Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search assist may be lurking in the backgroound


  • This topic is locked This topic is locked
14 replies to this topic

#1 Lolas_dad

Lolas_dad

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 27 December 2014 - 09:52 AM

I have gone through several steps to remove an infection of Search Assist from my computer.

 

Here is the original link

 

http://www.bleepingcomputer.com/forums/t/560634/infected-with-search-assist/

 

When I reset IE, search Assist appears again as a search option in the add on windows.  Every time I install Firefox, I hear random voice ads.  This may be cleaned, but I am too worried to even reinstall it.

 

DDS LOg follows

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Chelsea at 9:37:19 on 2014-12-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.5592 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\HP Photo Creations\Communicator.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/?gws_rd=ssl
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
uRun: [Facebook Update] "C:\Users\Chelsea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: NameServer = 24.226.1.93 24.226.10.193 24.226.10.194
TCP: Interfaces\{066CC641-9D2D-40D8-9380-EE79FDB10BE6} : DHCPNameServer = 206.80.254.4 206.80.254.68
TCP: Interfaces\{31B962E6-9151-4231-B6BE-2348E8F702F4} : DHCPNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
TCP: Interfaces\{31B962E6-9151-4231-B6BE-2348E8F702F4}\45865602C4F6664737 : DHCPNameServer = 24.226.1.94 24.226.10.193 24.226.1.93
TCP: Interfaces\{31B962E6-9151-4231-B6BE-2348E8F702F4}\A41636F626 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mDefault_Page_URL = www.google.com
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-1 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-1 55856]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2014-8-20 50976]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-10-10 41704]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2014-8-20 85936]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2014-8-20 305760]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-6-1 109184]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-1 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-1 1695040]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-1 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-2-17 270336]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-6-1 176096]
R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2012-6-1 202024]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-1 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-1 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-1 787736]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-6-1 313448]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-1 646248]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2014-8-20 100640]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2014-8-20 303392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-26 15:57:21 -------- d-----w- C:\Program Files\Adblock Plus for IE
2014-12-23 02:38:46 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-12-22 20:01:49 -------- d-----w- C:\Users\Chelsea\AppData\Roaming\PCDr
2014-12-22 20:01:10 -------- d-----w- C:\ProgramData\PCDr
2014-12-22 15:27:36 -------- d-----w- C:\ProgramData\Sophos
2014-12-22 15:26:32 -------- d-----w- C:\Program Files (x86)\Sophos
2014-12-22 15:14:51 -------- d-----w- C:\Windows\ERUNT
2014-12-22 14:57:29 -------- d-----w- C:\AdwCleaner
2014-12-22 03:51:00 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-19 20:42:37 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-19 20:42:18 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-19 20:42:18 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-19 20:42:18 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-19 20:42:18 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-19 20:42:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 12:34:40 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 12:34:40 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-10 08:25:49 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 08:03:31 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 08:03:31 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 08:03:31 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 08:03:31 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 08:03:31 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 08:03:31 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 08:03:31 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 08:03:31 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-10 08:03:30 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 08:03:30 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-09 22:02:27 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-09 22:02:26 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-09 22:02:26 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-09 22:02:26 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-09 22:02:17 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-09 22:02:16 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-09 22:02:16 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-09 22:02:15 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-09 21:59:39 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-12-05 21:23:04 -------- d-----w- C:\Users\Chelsea\AppData\Local\com
2014-12-05 21:21:57 -------- d-sh--w- C:\Users\Chelsea\AppData\Local\EmieBrowserModeList
2014-12-05 21:21:50 -------- d-----w- C:\Users\Chelsea\AppData\Roaming\itesing
.
==================== Find3M  ====================
.
2014-12-23 02:24:42 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-23 02:18:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-23 02:18:16 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-22 14:51:46 236080 ----a-w- C:\Windows\RegBootClean64.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
.
============= FINISH:  9:37:52.31 ===============
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 31 December 2014 - 10:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Lolas_dad

