Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with not sure what, but gmail links keep redirecting


  • This topic is locked This topic is locked
4 replies to this topic

#1 T Crew Dad

T Crew Dad

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 19 June 2015 - 03:43 PM

Not sure how or what I am infected with.  But when I link from Gmail, it redirects me through cp.mcafee.com.  Some destination sites are blocked and some are not.  I do not have mcafee installed, I am running MS Security Essentials.  I run Malwarebytes about once a month.

 

Thanks for your help in advance.

 

Setup:

Dell Lattitude E5420

Win 7 32 bit

 

Note: I do have have Covenant Eyes installed on my computer as well.  Find below my FRST log and addition log attached.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Bruno (administrator) on BRUNO on 19-06-2015 16:31:04
Running from C:\Users\Bruno\Desktop
Loaded Profiles: Bruno (Available Profiles: Bruno)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(CANON INC) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(CANON INC.) C:\Windows\System32\cnwiolss.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\System32\srvany.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(O2Micro.) C:\Windows\System32\SDIOAssist.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\CE\authServer.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files\CE\CovenantEyes.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [8838648 2015-05-19] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-318857498-554326798-2304772360-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-318857498-554326798-2304772360-1001\...\Run: [D04AF6076A04C226B393F9450A002B92E3D741BF._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-318857498-554326798-2304772360-1001\...\MountPoints2: {16e6e609-6561-11e2-8f26-d067e53e2047} - E:\EMP_UDSe.exe
HKU\S-1-5-21-318857498-554326798-2304772360-1001\...\MountPoints2: {7bf7d4c6-1d00-11e4-b4a0-d067e53e2047} - E:\EMP_UDSe.exe /autorun
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2011-11-19]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2011-11-19]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-318857498-554326798-2304772360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKLM -> {D9A646AC-54BA-43D4-8A3D-843EEFD8FAE6} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-318857498-554326798-2304772360-1001 -> {64930F1D-C150-49B7-AE91-581F2DEF12BB} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-318857498-554326798-2304772360-1001 -> {D9A646AC-54BA-43D4-8A3D-843EEFD8FAE6} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll [2015-05-19] (Covenant Eyes)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-318857498-554326798-2304772360-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\CovenantEyesProxy.dll [338936 2015-02-23] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\system32\CovenantEyesProxy.dll [338936 2015-02-23] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\system32\CovenantEyesProxy.dll [338936 2015-02-23] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\system32\CovenantEyesProxy.dll [338936 2015-02-23] (CovenantEyes)
Winsock: Catalog9 15 C:\Windows\system32\CovenantEyesProxy.dll [338936 2015-02-23] (CovenantEyes)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1
Tcpip\..\Interfaces\{3BBDF96A-B003-4833-BC45-C5F36C7E56F7}: [NameServer] 172.16.8.3,8.8.8.8
Tcpip\..\Interfaces\{B364D179-BFC7-488C-B04F-EEED6C551586}: [NameServer] 127.0.0.2
 
