Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Total Ad Performance


  • This topic is locked This topic is locked
96 replies to this topic

#1 dboren23

dboren23

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 06 July 2015 - 10:49 AM

While browsing in Google Chrome, I routinely receive a notification from my Avast Free anti-virus that "a threat has been detected." I can see that Total Ad Performance has opened a new tab. Though Avast prevents the page from loading, it seems clear that I have picked up some form of a virus/malware/adware. Thank you in advance for any help you can provide!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by denve_000 (administrator) on BORENLAPTOP on 06-07-2015 10:42:11
Running from C:\Users\denve_000\Downloads
Loaded Profiles: denve_000 (Available Profiles: denve_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-12-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-12-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\RunOnce: [Hafete] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\Run: [Spotify Web Helper] => C:\Users\denve_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-14] (Spotify Ltd)
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\Run: [Google Update] => C:\Users\denve_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-11] (Google Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-02-21]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-17] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {4CBB8E36-D4AF-48F2-8D92-BFB7830F6057} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1626269264-1846653108-2338462542-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-14] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-14] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{1FE9BE7B-0464-47A4-82AC-5B42BF559569}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{4A0EE0D6-99DF-4C82-9C56-F45119DB3572}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\denve_000\AppData\Roaming\Mozilla\Firefox\Profiles\qojj5hew.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-27] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-15] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-27] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-15] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1626269264-1846653108-2338462542-1001: @tools.google.com/Google Update;version=3 -> C:\Users\denve_000\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1626269264-1846653108-2338462542-1001: @tools.google.com/Google Update;version=9 -> C:\Users\denve_000\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\denve_000\AppData\Roaming\Mozilla\Firefox\Profiles\qojj5hew.default\searchplugins\google-avast.xml [2015-06-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-17]
 
