ____D () C:\tmp
2014-08-04 11:32 - 2014-07-30 15:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 11:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-04 11:10 - 2013-10-24 14:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 11:08 - 2014-04-01 13:07 - 00000598 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1848161522-1740521670-3487218255-1000.job
2014-08-04 10:57 - 2013-10-10 10:29 - 01121770 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 10:31 - 2014-07-30 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 10:31 - 2014-06-13 15:52 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozenda
2014-08-04 10:31 - 2013-12-09 17:07 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-04 10:31 - 2013-11-06 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-04 10:31 - 2013-10-23 18:40 - 00000000 ___RD () C:\Users\TourFactory\Virtual Machines
2014-08-04 10:31 - 2013-10-23 18:40 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2014-08-04 10:31 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\schemas
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-04 10:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-08-04 09:40 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 09:40 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 09:39 - 2009-07-13 22:13 - 00797598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 09:35 - 2013-12-04 16:20 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BA784C1-D315-4C90-9E46-64832A2A2F99}
2014-08-04 09:34 - 2013-12-09 17:09 - 00000000 ___RD () C:\Users\TourFactory\Dropbox
2014-08-04 09:34 - 2013-12-09 17:07 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Dropbox
2014-08-04 09:34 - 2013-11-25 14:08 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Mozenda
2014-08-04 09:33 - 2013-10-24 14:04 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 09:33 - 2013-10-23 20:33 - 00000000 ____D () C:\Users\TourFactory
2014-08-04 09:32 - 2014-07-31 03:20 - 00000908 _____ () C:\Windows\setupact.log
2014-08-04 09:32 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 16:41 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-02 16:40 - 2014-08-02 16:38 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieUserList
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieSiteList
2014-07-31 03:20 - 2014-07-31 03:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 03:19 - 2013-11-06 16:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 03:19 - 2013-11-06 16:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 15:48 - 2014-07-30 13:22 - 00000000 ____D () C:\Users\TourFactory\Desktop\Wtools
2014-07-30 14:01 - 2011-02-10 07:25 - 00000000 ____D () C:\Windows\panther
2014-07-30 13:23 - 2014-07-30 13:23 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-30 13:23 - 2014-07-30 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 13:00 - 2010-11-21 00:17 - 00000000 ____D () C:\Windows\ShellNew
2014-07-30 13:00 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2014-07-30 12:59 - 2013-10-24 14:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-30 12:59 - 2013-10-24 13:04 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Microsoft Help
2014-07-30 12:59 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-30 12:58 - 2014-07-28 11:28 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-30 12:58 - 2014-07-25 13:48 - 00000000 ____D () C:\Users\TourFactory\Desktop\Malware
2014-07-30 12:58 - 2010-11-20 20:24 - 00515072 ____N (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-07-30 12:58 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-30 12:34 - 2014-07-25 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 12:32 - 2014-07-30 12:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-30 12:32 - 2014-07-30 12:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-30 12:31 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-30 12:31 - 2014-07-25 12:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-30 12:20 - 2014-04-11 15:15 - 00000072 _____ () C:\Windows\system32\lryfy.muc
2014-07-30 12:14 - 2013-12-09 17:09 - 00000999 _____ () C:\Users\TourFactory\Desktop\Dropbox.lnk
2014-07-30 11:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-30 11:48 - 2013-10-24 14:04 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Google
2014-07-25 13:24 - 2014-07-25 13:24 - 00040878 _____ () C:\Users\TourFactory\Documents\FRST.Addition.txt
2014-07-25 13:24 - 2014-07-25 13:24 - 00039706 _____ () C:\Users\TourFactory\Documents\FRST.txt
2014-07-25 12:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-07-25 11:25 - 2014-07-25 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 16:07 - 2014-05-15 15:17 - 00000000 ____D () C:\Users\TourFactory\Desktop\Marianna
2014-07-24 15:46 - 2014-03-31 14:59 - 00019475 _____ () C:\Users\TourFactory\Desktop\All Reports APR.xlsx
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Packages
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator
2014-07-21 15:08 - 2013-10-24 14:04 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 14:36 - 2013-10-24 12:16 - 00000000 ____D () C:\Users\TourFactory\Desktop\Stephanie
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 _____ () C:\Windows\system32\seetla.dll
2014-07-17 14:58 - 2014-07-17 15:01 - 298731967 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea_New.pptx
2014-07-17 14:58 - 2014-07-16 16:04 - 291771694 _____ () C:\Users\TourFactory\Desktop\APR_TourFactory BayArea_Short.pptx
2014-07-17 11:34 - 2014-07-03 15:13 - 298622880 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea.pptx
2014-07-14 16:47 - 2013-10-24 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-14 16:47 - 2013-10-24 13:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 15:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 13:57 - 2013-11-25 14:57 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Windows Live
2014-07-10 16:35 - 2013-10-24 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 16:33 - 2013-10-24 14:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 13:19 - 2014-06-30 13:45 - 298966319 _____ () C:\Users\TourFactory\Desktop\Intero_TourFactory BayArea.pptx
2014-07-07 16:20 - 2014-07-07 09:50 - 278441697 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea - Copy.pptx
2014-07-07 16:16 - 2014-07-07 10:39 - 02263513 _____ () C:\Users\TourFactory\Desktop\Blake Presentation_TourFactory BayArea.pptx