FireFox:
========
FF ProfilePath: C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\waj4cqad.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-30] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-318857498-554326798-2304772360-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruno\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-318857498-554326798-2304772360-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Bruno\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
FF Plugin HKU\S-1-5-21-318857498-554326798-2304772360-1001: @talk.google.com/O1DPlugin -> C:\Users\Bruno\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-06-13] (Google)
FF Plugin HKU\S-1-5-21-318857498-554326798-2304772360-1001: @talk.google.com/O3DPlugin -> C:\Users\Bruno\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
FF Plugin HKU\S-1-5-21-318857498-554326798-2304772360-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Bruno\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll [2013-07-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-318857498-554326798-2304772360-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Bruno\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll [2013-07-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-318857498-554326798-2304772360-1001: LWAPlugin15.8 -> C:\Users\Bruno\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruno\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruno\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruno\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Bruno\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruno\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-06-13] (Google)
FF Extension: ActiveInbox for Gmail and Google Apps - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\waj4cqad.default\Extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}.xpi [2014-08-28]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-19]
FF HKLM\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF Extension: Covenant Eyes for Firefox - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com [2015-02-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Engineering Dictionary) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdhlhefececlgjagpcefcmncehmgalc [2014-05-20]
CHR Extension: (Floorplanner) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2014-05-20]
CHR Extension: (Desiring God) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjofnlchppcahphepehaioeiceapcdd [2014-05-20]
CHR Extension: (Google Docs) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-21]
CHR Extension: (Google Drive) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-21]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2015-02-23]
CHR Extension: (Spanning Stats for Google Drive™) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgancbjncfacadffknfmaccjngilljdl [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-21]
CHR Extension: (eBay) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-05-20]
CHR Extension: (Plugins) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2015-04-27]
CHR Extension: (Google Search) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-21]
CHR Extension: (AutoCAD 360) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2014-05-20]
CHR Extension: (FullContact (beta)) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddgjmcgnlpnolanedjohjkfelpmepiob [2014-05-20]
CHR Extension: (Netflix) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-11-12]
CHR Extension: (20 Things I Learned About Browsers & the Web) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg [2014-05-20]
CHR Extension: (Drive Template Gallery) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\edccfahmoapjmcaahncgcekjodejmhkg [2014-05-20]
CHR Extension: (Gmail Offline) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-05-20]
CHR Extension: (Google Calendar) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-05-20]
CHR Extension: (Pandora) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-05-20]
CHR Extension: (Full Screen Weather) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-05-20]
CHR Extension: (BidTracer) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnldallmemknnglkjkbenhkklclolldd [2014-06-16]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-01-06]
CHR Extension: (Planner 5D) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2014-05-20]
CHR Extension: (Pixlr Express) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-05-20]
CHR Extension: (WAV Player for Gmail™) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpioniioecjjbhbnnbhcifmgmoiibalo [2014-05-20]
CHR Extension: (Pixlr Editor) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-05-20]
CHR Extension: (Print) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-05-20]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-04]
CHR Extension: (Attachment Icons for Gmail™) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\johdeoloijidhejmalfkpchbihbiamph [2014-05-20]
CHR Extension: (GoToMeeting Free Sharing) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgncfoanhgdfmkgfehkfdlbdnbhafpp [2014-11-12]
CHR Extension: (Autodesk Homestyler) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-05-20]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2014-05-20]
CHR Extension: (Google Play) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-05-20]
CHR Extension: (Evernote Web) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-15]