Chrome: 
=======
CHR Profile: C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-17]
CHR Extension: (Angry Birds) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-02-17]
CHR Extension: (Google Docs) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-17]
CHR Extension: (Google Drive) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-17]
CHR Extension: (YouTube) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-17]
CHR Extension: (Google Cast) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-17]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-02-17]
CHR Extension: (Google Search) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-17]
CHR Extension: (File Manager) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\egoilkobbnkdafmcllnicbohlpjcjegl [2015-02-17]
CHR Extension: (Avast SafePrice) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-28]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-04-08]
CHR Extension: (Google Sheets) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-17]
CHR Extension: (Hola Better Internet) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-06-19]
CHR Extension: (Avast Online Security) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-21]
CHR Extension: (Adblock Super) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-02-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Ghostery) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-02-18]
CHR Extension: (Google Wallet) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR Extension: (Gmail) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-17]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-17] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-03] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-12-03] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-17] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 10:42 - 2015-07-06 10:42 - 00024989 _____ C:\Users\denve_000\Downloads\FRST.txt
2015-07-06 10:41 - 2015-07-06 10:42 - 00000000 ____D C:\FRST
2015-07-06 10:41 - 2015-07-06 10:41 - 02112512 _____ (Farbar) C:\Users\denve_000\Downloads\FRST64.exe
2015-06-30 20:37 - 2015-06-30 20:37 - 00000000 ____D C:\Users\denve_000\Documents\Hasty Bake Class
2015-06-29 17:36 - 2015-06-29 17:36 - 06565736 _____ (Piriform Ltd) C:\Users\denve_000\Downloads\ccsetup507.exe
2015-06-28 14:51 - 2015-06-28 14:55 - 00000000 ____D C:\Users\denve_000\Desktop\Media From Phone
2015-06-28 14:47 - 2015-06-28 14:51 - 00000000 ____D C:\Users\denve_000\Downloads\Justified Season 5-6 S05-S06 720p BluRay x264-DEMAND [RiCK]
2015-06-28 14:44 - 2015-06-28 14:44 - 00080942 _____ C:\Users\denve_000\Downloads\6ABEB2E3CCE3BD626DE291DC9071886008D3AF02.torrent
2015-06-25 22:50 - 2015-06-25 22:50 - 00000000 ____D C:\Users\denve_000\Downloads\Big.Brother.US.S17E02.HDTV.x264-MiNDTHEGAP[rarbg]
2015-06-25 22:49 - 2015-06-25 22:49 - 00028762 _____ C:\Users\denve_000\Downloads\[kat.cr]big.brother.us.s17e02.hdtv.x264.mindthegap.rartv.torrent
2015-06-25 22:46 - 2015-06-25 22:58 - 585055882 ____R C:\Users\denve_000\Downloads\Big.Brother.US.S17E02.HDTV-MegaTV.mp4
2015-06-25 22:45 - 2015-06-25 22:45 - 00011890 _____ C:\Users\denve_000\Downloads\[kat.cr]big.brother.us.s17e02.hdtv.megatv.torrent
2015-06-15 08:22 - 2015-06-19 08:32 - 00003222 _____ C:\windows\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-15 01:48 - 2015-06-15 01:57 - 00000000 ____D C:\Users\denve_000\Downloads\San Andreas Quake (2015) [1080p]
2015-06-15 01:47 - 2015-06-15 01:58 - 00000000 ____D C:\Users\denve_000\Downloads\Edge of Tomorrow (2014) [1080p]
2015-06-15 01:29 - 2015-06-15 01:50 - 00000000 ____D C:\Users\denve_000\Downloads\John Wick (2014) [1080p]
2015-06-15 01:23 - 2015-06-15 01:23 - 00000000 ____D C:\Users\denve_000\Downloads\Whiplash (2014) [1080p]
2015-06-15 01:03 - 2015-06-15 01:03 - 00043682 _____ C:\Users\denve_000\AppData\Local\Tempdivx16d2
2015-06-15 01:02 - 2015-06-15 01:02 - 00001612 _____ C:\Users\denve_000\Desktop\DivX Movies.lnk
2015-06-15 01:02 - 2015-06-15 01:02 - 00001093 _____ C:\Users\Public\Desktop\DivX Player.lnk
2015-06-15 01:01 - 2015-06-15 01:03 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\DivX
2015-06-15 01:01 - 2015-06-15 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-06-15 01:01 - 2015-06-15 01:01 - 00001158 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2015-06-15 01:01 - 2015-06-15 01:01 - 00000000 ____D C:\Program Files\DivX
2015-06-15 01:00 - 2015-06-15 01:02 - 00000000 ____D C:\ProgramData\DivX
2015-06-15 01:00 - 2015-06-15 01:02 - 00000000 ____D C:\Program Files (x86)\DivX
2015-06-15 01:00 - 2015-06-15 01:00 - 01010672 _____ (DivX, LLC) C:\Users\denve_000\Downloads\DivXInstaller.exe
2015-06-15 00:53 - 2015-06-15 00:53 - 00001207 _____ C:\Users\denve_000\Desktop\Continue Free MP4 Player Installation.lnk
2015-06-15 00:52 - 2015-06-15 00:52 - 00000000 ____D C:\Program Files (x86)\mp4player_setup
2015-06-15 00:51 - 2015-06-15 00:51 - 02168320 _____ C:\Users\denve_000\Downloads\mp4player_setup.msi
2015-06-15 00:44 - 2015-07-06 09:49 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 00:44 - 2015-07-04 07:21 - 00000924 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 00:44 - 2015-06-23 00:50 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-15 00:44 - 2015-06-15 00:44 - 00003900 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-15 00:44 - 2015-06-15 00:44 - 00003664 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-15 00:44 - 2015-06-15 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-15 00:43 - 2015-06-15 00:43 - 00931408 _____ (Google Inc.) C:\Users\denve_000\Downloads\ChromeSetup(1).exe
2015-06-15 00:13 - 2015-07-06 09:20 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 00:13 - 2015-06-29 17:33 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-15 00:13 - 2015-06-29 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-15 00:13 - 2015-06-29 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-15 00:13 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-15 00:13 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-15 00:13 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-15 00:13 - 2015-06-15 00:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-15 00:09 - 2015-06-15 00:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\denve_000\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-06-15 00:09 - 2015-06-15 00:09 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\denve_000\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-15 00:04 - 2015-06-15 01:13 - 00000000 ____D C:\Users\denve_000\Downloads\Fury (2014) [1080p]
2015-06-14 23:43 - 2015-06-15 00:03 - 00000000 ____D C:\Users\denve_000\Downloads\The Imitation Game (2014) [1080p]
2015-06-14 23:27 - 2015-06-14 23:27 - 00013426 _____ C:\Users\denve_000\Downloads\San+Andreas+Quake+%282015%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:23 - 2015-06-14 23:23 - 00017687 _____ C:\Users\denve_000\Downloads\Edge+of+Tomorrow+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:23 - 2015-06-14 23:23 - 00017558 _____ C:\Users\denve_000\Downloads\John+Wick+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:22 - 2015-06-14 23:22 - 00017676 _____ C:\Users\denve_000\Downloads\Whiplash+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:20 - 2015-06-14 23:20 - 00020808 _____ C:\Users\denve_000\Downloads\Fury+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:17 - 2015-06-14 23:42 - 00000000 ____D C:\Users\denve_000\Downloads\Gone Girl (2014) [1080p]
2015-06-14 23:17 - 2015-06-14 23:17 - 00019671 _____ C:\Users\denve_000\Downloads\The+Imitation+Game+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:16 - 2015-06-14 23:16 - 00022858 _____ C:\Users\denve_000\Downloads\Gone+Girl+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:12 - 2015-06-14 23:19 - 00000000 ____D C:\Users\denve_000\Downloads\Interstellar (2014) (2014) [1080p]