Some content of TEMP:
====================
C:\Users\TourFactory\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps4fuax.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2014-07-30 12:58] - 0515072 ____N (Microsoft Corporation) 7395C1E42FB8E667AEC42BBDB0A8A5C8

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-01 15:35

==================== End Of Log ============================

Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by TourFactory at 2014-08-04 11:33:53
Running from C:\tmp
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24][2010-11-20 20:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 20:24][2014-07-30 12:58] 0515072 ____N (Microsoft Corporation) 7395C1E42FB8E667AEC42BBDB0A8A5C8

====== End Of Search ======

Attached Files


Edited by Machiavelli, 05 August 2014 - 04:06 AM.


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:36 AM

Posted 05 August 2014 - 04:11 AM

The Adwarecleaner Log should be also located here: C:\AdwCleaner\

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Then,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Trifox

Trifox
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 06 August 2014 - 11:39 AM

Fixlog.txt and FRST.txt attached. I noticed that after I ran FRST64 w/fix, there is no c:\windows\system32\rpcss.dll file? AdwCleaner R0 log also attached. I did not run clean because nothing showed up.

Attached Files



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:36 AM

Posted 06 August 2014 - 02:26 PM

What the ....
  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: rpcss.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Trifox

Trifox
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 06 August 2014 - 05:04 PM

Search.txt is attached.

Attached Files



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:36 AM

Posted 07 August 2014 - 02:19 AM

  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Then make again the FRST search and post the log.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Trifox

Trifox
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 07 August 2014 - 01:46 PM

Fixlog.txt and search.txt attached. This time c:\windows\system32\rpcss.dll exists.

Attached Files



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:36 AM

Posted 07 August 2014 - 01:54 PM

Do a new Adwarecleaner Scan and make sure it is clean.

  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Trifox

Trifox
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 07 August 2014 - 02:07 PM