CHR Extension: (Google Maps) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-05-20]
CHR Extension: (Google Play Books) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-20]
CHR Extension: (Spreadsheet Assembly Line) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdlpflaiemapipbcccipafniaoaneaf [2014-05-20]
CHR Extension: (Google Wallet) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21]
CHR Extension: (ActiveInbox for Gmail™) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeehiifcaeengdofhogmkblhkmpephcj [2014-11-17]
CHR Extension: (Expensify Web Receipts) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2014-05-20]
CHR Extension: (Pipedrive - Sales CRM) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofakdmdcdjgmilfepadallikeeibfdm [2014-05-20]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-05-20]
CHR Extension: (Gmail) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-21]
CHR HKU\S-1-5-21-318857498-554326798-2304772360-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atashost; C:\Windows\system32\atashost.exe [118008 2015-04-29] (Cisco WebEx LLC)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1787720 2012-02-02] (AuthenTec, Inc.)
R2 Auth Service; C:\Program Files\CE\authServer.exe [3969528 2015-05-19] ()
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [131072 2011-11-30] (Broadcom Corporation) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 Canon imagePROGRAF Status Monitor; C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [723800 2012-03-08] (CANON INC)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [5709816 2015-05-19] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [4374008 2015-05-18] (CovenantEyes)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-03-13] (Intel Corporation)
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [1569336 2012-08-15] (Dell Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [55640 2013-07-01] ()
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [179592 2012-01-17] ()
R2 EMP_UDSA; C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-04-18] (Flexera Software, Inc.)
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [772408 2013-07-01] ()
R2 iPFDeviceAgentService; C:\Windows\system32\Cnwiolss.exe [155648 2012-01-17] (CANON INC.) [File not signed]
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [544400 2013-07-01] ()
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212984 2012-05-21] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 MSSQL$CRM; C:\Program Files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-12-14] (NETGEAR)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1517448 2011-11-11] (Wave Systems Corp.)
S4 SQLAgent$CRM; C:\Program Files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2864496 2011-12-08] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1189376 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5210112 2011-01-15] (Dell Inc.) [File not signed]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [145408 2012-01-16] (Wave Systems Corp.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2012-05-23] (ST Microelectronics)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2011-01-15] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [103936 2011-08-22] (Broadcom Corporation)
R1 cewd32; C:\Windows\system32\Drivers\cewd32.sys [30200 2015-05-18] () [File not signed]
R3 EMP_MIRRUD; C:\Windows\System32\DRIVERS\EMP_MirrUD.sys [3712 2011-11-17] (Windows ® Codename Longhorn DDK provider)
S1 EMP_UDMM; C:\Windows\System32\DRIVERS\EMP_UDMm.sys [6400 2006-05-31] () [File not signed]
S3 EMP_UDMR; C:\Windows\System32\DRIVERS\EMP_UDMr.sys [6272 2006-04-25] (Windows ® 2000 DDK provider) [File not signed]
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [17664 2011-11-17] (SEIKO EPSON CORPORATION)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [11008 2011-07-19] (Dell Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-22] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl827baf67; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2FC30F70-ED4D-4E74-987A-A3D10C227F57}\MpKsl827baf67.sys [39464 2015-06-19] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2015-04-12] (CACE Technologies, Inc.)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [64872 2011-11-14] (O2Micro )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2012-07-24] (Dell Inc)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2012-11-19] (Samsung Electronics) [File not signed]
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [18944 2013-06-30] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2013-06-30] (Shrew Soft Inc)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-23] (Huawei Technologies Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 16:31 - 2015-06-19 16:31 - 00033165 _____ C:\Users\Bruno\Desktop\FRST.txt
2015-06-19 16:30 - 2015-06-19 16:31 - 00000000 ____D C:\FRST
2015-06-19 16:28 - 2015-06-19 16:28 - 01148416 _____ (Farbar) C:\Users\Bruno\Desktop\FRST.exe
2015-06-19 16:05 - 2015-06-19 16:05 - 00000000 ____D C:\Users\Bruno\AppData\Local\CovenantEyesProxy
2015-06-19 16:05 - 2015-05-18 13:04 - 00030200 _____ C:\Windows\system32\Drivers\cewd32.sys
2015-06-19 15:57 - 2015-06-19 15:58 - 01716137 _____ C:\Users\Bruno\Desktop\CovenantEyesClient_5.2.106.dmp
2015-06-19 15:47 - 2015-06-19 15:48 - 02231296 _____ C:\Users\Bruno\Desktop\AdwCleaner.exe
2015-06-18 13:38 - 2015-06-18 14:03 - 18211508 _____ C:\Users\Bruno\Desktop\Why all the buzz about VRV systems - AIA version, JB, 06-14-15.pptx