Lolas_dad
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 31 December 2014 - 11:08 AM

Thanks for your assistance.  The 64 bit logs follows.  The 64 bit addition.txt file is attached

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Chelsea (administrator) on CHELSEA-PC on 31-12-2014 10:59:03
Running from C:\Users\Chelsea\Downloads
Loaded Profile: Chelsea (Available profiles: Chelsea)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2895656 2012-01-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-07] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2190704 2011-11-03] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [957440 2011-11-03] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-52107808-243521888-2616329587-1001\...\Run: [Facebook Update] => C:\Users\Chelsea\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-04] (Facebook Inc.)
HKU\S-1-5-21-52107808-243521888-2616329587-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872160 2014-12-03] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-52107808-243521888-2616329587-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.ca.msn.com/?st=1&ocid=iehp
HKU\S-1-5-21-52107808-243521888-2616329587-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
SearchScopes: HKLM -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAssist.net/search?q={searchTerms}&p=s&m=639&c=d&s=sp
SearchScopes: HKLM-x32 -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> DefaultScope {3D7821FE-C2A2-4DF3-B82B-8F51A128A9FE} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> {3D7821FE-C2A2-4DF3-B82B-8F51A128A9FE} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL = 
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> {BA1BE292-1D15-488B-934D-008742212380} URL = 
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194
 