2015-06-14 23:12 - 2015-06-14 23:12 - 00023795 _____ C:\Users\denve_000\Downloads\Interstellar+%282014%29+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 23:03 - 2015-06-14 23:12 - 00000000 ____D C:\Users\denve_000\Downloads\Entourage
2015-06-14 23:02 - 2015-06-14 23:02 - 00122631 _____ C:\Users\denve_000\Downloads\Entourage+Complete+-+All+seasons+1+to+8+-+Best+Quality.torrent
2015-06-14 22:59 - 2015-06-14 23:02 - 00000000 ____D C:\Users\denve_000\Downloads\Friday Night Lights Deluxe DVD Boxset Season 1, 2, 3, 4 & 5 + Extras (Behind The Scenes Etc) DVDRip HDTV
2015-06-14 22:59 - 2015-06-14 22:59 - 00150120 _____ C:\Users\denve_000\Downloads\Friday+Night+Lights+Deluxe+DVD+Boxset+Season+1%2C+2%2C+3%2C+4+%26amp%3B+5+%2B+Ex.torrent
2015-06-14 22:54 - 2015-06-14 22:58 - 00000000 ____D C:\Users\denve_000\Downloads\Justified Season 5 WEB-DL 720p
2015-06-14 22:53 - 2015-06-14 22:53 - 00069922 _____ C:\Users\denve_000\Downloads\Justified_Season_5_WEB-DL_720p.torrent
2015-06-14 22:52 - 2015-06-14 22:53 - 00000000 ____D C:\Users\denve_000\Downloads\Justified Season 4
2015-06-14 22:52 - 2015-06-14 22:52 - 00309852 _____ C:\Users\denve_000\Downloads\Justified_Season_4_COMPLETE_HDTV_x264.torrent
2015-06-14 22:51 - 2015-06-14 22:51 - 00090415 _____ C:\Users\denve_000\Downloads\Justified_-_Season_4_[720p].torrent
2015-06-14 22:49 - 2015-06-14 23:03 - 00000000 ____D C:\Users\denve_000\Downloads\Draft Day (2014) [1080p]
2015-06-14 22:49 - 2015-06-14 22:49 - 00017579 _____ C:\Users\denve_000\Downloads\Draft+Day+%282014%29+1080p+BrRip+x264+-+YIFY.torrent
2015-06-14 22:28 - 2015-06-14 22:28 - 00003296 _____ C:\windows\System32\Tasks\Gamma Task Menager Cleaner
2015-06-14 21:17 - 2015-07-04 07:18 - 00012698 _____ C:\windows\PFRO.log
2015-06-14 19:33 - 2015-06-14 19:33 - 00342751 _____ C:\Users\denve_000\Downloads\kimberly-geswein_kg-second-chances-solid.zip
2015-06-14 19:33 - 2015-06-14 19:33 - 00000000 ____D C:\Users\denve_000\Downloads\kimberly-geswein_kg-second-chances-solid
2015-06-14 19:21 - 2015-06-14 19:21 - 00606479 _____ C:\Users\denve_000\Downloads\fontscafe_chalk-hand-lettering-shaded-dem.zip
2015-06-14 19:21 - 2015-06-14 19:21 - 00000000 ____D C:\Users\denve_000\Downloads\fontscafe_chalk-hand-lettering-shaded-dem
2015-06-14 19:12 - 2015-06-14 19:13 - 00000000 ____D C:\Users\denve_000\Downloads\vectorstock_2299916
2015-06-14 19:12 - 2015-06-14 19:12 - 14964066 _____ C:\Users\denve_000\Downloads\vectorstock_2299916.zip
2015-06-14 14:37 - 2015-06-14 14:37 - 06549184 _____ (Piriform Ltd) C:\Users\denve_000\Downloads\ccsetup506.exe
2015-06-13 12:19 - 2015-06-13 12:19 - 00369946 _____ C:\Users\denve_000\Downloads\MOLESK font by UPPERTYPE.zip
2015-06-13 12:19 - 2015-06-13 12:19 - 00000000 ____D C:\Users\denve_000\Downloads\MOLESK font by UPPERTYPE
2015-06-13 11:03 - 2015-06-13 11:03 - 00009728 _____ C:\Users\denve_000\Downloads\Vincent-Regular.otf
2015-06-13 10:54 - 2015-06-13 10:54 - 00000000 ____D C:\Users\denve_000\Downloads\vectorstock_2693860
2015-06-13 10:53 - 2015-06-13 10:53 - 01811736 _____ C:\Users\denve_000\Downloads\vectorstock_2693860.zip
2015-06-13 10:44 - 2015-06-13 10:44 - 00000000 ____D C:\Users\denve_000\Downloads\alt_ren_family
2015-06-13 10:43 - 2015-06-13 10:43 - 00246726 _____ C:\Users\denve_000\Downloads\alt_ren_family.zip
2015-06-13 10:42 - 2015-06-13 10:42 - 00008468 _____ C:\Users\denve_000\Downloads\Aventura-Bold.otf
2015-06-13 10:41 - 2015-06-13 10:41 - 00004751 _____ C:\Users\denve_000\Downloads\Superlative.zip
2015-06-13 10:41 - 2015-06-13 10:41 - 00000000 ____D C:\Users\denve_000\Downloads\Superlative
2015-06-13 10:39 - 2015-06-13 10:39 - 00239881 _____ C:\Users\denve_000\Downloads\Barque.zip
2015-06-13 10:39 - 2015-06-13 10:39 - 00000000 ____D C:\Users\denve_000\Downloads\Barque
2015-06-13 10:23 - 2015-06-13 10:25 - 00000000 ____D C:\Users\denve_000\Downloads\vectorstock_2493522
2015-06-13 10:23 - 2015-06-13 10:23 - 01446054 _____ C:\Users\denve_000\Downloads\vectorstock_2493522.zip
2015-06-13 10:19 - 2015-06-13 10:19 - 00000000 ____D C:\Users\denve_000\Downloads\vectorstock_181346
2015-06-13 10:18 - 2015-06-13 10:18 - 12629083 _____ C:\Users\denve_000\Downloads\vectorstock_181349.zip
2015-06-13 10:18 - 2015-06-13 10:18 - 11674233 _____ C:\Users\denve_000\Downloads\vectorstock_181346.zip
2015-06-13 10:18 - 2015-06-13 10:18 - 00000000 ____D C:\Users\denve_000\Downloads\vectorstock_181349
2015-06-13 10:17 - 2015-06-13 10:18 - 00000000 ____D C:\Users\denve_000\Downloads\vectorstock_1587600
2015-06-13 10:16 - 2015-06-13 10:16 - 06597638 _____ C:\Users\denve_000\Downloads\vectorstock_1587600.zip
2015-06-12 08:59 - 2015-07-06 09:43 - 00011692 _____ C:\windows\setupact.log
2015-06-12 08:59 - 2015-06-12 08:59 - 00000000 _____ C:\windows\setuperr.log
2015-06-12 00:14 - 2015-06-12 00:14 - 00000000 ____D C:\Users\denve_000\AppData\Local\GWX
2015-06-11 17:43 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-11 17:43 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-11 17:43 - 2015-05-22 08:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-11 17:43 - 2015-05-21 08:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-11 17:43 - 2015-05-21 08:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-11 17:43 - 2015-05-21 08:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-11 17:43 - 2015-05-21 08:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-11 17:43 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-11 17:43 - 2015-05-21 08:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-11 17:43 - 2015-04-16 17:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-11 17:43 - 2015-04-16 01:17 - 00325464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-11 17:43 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-11 17:43 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-11 17:43 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-11 17:43 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-11 17:43 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-11 17:43 - 2015-04-08 17:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-11 17:43 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-11 17:43 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-11 17:43 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-11 17:43 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-11 17:43 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-11 17:43 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-11 17:43 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-11 17:43 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-11 17:43 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-11 17:43 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-11 17:43 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-11 17:43 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-11 17:43 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-11 17:43 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-11 17:43 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-11 17:43 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-11 17:43 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-11 17:43 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-11 17:43 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-11 17:43 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-11 17:43 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-11 17:38 - 2015-07-06 10:34 - 01588589 _____ C:\windows\WindowsUpdate.log
2015-06-11 14:17 - 2015-06-11 14:17 - 46694400 _____ C:\Users\denve_000\Downloads\AdbeRdrUpd11011.msp