2015-06-17 16:46 - 2015-06-17 16:46 - 00000478 _____ C:\Users\Bruno\Desktop\fixlist.txt
2015-06-11 05:07 - 2015-06-02 15:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-11 05:07 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-11 05:07 - 2015-05-25 13:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 05:07 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-11 05:07 - 2015-05-22 23:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-11 05:07 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-11 05:07 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-11 05:07 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-11 05:07 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-11 05:07 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-11 05:07 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-11 05:07 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-11 05:07 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-11 05:07 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-11 05:07 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-11 05:07 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-11 05:07 - 2015-05-22 23:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-11 05:07 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-11 05:07 - 2015-05-22 23:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-11 05:07 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-11 05:07 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-11 05:07 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-11 05:07 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-11 05:07 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-11 05:07 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-11 05:07 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-11 05:07 - 2015-05-22 22:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-11 05:07 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-11 05:07 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-11 05:07 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-11 05:07 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-11 05:07 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-11 05:07 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-11 05:07 - 2015-05-08 23:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-11 05:07 - 2015-05-08 23:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-11 05:07 - 2015-05-08 23:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-11 05:07 - 2015-05-08 23:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-11 05:07 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-11 05:07 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-11 05:07 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-11 05:07 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-11 05:07 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-11 05:07 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-11 05:07 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-11 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-08 16:59 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-08 16:59 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-08 16:59 - 2015-05-25 14:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-08 16:59 - 2015-05-25 14:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-08 16:59 - 2015-05-25 14:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-08 16:59 - 2015-05-25 14:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-08 16:59 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-08 16:59 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-08 16:59 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-08 16:59 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-08 16:59 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-08 16:59 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-08 16:59 - 2015-05-25 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-08 16:59 - 2015-04-10 23:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-08 16:57 - 2015-05-22 14:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-08 16:57 - 2015-05-22 14:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-08 16:57 - 2015-05-22 14:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-08 16:57 - 2015-05-22 14:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-08 16:57 - 2015-05-22 14:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-08 16:57 - 2015-05-22 14:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-08 16:57 - 2015-05-22 13:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-08 16:57 - 2015-05-21 09:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-08 16:54 - 2015-05-08 23:14 - 02937344 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-08 16:54 - 2015-05-08 23:14 - 02045952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-08 16:54 - 2015-05-08 23:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-08 16:54 - 2015-05-08 23:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-08 16:54 - 2015-05-08 23:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-08 16:54 - 2015-05-08 23:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-08 16:54 - 2015-05-08 23:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-08 16:54 - 2015-05-08 23:13 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-08 16:54 - 2015-05-08 23:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-08 16:54 - 2015-05-08 23:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-08 16:54 - 2015-05-08 23:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-08 09:44 - 2015-06-08 09:44 - 07873580 _____ C:\Users\Bruno\Desktop\Drawings.zip