FireFox:
========
FF ProfilePath: C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\xtdh6xwo.default-1419302047364
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-52107808-243521888-2616329587-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Chelsea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-08-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.facebook.com/chelsea.fields.16"
CHR Profile: C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Crash Bandicoot Online HD) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aamlbcjbejchalkkingolaibfgkkiinp [2014-12-11]
CHR Extension: (Google Slides) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-11]
CHR Extension: (Queen Elsa of Arendelle - Frozen) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\andadcipdpeombhjneecehpogbbjomij [2014-12-11]
CHR Extension: (Google Docs) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-11]
CHR Extension: (Google Drive) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]
CHR Extension: (YouTube) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-11]
CHR Extension: (Classic Games) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2014-12-11]
CHR Extension: (Adblock Plus) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (Google Search) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]
CHR Extension: (Google Sheets) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-11]
CHR Extension: (Chain Reaction) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2014-12-11]
CHR Extension: (Best Games Collection) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjbggabcnolbjngfelaodkfoabjmjicc [2014-12-11]
CHR Extension: (Solitaire) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep [2014-12-11]
CHR Extension: (Spider Solitaire New) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopfhiaghiadmekbejgfjopaiiadbfao [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR Extension: (Gmail) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-10-10] (AnchorFree Inc.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 10:59 - 2014-12-31 10:59 - 00022703 _____ () C:\Users\Chelsea\Downloads\FRST.txt
2014-12-31 10:58 - 2014-12-31 10:59 - 00000000 ____D () C:\FRST
2014-12-31 10:57 - 2014-12-31 10:57 - 02123264 _____ (Farbar) C:\Users\Chelsea\Downloads\FRST64.exe
2014-12-31 10:57 - 2014-12-31 10:57 - 02123264 _____ (Farbar) C:\Users\Chelsea\Downloads\FRST64 (1).exe
2014-12-27 09:39 - 2014-12-27 09:39 - 00027552 _____ () C:\Users\Chelsea\Documents\DDS.txt
2014-12-27 09:38 - 2014-12-27 09:38 - 00010505 _____ () C:\Users\Chelsea\Documents\Attach.txt
2014-12-27 09:37 - 2014-12-27 09:37 - 00027552 _____ () C:\Users\Chelsea\Desktop\dds.txt
2014-12-27 09:37 - 2014-12-27 09:37 - 00010505 _____ () C:\Users\Chelsea\Desktop\attach.txt
2014-12-27 09:35 - 2014-12-27 09:36 - 00688992 ____R (Swearware) C:\Users\Chelsea\Downloads\dds.com
2014-12-26 10:57 - 2014-12-26 10:57 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-12-26 09:23 - 2014-12-31 10:58 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1A86A89-1A16-48ED-A5D8-23BC5AADD1F6}
2014-12-26 09:08 - 2014-12-26 09:08 - 00659968 _____ () C:\Users\Chelsea\Downloads\MicrosoftFixit50195.msi
2014-12-26 09:04 - 2014-12-26 09:04 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 22:56 - 2014-12-22 22:56 - 00244104 _____ () C:\Users\Chelsea\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-22 21:38 - 2014-12-22 21:38 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-22 21:37 - 2014-12-22 21:37 - 00000000 ____D () C:\Program Files\Java
2014-12-22 21:35 - 2014-12-22 21:36 - 92658088 _____ (Oracle Corporation) C:\Users\Chelsea\Downloads\jre-8u25-windows-x64 (1).exe
2014-12-22 21:25 - 2014-12-22 21:27 - 92658088 _____ (Oracle Corporation) C:\Users\Chelsea\Downloads\jre-8u25-windows-x64.exe
2014-12-22 21:23 - 2014-12-22 21:23 - 00638376 _____ (Oracle Corporation) C:\Users\Chelsea\Downloads\jre-8u25-windows-i586-iftw.exe
2014-12-22 15:01 - 2014-12-22 15:02 - 00000000 ____D () C:\Users\Chelsea\AppData\Roaming\PCDr
2014-12-22 15:01 - 2014-12-22 15:01 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-22 12:23 - 2014-12-22 12:23 - 00000627 _____ () C:\Users\Chelsea\Desktop\JRT.txt
2014-12-22 12:15 - 2014-12-22 12:15 - 00010950 _____ () C:\Users\Chelsea\Documents\SophosVirusRemovalTool.log
2014-12-22 10:27 - 2014-12-22 10:27 - 00001700 _____ () C:\Users\Chelsea\Documents\JRT.txt
2014-12-22 10:27 - 2014-12-22 10:27 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-22 10:26 - 2014-12-22 10:26 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-22 10:26 - 2014-12-22 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-22 10:26 - 2014-12-22 10:26 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-22 10:24 - 2014-12-22 10:25 - 106368951 _____ (Sophos Limited) C:\Users\Chelsea\Downloads\Sophos Virus Removal Tool.exe
2014-12-22 10:16 - 2014-12-22 10:16 - 01707646 _____ (Thisisu) C:\Users\Chelsea\Downloads\JRT (1).exe
2014-12-22 10:14 - 2014-12-22 10:14 - 01707646 _____ (Thisisu) C:\Users\Chelsea\Downloads\JRT.exe
2014-12-22 10:14 - 2014-12-22 10:14 - 00000000 ____D () C:\Windows\ERUNT
2014-12-22 10:10 - 2014-12-22 10:10 - 02173952 _____ () C:\Users\Chelsea\Downloads\adwcleaner_4.106 (1).exe
2014-12-22 10:10 - 2014-12-22 10:10 - 00009264 _____ () C:\Users\Chelsea\Documents\AdwCleaner[S0].txt
2014-12-22 09:57 - 2014-12-23 09:28 - 00000000 ____D () C:\AdwCleaner
2014-12-22 09:55 - 2014-12-22 09:55 - 02173952 _____ () C:\Users\Chelsea\Downloads\adwcleaner_4.106.exe
2014-12-21 23:24 - 2014-12-21 23:24 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Chelsea\Downloads\iExplore.exe
2014-12-21 23:21 - 2014-12-21 23:24 - 00002360 _____ () C:\Users\Chelsea\Desktop\Rkill.txt
2014-12-21 23:21 - 2014-12-21 23:21 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Chelsea\Downloads\rkill64.exe
2014-12-21 23:20 - 2014-12-21 23:20 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Chelsea\Downloads\rkill.exe
2014-12-21 22:51 - 2014-12-23 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-21 22:50 - 2014-12-23 09:51 - 00000000 ____D () C:\Users\Chelsea\Desktop\mbar