FRST.txt and AdwCleaner.txt attached:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by TourFactory (administrator) on TOURFACTORY03 on 07-08-2014 12:01:14
Running from C:\tmp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozenda, Inc.) C:\Users\TourFactory\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
() \\RAD\rad\tmp\AdwCleaner.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1848161522-1740521670-3487218255-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
Startup: C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk
ShortcutTarget: Mozenda.lnk -> C:\Users\TourFactory\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe (Mozenda, Inc.)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TourFactory\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtDzyzztBtAyD0BtA0FyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyBtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyCzz0AyCtCtG0D0D0ByDtG0DtCtDtCtG0D0Czy0BtGyE0B0CyB0AyDzz0FtAtCzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzztAtDzzzy0B0CtG0A0B0B0FtG0EtA0A0FtG0CzyyDyDtGtD0CtCyDtDtB0B0A0F0FyDtC2Q&cr=2016692416&ir=
SearchScopes: HKCU - {F6760128-C1C4-44A0-A699-CE46AAA7A115} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtDzyzztBtAyD0BtA0FyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyBtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyCzz0AyCtCtG0D0D0ByDtG0DtCtDtCtG0D0Czy0BtGyE0B0CyB0AyDzz0FtAtCzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzztAtDzzzy0B0CtG0A0B0B0FtG0EtA0A0FtG0CzyyDyDtGtD0CtCyDtDtB0B0A0F0FyDtC2Q&cr=2016692416&ir=
SearchScopes: HKCU - {F8278AA3-92C4-4E11-8D2D-5103249BE8D8} URL = https://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\TourFactory\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension [2013-10-10]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-24]
CHR Extension: (Google Drive) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-24]
CHR Extension: (Google Search) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-24]
CHR Extension: (cosstminn) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpghhknahlbkahkcdajpkfnanbegflpd [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
CHR Extension: (Gmail) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-24]
CHR Extension: (cosstminn) - C:\Users\TourFactory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpghhknahlbkahkcdajpkfnanbegflpd\2.0 [2014-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 09:06 - 2010-11-20 20:24 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-08-06 09:22 - 2014-04-05 08:21 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-05 03:26 - 2014-08-05 03:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-04 09:44 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-04 09:44 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 09:44 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-04 09:44 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-04 09:44 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-04 09:44 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-04 09:44 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-04 09:44 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-04 09:44 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-04 09:44 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-04 09:44 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-04 09:44 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-04 09:44 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-04 09:44 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-04 09:44 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-04 09:44 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-04 09:43 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-04 09:43 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-04 09:43 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-04 09:43 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-04 09:43 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-04 09:43 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-04 09:43 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-04 09:43 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-04 09:43 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-04 09:43 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-04 09:43 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-04 09:43 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-04 09:43 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-04 09:43 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-04 09:43 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-04 09:43 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-04 09:43 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-04 09:43 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-04 09:43 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-04 09:43 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-04 09:43 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-04 09:43 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-04 09:43 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-04 09:43 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-04 09:43 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-04 09:43 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-04 09:43 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-04 09:43 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-04 09:43 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-04 09:43 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-04 09:43 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-04 09:43 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-04 09:43 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-04 09:43 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-04 09:43 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-04 09:43 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-04 09:43 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-04 09:43 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-04 09:43 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-04 09:43 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-04 09:40 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-04 09:40 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-04 09:40 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-04 09:40 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-04 09:40 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-04 09:40 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-04 09:40 