2015-06-11 13:48 - 2015-07-06 09:53 - 00000948 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001UA.job
2015-06-11 13:48 - 2015-07-05 13:53 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001Core.job
2015-06-11 13:48 - 2015-06-11 13:48 - 00931408 _____ (Google Inc.) C:\Users\denve_000\Downloads\chromecastinstaller.exe
2015-06-11 13:48 - 2015-06-11 13:48 - 00003902 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001UA
2015-06-11 13:48 - 2015-06-11 13:48 - 00003522 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001Core
2015-06-11 13:48 - 2015-06-11 13:48 - 00001245 _____ C:\Users\denve_000\Desktop\Chromecast.lnk
2015-06-11 13:48 - 2015-06-11 13:48 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-06-10 07:55 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 07:55 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 07:55 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 07:55 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 07:54 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 07:54 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 07:54 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 07:54 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 07:54 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 07:54 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 07:54 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 07:54 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 07:54 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-10 07:54 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-10 07:54 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 07:54 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 07:54 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 07:54 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 07:54 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-10 07:54 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 07:54 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 07:54 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 07:54 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 07:54 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 07:54 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 07:54 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 07:54 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 07:54 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 07:54 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 07:54 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 07:54 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-10 07:54 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 07:54 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-10 07:54 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-10 07:54 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 07:54 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 07:54 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 07:54 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 07:54 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 07:54 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-10 07:54 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 07:54 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 07:54 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-08 14:01 - 2015-07-05 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 10:05 - 2015-05-12 10:45 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-06 10:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-07-06 09:51 - 2015-02-17 21:51 - 00000330 _____ C:\windows\Tasks\UpdaterEX.job
2015-07-06 09:23 - 2014-03-18 04:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-06 09:21 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-05 10:08 - 2015-02-17 22:39 - 00000000 ____D C:\Users\denve_000\AppData\Local\Adobe
2015-07-05 09:44 - 2015-02-19 10:35 - 00000000 ____D C:\Users\denve_000\Documents\Food
2015-07-04 07:20 - 2015-02-17 21:45 - 00000000 __RDO C:\Users\denve_000\OneDrive
2015-07-04 07:18 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-04 07:18 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-04 07:17 - 2015-02-17 22:36 - 05517236 _____ C:\Users\Public\CAFADEBUG.log
2015-07-04 07:17 - 2014-12-03 02:38 - 00014848 _____ C:\windows\system32\VfService.trf
2015-07-03 09:24 - 2015-02-17 21:49 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1626269264-1846653108-2338462542-1001
2015-06-30 21:27 - 2015-02-17 21:58 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-06-30 19:12 - 2015-02-19 10:32 - 00000000 ____D C:\Users\denve_000\Documents\Bills
2015-06-29 17:36 - 2015-02-17 22:59 - 00000000 ____D C:\Program Files\CCleaner
2015-06-29 17:34 - 2015-02-17 21:45 - 00000000 ____D C:\Users\denve_000\Documents\Bluetooth Folder
2015-06-28 15:32 - 2015-02-18 00:08 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\uTorrent
2015-06-28 14:25 - 2015-03-02 00:37 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\vlc
2015-06-27 03:05 - 2015-05-12 10:45 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 01:17 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-23 02:21 - 2015-05-22 19:38 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-22 16:40 - 2015-02-19 10:36 - 00000000 ____D C:\Users\denve_000\Documents\Wedding Stuff
2015-06-19 22:02 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 22:02 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-15 08:22 - 2015-03-19 00:35 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-15 08:22 - 2015-03-19 00:35 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-15 01:03 - 2015-02-17 21:51 - 00000000 ____D C:\Users\denve_000\AppData\Local\CrashDumps
2015-06-15 00:44 - 2015-02-17 21:58 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-15 00:41 - 2015-02-17 21:51 - 00000000 __SHD C:\Users\denve_000\AppData\Local\EmieSiteList
2015-06-15 00:30 - 2015-02-18 00:09 - 00000000 ____D C:\ProgramData\APN
2015-06-14 22:31 - 2015-03-02 19:36 - 00000000 ____D C:\Users\denve_000\AppData\Local\Spotify
2015-06-14 21:53 - 2015-03-02 19:36 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\Spotify
2015-06-14 21:35 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-06-14 21:18 - 2013-08-22 09:44 - 09872128 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-14 21:17 - 2015-04-15 19:32 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-14 21:17 - 2015-04-15 19:32 - 00000000 ____D C:\windows\system32\appraiser
2015-06-14 21:17 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-06-14 19:02 - 2015-02-17 21:44 - 00000000 ____D C:\Users\denve_000\AppData\Local\Packages
2015-06-11 21:21 - 2015-02-18 00:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 21:21 - 2015-02-18 00:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 21:20 - 2015-02-19 14:39 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 21:15 - 2015-02-19 14:39 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 21:14 - 2015-04-14 18:12 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-11 21:14 - 2015-04-14 18:12 - 00000000 ___SD C:\windows\system32\GWX
2015-06-11 14:18 - 2015-02-22 12:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-11 13:48 - 2015-02-17 21:58 - 00000000 ____D C:\Users\denve_000\AppData\Local\Google
2015-06-11 12:43 - 2015-03-19 00:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-11 12:42 - 2013-08-22 10:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-10 08:01 - 2013-08-22 08:25 - 00000167 _____ C:\windows\win.ini
2015-06-09 09:27 - 2015-02-17 21:58 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-06-08 08:06 - 2015-02-19 10:31 - 00000000 ____D C:\Users\denve_000\Documents\Old Files
 