2014-12-21 22:50 - 2014-12-21 22:50 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Chelsea\Downloads\mbar-1.08.2.1001.exe
2014-12-21 22:40 - 2014-12-21 22:40 - 00001067 _____ () C:\Users\Chelsea\Documents\malwarebtes.txt
2014-12-21 22:05 - 2014-12-21 22:05 - 00079662 _____ () C:\Users\Chelsea\Documents\Result.txt
2014-12-21 22:04 - 2014-12-21 22:04 - 00002763 _____ () C:\Users\Chelsea\Documents\FSS.txt
2014-12-21 22:03 - 2014-12-21 22:03 - 00001120 _____ () C:\Users\Chelsea\Documents\checkup.txt
2014-12-21 21:58 - 2014-12-21 21:58 - 00079662 _____ () C:\Users\Chelsea\Downloads\Result.txt
2014-12-21 21:55 - 2014-12-21 21:55 - 00401920 _____ (Farbar) C:\Users\Chelsea\Downloads\MiniToolBox.exe
2014-12-21 21:55 - 2014-12-21 21:55 - 00002763 _____ () C:\Users\Chelsea\Downloads\FSS.txt
2014-12-21 21:53 - 2014-12-21 21:53 - 00415232 _____ (Farbar) C:\Users\Chelsea\Downloads\FSS.exe
2014-12-21 21:45 - 2014-12-21 21:45 - 00852505 _____ () C:\Users\Chelsea\Downloads\SecurityCheck.exe
2014-12-19 15:42 - 2014-12-26 10:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 15:42 - 2014-12-23 09:29 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 15:42 - 2014-12-19 15:42 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 15:42 - 2014-12-19 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 15:42 - 2014-12-19 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 15:42 - 2014-12-19 15:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 15:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 15:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 15:41 - 2014-12-19 15:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chelsea\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 07:34 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:34 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 12:09 - 2014-12-12 12:09 - 00047002 _____ () C:\Users\Chelsea\Downloads\Chicago Field Course.zip
2014-12-12 12:07 - 2014-12-12 12:07 - 00000242 _____ () C:\Users\Chelsea\Downloads\Fwd_ Chicago Field Course (1).zip
2014-12-12 12:06 - 2014-12-12 12:06 - 00000242 _____ () C:\Users\Chelsea\Downloads\Fwd_ Chicago Field Course.zip
2014-12-11 18:31 - 2014-12-11 18:31 - 00002297 _____ () C:\Users\Chelsea\Desktop\Chrome App Launcher.lnk
2014-12-11 18:31 - 2014-12-11 18:31 - 00000000 ____D () C:\Users\Chelsea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-11 17:39 - 2014-12-11 17:40 - 00099567 _____ () C:\Users\Chelsea\Downloads\ticket.zip
2014-12-11 12:02 - 2014-12-11 12:02 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 12:02 - 2014-12-11 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-11 12:01 - 2014-12-11 12:01 - 00880784 _____ (Google Inc.) C:\Users\Chelsea\Downloads\ChromeSetup.exe
2014-12-10 03:25 - 2014-12-10 03:25 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:03 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:03 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:03 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:03 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:03 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:03 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:03 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:03 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:03 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:03 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 17:02 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 17:02 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 17:02 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 17:02 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 17:02 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 17:02 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 17:02 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 17:02 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 17:01 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 17:01 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 17:01 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 17:01 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 17:01 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 17:01 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 17:01 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 17:01 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 17:01 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 17:01 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 17:01 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 17:01 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 17:01 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 17:01 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 17:01 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 17:01 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 17:01 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 17:01 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 17:01 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 17:01 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 17:01 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 17:01 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 17:01 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 17:01 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 17:01 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 17:01 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 17:01 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 17:01 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 17:01 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 17:01 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 17:01 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 17:01 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 17:01 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 17:01 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 17:01 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 17:01 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 17:01 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 17:01 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 17:01 