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-04 09:40 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-04 09:40 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-04 09:40 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-04 09:40 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-04 09:40 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-04 09:40 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-04 09:40 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-04 09:40 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-04 09:40 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-04 09:40 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-04 09:40 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-04 09:40 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-04 09:40 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-04 09:40 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-04 09:40 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-04 09:40 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-04 09:40 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-04 09:40 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-04 09:40 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-04 09:40 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-04 09:40 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-04 09:40 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-04 09:40 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-04 09:40 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-04 09:40 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-04 09:40 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-04 09:40 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-04 09:40 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-04 09:40 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-04 09:40 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-04 09:40 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-04 09:40 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-04 09:40 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-04 09:40 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-04 09:40 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-04 09:40 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-04 09:40 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-04 09:40 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-04 09:40 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-04 09:40 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-04 09:40 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-04 09:40 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-04 09:40 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-04 09:40 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-04 09:40 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-04 09:40 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-04 09:40 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-04 09:40 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-04 09:40 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-04 09:39 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-04 09:39 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-04 09:39 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-04 09:39 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-04 09:39 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-04 09:39 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-04 09:39 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-04 09:39 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-04 09:39 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-02 16:38 - 2014-08-07 11:59 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieUserList
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieSiteList
2014-08-01 09:59 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 09:59 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 09:59 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 09:59 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 09:59 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 09:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 09:59 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 09:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 03:20 - 2014-08-05 03:28 - 00000964 _____ () C:\Windows\setupact.log
2014-07-31 03:20 - 2014-07-31 03:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-30 15:49 - 2014-08-07 11:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 13:23 - 2014-07-30 13:23 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-30 13:23 - 2014-07-30 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 13:22 - 2014-07-30 15:48 - 00000000 ____D () C:\Users\TourFactory\Desktop\Wtools
2014-07-30 12:34 - 2014-08-04 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 12:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-30 12:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-30 12:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-30 12:32 - 2014-07-30 12:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-30 12:32 - 2014-07-30 12:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-30 12:31 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-28 11:28 - 2014-07-30 12:58 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-25 13:48 - 2014-07-30 12:58 - 00000000 ____D () C:\Users\TourFactory\Desktop\Malware
2014-07-25 13:24 - 2014-07-25 13:24 - 00040878 _____ () C:\Users\TourFactory\Documents\FRST.Addition.txt
2014-07-25 13:24 - 2014-07-25 13:24 - 00039706 _____ () C:\Users\TourFactory\Documents\FRST.txt
2014-07-25 13:08 - 2014-08-07 12:01 - 00000000 ____D () C:\FRST
2014-07-25 12:15 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-25 11:25 - 2014-07-30 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-25 11:25 - 2014-07-25 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Packages
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 _____ () C:\Windows\system32\seetla.dll
2014-07-17 15:01 - 2014-07-17 14:58 - 298731967 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea_New.pptx
2014-07-16 16:04 - 2014-07-17 14:58 - 291771694 _____ () C:\Users\TourFactory\Desktop\APR_TourFactory BayArea_Short.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 12:01 - 2014-07-25 13:08 - 00000000 ____D () C:\FRST
2014-08-07 12:01 - 2013-11-06 17:06 - 00000000 ____D () C:\tmp
2014-08-07 11:59 - 2014-08-02 16:38 - 00000000 ____D () C:\AdwCleaner
2014-08-07 11:37 - 2014-07-30 15:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 11:08 - 2014-04-01 13:07 - 00000598 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1848161522-1740521670-3487218255-1000.job