==================== Files in the root of some directories =======
 
2015-02-21 09:59 - 2015-02-21 09:59 - 14190648 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-02-17 22:36 - 2015-04-04 09:21 - 0000135 _____ () C:\Users\denve_000\AppData\Roaming\WB.CFG
2015-04-18 15:35 - 2015-04-18 15:35 - 0177364 _____ () C:\Users\denve_000\AppData\Local\ars.cache
2015-04-18 15:35 - 2015-04-18 15:35 - 0405167 _____ () C:\Users\denve_000\AppData\Local\census.cache
2015-02-19 11:52 - 2015-02-19 11:52 - 0234679 _____ () C:\Users\denve_000\AppData\Local\dsi1.dat
2015-02-19 11:52 - 2015-02-19 11:52 - 0161916 _____ () C:\Users\denve_000\AppData\Local\dsi2.dat
2015-04-18 15:24 - 2015-04-18 15:24 - 0000036 _____ () C:\Users\denve_000\AppData\Local\housecall.guid.cache
2015-04-18 15:32 - 2015-04-18 15:32 - 0000010 _____ () C:\Users\denve_000\AppData\Local\sponge.last.runtime.cache
2015-06-15 01:03 - 2015-06-15 01:03 - 0043682 _____ () C:\Users\denve_000\AppData\Local\Tempdivx16d2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\denve_000\AppData\Local\Tempdivx6a05
2014-12-03 01:59 - 2014-12-03 01:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\denve_000\AppData\Local\Temp\h264dec.dll
C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll
C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe
C:\Users\denve_000\AppData\Local\Temp\tasks.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-01 03:58
 