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 17:01 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 17:01 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 17:01 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 17:01 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 17:01 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 17:01 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 17:01 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 17:01 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 17:01 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 17:01 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 17:01 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 17:01 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 17:01 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 17:01 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 17:01 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 17:01 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 17:01 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 17:01 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 16:59 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 16:59 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 16:59 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 16:59 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 16:59 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 16:59 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 16:59 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 16:59 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 16:59 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 16:59 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 16:59 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 16:59 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 16:59 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 16:59 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-05 16:23 - 2014-12-05 16:23 - 00000000 ____D () C:\Users\Chelsea\AppData\Local\com
2014-12-05 16:21 - 2014-12-22 12:15 - 00000000 ____D () C:\Users\Chelsea\AppData\Roaming\itesing
2014-12-05 16:21 - 2014-12-05 16:21 - 00000000 __SHD () C:\Users\Chelsea\AppData\Local\EmieBrowserModeList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 10:59 - 2012-06-02 00:26 - 01710803 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 10:58 - 2012-08-06 15:30 - 00000000 ____D () C:\Users\Chelsea\AppData\Roaming\Skype
2014-12-31 10:55 - 2012-08-27 18:11 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-12-31 10:55 - 2012-06-01 23:00 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-31 10:55 - 2012-06-01 23:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-31 10:55 - 2012-06-01 22:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-31 10:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 10:54 - 2009-07-13 23:51 - 00078905 _____ () C:\Windows\setupact.log
2014-12-27 13:07 - 2014-09-25 17:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 12:28 - 2012-06-01 22:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 10:42 - 2012-12-04 16:37 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-52107808-243521888-2616329587-1001UA.job
2014-12-26 16:42 - 2012-12-04 16:37 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-52107808-243521888-2616329587-1001Core.job
2014-12-26 10:07 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 10:07 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 10:03 - 2009-07-14 00:13 - 00802494 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 09:26 - 2013-05-24 14:03 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-22 23:09 - 2010-11-20 22:47 - 00273472 _____ () C:\Windows\PFRO.log
2014-12-22 21:28 - 2013-10-14 17:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-22 21:28 - 2012-08-06 15:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-22 21:24 - 2014-02-17 19:26 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-22 21:24 - 2014-02-17 19:26 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-22 21:24 - 2014-02-17 19:26 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-22 21:24 - 2014-02-17 19:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-22 21:18 - 2012-08-06 14:44 - 00000000 ____D () C:\Users\Chelsea\AppData\Local\Adobe
2014-12-22 21:18 - 2012-06-01 22:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 21:18 - 2012-06-01 22:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 21:18 - 2012-06-01 22:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-22 09:51 - 2014-02-16 19:50 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2014-12-21 20:06 - 2014-11-21 19:54 - 00000258 __RSH () C:\Users\Chelsea\ntuser.pol
2014-12-21 20:06 - 2012-08-06 15:41 - 00000000 ____D () C:\Users\Chelsea
2014-12-19 17:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-12-19 15:27 - 2012-06-01 22:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 15:27 - 2012-06-01 22:59 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 15:20 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-19 15:20 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-18 07:29 - 2014-02-17 19:00 - 00000349 _____ () C:\Windows\BRRBCOM.INI
2014-12-15 03:03 - 2013-03-13 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 04:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 12:05 - 2014-09-25 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-12-11 12:02 - 2014-09-25 17:56 - 00000000 ____D () C:\Users\Chelsea\AppData\Local\Google
2014-12-11 12:01 - 2014-09-25 17:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-10 13:30 - 2013-03-19 22:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 03:25 - 2014-05-04 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:10 - 2012-08-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:08 - 2013-10-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:05 - 2012-08-26 18:52 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 21:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-06 20:41 - 2012-08-10 01:52 - 00000000 ____D () C:\Users\Chelsea\AppData\Local\Nero
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-26 11:56
 