2015-06-07 21:35 - 2015-06-07 21:35 - 00029473 _____ C:\Users\Bruno\Desktop\accountDetailByDateExport.csv
2015-06-05 12:57 - 2015-06-05 12:57 - 00150632 _____ C:\Windows\Minidump\060515-21091-01.dmp
2015-06-05 12:21 - 2015-06-05 12:21 - 00009786 _____ C:\Users\Bruno\Desktop\Petersburg Police Station.Budget.6-5-15.vrv
2015-06-03 17:18 - 2015-06-03 17:18 - 00019099 _____ C:\Users\Bruno\Desktop\2016 DISTRIBUTION FACILITYBASEBID_31052015_1203.vrv
2015-06-03 17:18 - 2015-06-03 17:18 - 00018065 _____ C:\Users\Bruno\Desktop\2016 DISTRIBUTION FACILITYALTERNATEBID_01062015_0946.vrv
2015-06-01 15:45 - 2015-06-01 15:46 - 00001246 _____ C:\Users\Bruno\Desktop\error.log
2015-06-01 13:13 - 2015-06-01 13:13 - 00000000 ____D C:\Users\Bruno\AppData\Local\GWX
2015-06-01 12:53 - 2015-06-01 12:53 - 00008024 _____ C:\Users\Bruno\Desktop\Alt VRV selection.5-29-15.vrv
2015-05-28 21:14 - 2015-05-28 21:14 - 00000000 ____D C:\Users\Bruno\Desktop\DCIM
2015-05-28 09:56 - 2015-05-28 09:59 - 00051605 _____ C:\Users\Bruno\Desktop\Bruno's 2015 PO Book.xlsx
2015-05-27 08:43 - 2015-05-27 08:43 - 00000000 ____D C:\Users\Bruno\AppData\Local\_
2015-05-27 08:16 - 2015-05-27 08:16 - 00001064 _____ C:\Users\Bruno\Desktop\AAON ECat.lnk
2015-05-27 08:05 - 2015-05-27 08:07 - 38936576 _____ C:\Users\Bruno\Downloads\AAON-STD-HDPsyChart-6r4.exe
2015-05-27 08:05 - 2015-05-27 08:06 - 09830128 _____ C:\Users\Bruno\Downloads\Airxcd.zip
2015-05-27 08:04 - 2015-05-27 08:11 - 153090072 _____ C:\Users\Bruno\Downloads\AAON Update 5 0 229 6.EXE
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 16:27 - 2012-04-08 21:21 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 16:17 - 2009-07-14 00:34 - 00021312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 16:17 - 2009-07-14 00:34 - 00021312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 16:13 - 2011-11-19 03:33 - 01474935 _____ C:\Windows\WindowsUpdate.log
2015-06-19 16:10 - 2013-06-18 16:58 - 00000000 ___RD C:\Users\Bruno\Google Drive
2015-06-19 16:09 - 2015-02-23 11:48 - 00003928 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2015-06-19 16:08 - 2012-04-08 21:21 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 16:08 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 16:08 - 2009-07-14 00:39 - 00153796 _____ C:\Windows\setupact.log
2015-06-19 16:07 - 2015-02-23 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
2015-06-19 16:07 - 2015-02-23 11:48 - 00000000 ____D C:\Program Files\CE
2015-06-19 16:07 - 2010-11-20 17:48 - 00334242 _____ C:\Windows\PFRO.log
2015-06-19 16:05 - 2011-11-19 03:49 - 00001096 __RSH C:\ProgramData\ntuser.pol
2015-06-19 16:04 - 2015-02-23 11:48 - 00000000 ____D C:\ProgramData\CovenantEyes
2015-06-19 16:02 - 2010-11-20 17:01 - 00885730 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-19 15:54 - 2014-03-19 15:39 - 00000000 ____D C:\AdwCleaner
2015-06-19 13:02 - 2013-09-16 15:40 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Price All-In-One
2015-06-19 13:01 - 2011-11-29 15:36 - 00000000 ____D C:\Users\Bruno\AppData\Local\Deployment
2015-06-19 13:00 - 2013-09-16 16:13 - 00000000 ____D C:\Users\Public\Price AIO Jobs
2015-06-18 16:19 - 2011-12-01 15:44 - 00000000 ____D C:\Program Files\AAONECat32
2015-06-18 16:02 - 2015-02-23 11:48 - 00013496 _____ C:\Windows\system32\CovenantEyesProxy.ini
2015-06-18 13:41 - 2014-09-01 22:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 07:42 - 2013-09-16 15:47 - 00004778 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-06-16 07:31 - 2011-12-08 17:03 - 00000000 ____D C:\Users\Public\CAPS jobs
2015-06-16 05:11 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-06-15 14:50 - 2014-09-01 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-15 14:50 - 2014-09-01 22:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-15 09:18 - 2014-11-14 16:42 - 00000000 __SHD C:\Users\Bruno\AppData\Local\EmieBrowserModeList
2015-06-15 09:18 - 2014-04-11 08:33 - 00000000 __SHD C:\Users\Bruno\AppData\Local\EmieUserList
2015-06-15 09:18 - 2014-04-11 08:33 - 00000000 __SHD C:\Users\Bruno\AppData\Local\EmieSiteList
2015-06-11 11:55 - 2009-07-14 00:33 - 00524888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 05:33 - 2011-11-29 15:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 05:25 - 2013-07-17 06:53 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 05:12 - 2011-12-01 09:53 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 17:47 - 2015-04-16 06:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-08 17:47 - 2014-04-23 23:08 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-06 09:40 - 2013-06-18 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-05 12:57 - 2013-01-11 19:59 - 289799058 _____ C:\Windows\MEMORY.DMP
2015-06-05 12:57 - 2013-01-11 19:59 - 00000000 ____D C:\Windows\Minidump
2015-05-28 16:07 - 2015-05-06 21:20 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\vlc
2015-05-27 12:47 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2015-05-25 18:18 - 2013-02-23 12:33 - 00000000 ____D C:\Windows\pss
2015-05-25 18:04 - 2011-11-19 04:04 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
2015-05-25 18:04 - 2011-11-19 04:04 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-20 10:49 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-20 06:48 - 2015-04-01 08:10 - 00000000 ___SD C:\Windows\system32\GWX
 