==================== End of log ============================
 
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 10 July 2015 - 05:02 PM

Greetings dboren23 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

Move FRST.exe onto your Desktop:

Running from C:\Users\denve_000\Downloads


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\RunOnce: [Hafete] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat"
C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat
C:\windows\SysWOW64\wscript.exe /E:vbscript /B
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKLM -> DefaultScope {4CBB8E36-D4AF-48F2-8D92-BFB7830F6057} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-06-15 01:03 - 2015-06-15 01:03 - 0043682 _____ () C:\Users\denve_000\AppData\Local\Tempdivx16d2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\denve_000\AppData\Local\Tempdivx6a05
C:\Users\denve_000\AppData\Local\Temp\h264dec.dll
C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll
C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe
C:\Users\denve_000\AppData\Local\Temp\tasks.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun FRST making sure to place a check mark in Addition.txt and post both logs
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST.txt
  • Addition.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 dboren23

dboren23
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 10 July 2015 - 05:35 PM

Hi, Gary! My name is Denver. Thank you very much for your expertise, time, and help. It is greatly appreciated! My log information is posted below. The only problem I ran into was with the addition.txt file. I clicked the box as you instructed, but the FRST program didn't create the addition.txt file. I repeated the steps several times with no success. I wasn't sure what else to do... The other information is below and the files you asked for are attached. Thanks again! 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by denve_000 at 2015-07-10 17:12:50 Run:3
Running from C:\Users\denve_000\Desktop
Loaded Profiles: denve_000 (Available Profiles: denve_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\RunOnce: [Hafete] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat"
C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat
C:\windows\SysWOW64\wscript.exe /E:vbscript /B
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKLM -> DefaultScope {4CBB8E36-D4AF-48F2-8D92-BFB7830F6057} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-06-15 01:03 - 2015-06-15 01:03 - 0043682 _____ () C:\Users\denve_000\AppData\Local\Tempdivx16d2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\denve_000\AppData\Local\Tempdivx6a05
C:\Users\denve_000\AppData\Local\Temp\h264dec.dll
C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll
C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe
C:\Users\denve_000\AppData\Local\Temp\tasks.dll
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Hafete => value not found.
"C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat" => File/Folder not found.
"C:\windows\SysWOW64\wscript.exe /E:vbscript /B" => File/Folder not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"C:\Users\denve_000\AppData\Local\Tempdivx16d2" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Tempdivx6a05" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\tasks.dll" => File/Folder not found.
 
==== End of Fixlog 17:12:50 ====
 
__________________________________________________________________________________________________________
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by denve_000 at 2015-07-10 17:14:30 Run:4
Running from C:\Users\denve_000\Desktop
Loaded Profiles: denve_000 (Available Profiles: denve_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\RunOnce: [Hafete] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat"
C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat
C:\windows\SysWOW64\wscript.exe /E:vbscript /B
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKLM -> DefaultScope {4CBB8E36-D4AF-48F2-8D92-BFB7830F6057} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-06-15 01:03 - 2015-06-15 01:03 - 0043682 _____ () C:\Users\denve_000\AppData\Local\Tempdivx16d2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\denve_000\AppData\Local\Tempdivx6a05
C:\Users\denve_000\AppData\Local\Temp\h264dec.dll
C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll
C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe
C:\Users\denve_000\AppData\Local\Temp\tasks.dll
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Hafete => value not found.
"C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat" => File/Folder not found.
"C:\windows\SysWOW64\wscript.exe /E:vbscript /B" => File/Folder not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"C:\Users\denve_000\AppData\Local\Tempdivx16d2" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Tempdivx6a05" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\tasks.dll" => File/Folder not found.
 