==================== End Of Log ============================

Attached Files



#4 Lolas_dad

Lolas_dad
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 31 December 2014 - 11:10 AM

the 32 bit version does not run with my computer



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 31 December 2014 - 02:08 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAssist.net/search?q={searchTerms}&p=s&m=639&c=d&s=sp
SearchScopes: HKLM-x32 -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL =
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> {BA1BE292-1D15-488B-934D-008742212380} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Google Wallet) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2 TMAgent; No ImagePath
CustomCLSID: HKU\S-1-5-21-52107808-243521888-2616329587-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Chelsea\AppData\Roaming\itesing\procol.dll No File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please let me know what problem persists.

#6 Lolas_dad

Lolas_dad
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 31 December 2014 - 02:35 PM

Here is the fixlog.txt results.  I will try a few things and let you know how the computer is working.  Le me know it there is anything else I should do in the interim

 

Much thanks

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Chelsea at 2014-12-31 14:29:17 Run:1
Running from C:\Users\Chelsea\Documents\fix
Loaded Profile: Chelsea (Available profiles: Chelsea)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAssist.net/search?q={searchTerms}&p=s&m=639&c=d&s=sp
SearchScopes: HKLM-x32 -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> {48DBD741-A61F-464D-A27A-EBDE644C15AA} URL =
SearchScopes: HKU\S-1-5-21-52107808-243521888-2616329587-1001 -> {BA1BE292-1D15-488B-934D-008742212380} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Google Wallet) - C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2 TMAgent; No ImagePath
CustomCLSID: HKU\S-1-5-21-52107808-243521888-2616329587-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Chelsea\AppData\Roaming\itesing\procol.dll No File <==== ATTENTION
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{48DBD741-A61F-464D-A27A-EBDE644C15AA}" => Key deleted successfully.
HKCR\CLSID\{48DBD741-A61F-464D-A27A-EBDE644C15AA} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380}" => Key deleted successfully.
HKCR\CLSID\{BA1BE292-1D15-488B-934D-008742212380} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{48DBD741-A61F-464D-A27A-EBDE644C15AA}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{48DBD741-A61F-464D-A27A-EBDE644C15AA} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-52107808-243521888-2616329587-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{48DBD741-A61F-464D-A27A-EBDE644C15AA}" => Key deleted successfully.
HKCR\CLSID\{48DBD741-A61F-464D-A27A-EBDE644C15AA} => Key not found. 
"HKU\S-1-5-21-52107808-243521888-2616329587-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380}" => Key deleted successfully.
HKCR\CLSID\{BA1BE292-1D15-488B-934D-008742212380} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => Key deleted successfully.
Amsp => Unable to stop service
Amsp => Error deleting Service
TMAgent => Service deleted successfully.
"HKU\S-1-5-21-52107808-243521888-2616329587-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:29:23 ====


#7 Lolas_dad

Lolas_dad
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 31 December 2014 - 04:59 PM

Everything seems to be working we'll. Search Assist no longer appears as an option after I reset IE.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 01 January 2015 - 08:56 AM

One last scan.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#9 Lolas_dad

Lolas_dad
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 01 January 2015 - 10:03 AM

The computer seems to be running well.  Here is the log you requested.

 

Thanks once again and Happy New Year

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Trend Micro Titanium Maximum Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 01 January 2015 - 10:55 AM

Java 8 Update 25
Java version 32-bit out of Date!

You have the latest version for your 64 bit system.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 Lolas_dad

Lolas_dad
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 01 January 2015 - 11:00 AM

Great! I cannot thank you enough!

 

Should I delete all the software I downloaded?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 01 January 2015 - 11:08 AM

Just keep the Farbar tool.
Use it in the future if you have to report a new problem.

#13 Lolas_dad

Lolas_dad
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 01 January 2015 - 11:13 AM

I have one final question, should I update 32 bit Java as well?  My daughter is the primary user of this computer at university and I am not sure what other programs she will be using.

 

Again, much thanks for your assistance



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 01 January 2015 - 11:32 AM

Keep it.

No problems.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 07 January 2015 - 11:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users