==================== Files in the root of some directories =======
 
2014-03-21 05:52 - 2014-03-25 20:26 - 4249600 _____ () C:\Program Files\GUT52B2.tmp
2011-12-03 20:36 - 2013-02-22 15:22 - 0037843 _____ () C:\Users\Bruno\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-04-24 16:42 - 2015-04-24 16:42 - 0037875 _____ () C:\Users\Bruno\AppData\Roaming\Comma Separated Values.ADR
2012-05-21 14:00 - 2012-05-21 14:00 - 0020984 _____ (Intel Corporation) C:\Users\Bruno\AppData\Roaming\JomCap.dll
2013-05-23 16:17 - 2013-05-23 16:17 - 0000035 _____ () C:\Users\Bruno\AppData\Roaming\Opusbext.dat
2013-03-23 21:17 - 2013-03-23 21:17 - 0003584 _____ () C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-30 14:30 - 2014-09-30 14:30 - 0000735 _____ () C:\Users\Bruno\AppData\Local\recently-used.xbel
2012-01-11 12:39 - 2012-01-11 12:39 - 0007607 _____ () C:\Users\Bruno\AppData\Local\Resmon.ResmonCfg
2013-09-16 15:47 - 2015-06-16 07:42 - 0004778 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-05-19 05:10 - 2015-05-19 05:10 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat
 
Files to move or delete:
====================
C:\ProgramData\Shrew Soft VPN.dat
C:\Users\Bruno\CrmClientSetup.exe
C:\Users\Bruno\msvcp100.dll
C:\Users\Bruno\msvcr100.dll
 
 
Some files in TEMP:
====================
C:\Users\Bruno\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph9dscg.dll
C:\Users\Bruno\AppData\Local\Temp\HeaTrans32.dll
C:\Users\Bruno\AppData\Local\Temp\PAIOSPatch2.36.281.8241-Current.exe
C:\Users\Bruno\AppData\Local\Temp\PostPatch.exe
C:\Users\Bruno\AppData\Local\Temp\Price.AIO.Common.dll
C:\Users\Bruno\AppData\Local\Temp\Price.AIO.JobsFacade.dll
C:\Users\Bruno\AppData\Local\Temp\Price.Framework.DataAccess.dll
C:\Users\Bruno\AppData\Local\Temp\Price.Framework.DataAccess.Interface.dll
C:\Users\Bruno\AppData\Local\Temp\Quarantine.exe
C:\Users\Bruno\AppData\Local\Temp\sqlite3.dll
C:\Users\Bruno\AppData\Local\Temp\_is1D20.exe
C:\Users\Bruno\AppData\Local\Temp\_is9971.exe
C:\Users\Bruno\AppData\Local\Temp\_isEC41.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-03-05 11:39
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 AM

Posted 23 June 2015 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Evernote Web) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-05-20]
CHR HKU\S-1-5-21-318857498-554326798-2304772360-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:01C66DD9
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0B9FB94D
C:\Program Files\GUT52B2.tmp
C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

How is the computer running now?

#3 T Crew Dad

T Crew Dad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 23 June 2015 - 03:15 PM

Holy Crap Nasdaq!  I cannot believe how much faster my computer and Chrome run!!!  Thank you so much!  I really do appreciate this forum and you willingness to help!

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Bruno at 2015-06-23 15:51:12 Run:1
Running from C:\Users\Bruno\Desktop
Loaded Profiles: Bruno (Available Profiles: Bruno)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Evernote Web) - C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-05-20]
CHR HKU\S-1-5-21-318857498-554326798-2304772360-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:01C66DD9
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0B9FB94D
C:\Program Files\GUT52B2.tmp
C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol => moved successfully.
"HKU\S-1-5-21-318857498-554326798-2304772360-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully.
DgiVecp => Service removed successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully..
C:\ProgramData\Temp => ":01C66DD9" ADS removed successfully..
C:\ProgramData\Temp => ":07BF512B" ADS removed successfully..
C:\ProgramData\Temp => ":0B9FB94D" ADS removed successfully..
C:\Program Files\GUT52B2.tmp => moved successfully.
"C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol" => File/Folder not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:51:50 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 AM

Posted 24 June 2015 - 07:28 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 AM

Posted 29 June 2015 - 07:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users