==== End of Fixlog 17:14:30 ====
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 10 July 2015 - 06:12 PM

Thank you for the quick reply. That fix looks a little strange. Please delete the existing FRST.exe from your computer, download a new version and run it one more time.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 13 July 2015 - 08:47 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 dboren23

dboren23
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 July 2015 - 09:07 AM

Sorry for the delay. Below is the new log. I also clicked the addition.txt box and had the same result. Thank you for your help! I should be able to reply much faster now :)

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by denve_000 at 2015-07-15 09:03:50 Run:6
Running from C:\Users\denve_000\Desktop
Loaded Profiles: denve_000 (Available Profiles: denve_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\RunOnce: [Hafete] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat"
C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat
C:\windows\SysWOW64\wscript.exe /E:vbscript /B
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKLM -> DefaultScope {4CBB8E36-D4AF-48F2-8D92-BFB7830F6057} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-06-15 01:03 - 2015-06-15 01:03 - 0043682 _____ () C:\Users\denve_000\AppData\Local\Tempdivx16d2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\denve_000\AppData\Local\Tempdivx6a05
C:\Users\denve_000\AppData\Local\Temp\h264dec.dll
C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll
C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe
C:\Users\denve_000\AppData\Local\Temp\tasks.dll
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Hafete => value not found.
"C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat" => File/Folder not found.
"C:\windows\SysWOW64\wscript.exe /E:vbscript /B" => File/Folder not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"C:\Users\denve_000\AppData\Local\Tempdivx16d2" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Tempdivx6a05" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\tasks.dll" => File/Folder not found.
 
==== End of Fixlog 09:03:50 ====

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 15 July 2015 - 09:11 AM

Thanks,

Launch FRST, make sure Addition.txt is checked and click Scan. Let's look at a full report.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 dboren23

dboren23
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 July 2015 - 09:31 AM

I think I ran the program correctly this time. Below is the Fixlog.txt and I have attached the FRST and Addition files. Sorry about my confusion.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by denve_000 at 2015-07-15 09:30:13 Run:7
Running from C:\Users\denve_000\Desktop
Loaded Profiles: denve_000 (Available Profiles: denve_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\RunOnce: [Hafete] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat"
C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat
C:\windows\SysWOW64\wscript.exe /E:vbscript /B
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKLM -> DefaultScope {4CBB8E36-D4AF-48F2-8D92-BFB7830F6057} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-06-15 01:03 - 2015-06-15 01:03 - 0043682 _____ () C:\Users\denve_000\AppData\Local\Tempdivx16d2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\denve_000\AppData\Local\Tempdivx6a05
C:\Users\denve_000\AppData\Local\Temp\h264dec.dll
C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll
C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe
C:\Users\denve_000\AppData\Local\Temp\tasks.dll
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Hafete => value not found.
"C:\Users\DENVE_~1\AppData\Local\7210EA~1\Pufemid.dat" => File/Folder not found.
"C:\windows\SysWOW64\wscript.exe /E:vbscript /B" => File/Folder not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"C:\Users\denve_000\AppData\Local\Tempdivx16d2" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Tempdivx6a05" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\h264dec_1.dll" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\ICReinstall_mp4player_setup.exe" => File/Folder not found.
"C:\Users\denve_000\AppData\Local\Temp\tasks.dll" => File/Folder not found.
 
==== End of Fixlog 09:30:13 ====

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 15 July 2015 - 09:38 AM

We need to run the program a little differently. That fixlist did its job so we are done with that file. This is what we want to do now.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Double click the FRST.exe icon
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dboren23

dboren23
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 July 2015 - 09:56 AM

Oh goodness  :wacko:  I'm so sorry it's taken me this long to get it right. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by denve_000 (administrator) on BORENLAPTOP on 15-07-2015 09:52:43
Running from C:\Users\denve_000\Desktop
Loaded Profiles: denve_000 (Available Profiles: denve_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfSysLogon.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfSysLogon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-12-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-12-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\Run: [Spotify Web Helper] => C:\Users\denve_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-14] (Spotify Ltd)
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\Run: [Google Update] => C:\Users\denve_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-11] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-02-21]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-17] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1626269264-1846653108-2338462542-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-14] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-14] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{1FE9BE7B-0464-47A4-82AC-5B42BF559569}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{4A0EE0D6-99DF-4C82-9C56-F45119DB3572}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\denve_000\AppData\Roaming\Mozilla\Firefox\Profiles\qojj5hew.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-15] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-15] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1626269264-1846653108-2338462542-1001: @tools.google.com/Google Update;version=3 -> C:\Users\denve_000\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1626269264-1846653108-2338462542-1001: @tools.google.com/Google Update;version=9 -> C:\Users\denve_000\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\denve_000\AppData\Roaming\Mozilla\Firefox\Profiles\qojj5hew.default\searchplugins\google-avast.xml [2015-06-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-17]
 