2014-08-07 11:05 - 2013-10-24 14:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 11:00 - 2013-12-04 16:20 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BA784C1-D315-4C90-9E46-64832A2A2F99}
2014-08-07 09:35 - 2013-10-10 10:29 - 01303043 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 09:04 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-06 19:56 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 19:56 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 15:05 - 2013-10-24 14:04 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 08:56 - 2013-12-09 17:09 - 00000000 ___RD () C:\Users\TourFactory\Dropbox
2014-08-06 08:56 - 2013-12-09 17:07 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Dropbox
2014-08-06 08:54 - 2013-10-23 18:40 - 00000000 ___RD () C:\Users\TourFactory\Virtual Machines
2014-08-05 04:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-05 03:34 - 2009-07-13 22:13 - 00797598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 03:28 - 2014-07-31 03:20 - 00000964 _____ () C:\Windows\setupact.log
2014-08-05 03:28 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 03:28 - 2009-07-13 21:45 - 00442192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-05 03:26 - 2014-08-05 03:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-05 03:26 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-05 03:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-05 03:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-05 03:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-04 10:31 - 2014-07-30 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 10:31 - 2014-06-13 15:52 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozenda
2014-08-04 10:31 - 2013-12-09 17:07 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-04 10:31 - 2013-11-06 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-04 10:31 - 2013-10-23 18:40 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\schemas
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-04 10:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-04 10:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-08-04 09:34 - 2013-11-25 14:08 - 00000000 ____D () C:\Users\TourFactory\AppData\Roaming\Mozenda
2014-08-04 09:33 - 2013-10-23 20:33 - 00000000 ____D () C:\Users\TourFactory
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieUserList
2014-08-01 15:02 - 2014-08-01 15:02 - 00000000 __SHD () C:\Users\TourFactory\AppData\Local\EmieSiteList
2014-07-31 03:20 - 2014-07-31 03:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 03:19 - 2013-11-06 16:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 03:19 - 2013-11-06 16:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 15:48 - 2014-07-30 13:22 - 00000000 ____D () C:\Users\TourFactory\Desktop\Wtools
2014-07-30 14:01 - 2011-02-10 07:25 - 00000000 ____D () C:\Windows\panther
2014-07-30 13:23 - 2014-07-30 13:23 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-30 13:23 - 2014-07-30 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 13:00 - 2010-11-21 00:17 - 00000000 ____D () C:\Windows\ShellNew
2014-07-30 13:00 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2014-07-30 12:59 - 2013-10-24 14:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-30 12:59 - 2013-10-24 13:04 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Microsoft Help
2014-07-30 12:59 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-30 12:58 - 2014-07-28 11:28 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-30 12:58 - 2014-07-25 13:48 - 00000000 ____D () C:\Users\TourFactory\Desktop\Malware
2014-07-30 12:58 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-30 12:34 - 2014-07-25 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 12:32 - 2014-07-30 12:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-30 12:32 - 2014-07-30 12:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-30 12:31 - 2014-07-30 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-30 12:31 - 2014-07-25 12:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-30 12:14 - 2013-12-09 17:09 - 00000999 _____ () C:\Users\TourFactory\Desktop\Dropbox.lnk
2014-07-30 11:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-30 11:48 - 2013-10-24 14:04 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Google
2014-07-25 13:24 - 2014-07-25 13:24 - 00040878 _____ () C:\Users\TourFactory\Documents\FRST.Addition.txt
2014-07-25 13:24 - 2014-07-25 13:24 - 00039706 _____ () C:\Users\TourFactory\Documents\FRST.txt
2014-07-25 12:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-07-25 11:25 - 2014-07-25 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 16:07 - 2014-05-15 15:17 - 00000000 ____D () C:\Users\TourFactory\Desktop\Marianna
2014-07-24 15:46 - 2014-03-31 14:59 - 00019475 _____ () C:\Users\TourFactory\Desktop\All Reports APR.xlsx
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Packages
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:32 - 2014-07-22 15:32 - 00000000 ____D () C:\Users\Administrator
2014-07-21 15:08 - 2013-10-24 14:04 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 14:36 - 2013-10-24 12:16 - 00000000 ____D () C:\Users\TourFactory\Desktop\Stephanie
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 _____ () C:\Windows\system32\seetla.dll
2014-07-17 14:58 - 2014-07-17 15:01 - 298731967 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea_New.pptx
2014-07-17 14:58 - 2014-07-16 16:04 - 291771694 _____ () C:\Users\TourFactory\Desktop\APR_TourFactory BayArea_Short.pptx
2014-07-17 11:34 - 2014-07-03 15:13 - 298622880 _____ () C:\Users\TourFactory\Desktop\Generic Presentation_TourFactory BayArea.pptx
2014-07-14 16:47 - 2013-10-24 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-14 16:47 - 2013-10-24 13:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 15:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 13:57 - 2013-11-25 14:57 - 00000000 ____D () C:\Users\TourFactory\AppData\Local\Windows Live
2014-07-10 16:35 - 2013-10-24 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 16:33 - 2013-10-24 14:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 13:19 - 2014-06-30 13:45 - 298966319 _____ () C:\Users\TourFactory\Desktop\Intero_TourFactory BayArea.pptx

Some content of TEMP:
====================
C:\Users\TourFactory\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnmsg_f.dll
C:\Users\TourFactory\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-07 00:12

==================== End Of Log ============================

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users