Chrome: 
=======
CHR Profile: C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-17]
CHR Extension: (Angry Birds) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-02-17]
CHR Extension: (Google Docs) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-17]
CHR Extension: (Google Drive) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-17]
CHR Extension: (YouTube) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-17]
CHR Extension: (Google Cast) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-17]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-02-17]
CHR Extension: (Google Search) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-17]
CHR Extension: (File Manager) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\egoilkobbnkdafmcllnicbohlpjcjegl [2015-02-17]
CHR Extension: (Avast SafePrice) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-28]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-04-08]
CHR Extension: (Google Sheets) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-17]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-06-19]
CHR Extension: (Avast Online Security) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-21]
CHR Extension: (Adblock Super) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-02-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Ghostery) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-02-18]
CHR Extension: (Google Wallet) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR Extension: (Gmail) - C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-17]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-17] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-03] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-12-03] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-17] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-15 09:52 - 2015-07-15 09:52 - 00024365 _____ C:\Users\denve_000\Desktop\FRST.txt
2015-07-15 09:22 - 2015-07-15 09:22 - 02133504 _____ (Farbar) C:\Users\denve_000\Desktop\FRST64.exe
2015-07-09 18:53 - 2015-07-09 18:53 - 00297171 _____ C:\Users\denve_000\Downloads\Wireless Boombox.skp
2015-07-08 22:14 - 2015-07-08 22:15 - 38301611 _____ C:\Users\denve_000\Downloads\Retro-badges-collection.zip
2015-07-08 21:34 - 2015-07-08 21:34 - 01666898 _____ C:\Users\denve_000\Downloads\lakesight.zip
2015-07-08 21:34 - 2015-07-08 21:34 - 00000000 ____D C:\Users\denve_000\Downloads\lakesight
2015-07-08 21:33 - 2015-07-08 21:33 - 00030731 _____ C:\Users\denve_000\Downloads\pacifico.zip
2015-07-08 21:33 - 2015-07-08 21:33 - 00000000 ____D C:\Users\denve_000\Downloads\pacifico
2015-07-08 21:31 - 2015-07-08 21:31 - 00118351 _____ C:\Users\denve_000\Downloads\senior-studio_blenda-script.zip
2015-07-08 21:31 - 2015-07-08 21:31 - 00000000 ____D C:\Users\denve_000\Downloads\senior-studio_blenda-script
2015-07-08 21:27 - 2015-07-08 21:27 - 00562751 _____ C:\Users\denve_000\Downloads\universal_college_draft.zip
2015-07-08 21:27 - 2015-07-08 21:27 - 00000000 ____D C:\Users\denve_000\Downloads\universal_college_draft
2015-07-08 21:26 - 2015-07-08 21:26 - 00671559 _____ C:\Users\denve_000\Downloads\universal_college.zip
2015-07-08 21:26 - 2015-07-08 21:26 - 00000000 ____D C:\Users\denve_000\Downloads\universal_college
2015-07-08 21:25 - 2015-07-08 21:25 - 01396929 _____ C:\Users\denve_000\Downloads\friday_night_lights.zip
2015-07-08 21:25 - 2015-07-08 21:25 - 00000000 ____D C:\Users\denve_000\Downloads\friday_night_lights
2015-07-08 21:24 - 2015-07-08 21:24 - 00594775 _____ C:\Users\denve_000\Downloads\candy_inc.zip
2015-07-08 21:24 - 2015-07-08 21:24 - 00000000 ____D C:\Users\denve_000\Downloads\candy_inc
2015-07-07 22:19 - 2015-07-07 22:19 - 00025692 _____ C:\Users\denve_000\Downloads\[kat.cr]the.last.ship.s01e10.hdtv.x264.lol.ettv.torrent
2015-07-07 22:19 - 2015-07-07 22:19 - 00000000 ____D C:\Users\denve_000\Downloads\The Last Ship S01E10 HDTV x264-LOL[ettv]
2015-07-07 18:46 - 2015-07-07 18:46 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\(3C-A1-0D-17-B2-E2)
2015-07-06 10:42 - 2015-07-06 10:43 - 00030690 _____ C:\Users\denve_000\Downloads\Addition.txt
2015-07-06 10:41 - 2015-07-15 09:52 - 00000000 ____D C:\FRST
2015-06-30 20:37 - 2015-06-30 20:37 - 00000000 ____D C:\Users\denve_000\Documents\Hasty Bake Class
2015-06-29 17:36 - 2015-06-29 17:36 - 06565736 _____ (Piriform Ltd) C:\Users\denve_000\Downloads\ccsetup507.exe
2015-06-28 14:51 - 2015-06-28 14:55 - 00000000 ____D C:\Users\denve_000\Desktop\Media From Phone
2015-06-28 14:47 - 2015-06-28 14:51 - 00000000 ____D C:\Users\denve_000\Downloads\Justified Season 5-6 S05-S06 720p BluRay x264-DEMAND [RiCK]
2015-06-28 14:44 - 2015-06-28 14:44 - 00080942 _____ C:\Users\denve_000\Downloads\6ABEB2E3CCE3BD626DE291DC9071886008D3AF02.torrent
2015-06-25 22:50 - 2015-06-25 22:50 - 00000000 ____D C:\Users\denve_000\Downloads\Big.Brother.US.S17E02.HDTV.x264-MiNDTHEGAP[rarbg]
2015-06-25 22:49 - 2015-06-25 22:49 - 00028762 _____ C:\Users\denve_000\Downloads\[kat.cr]big.brother.us.s17e02.hdtv.x264.mindthegap.rartv.torrent
2015-06-25 22:46 - 2015-06-25 22:58 - 585055882 ____R C:\Users\denve_000\Downloads\Big.Brother.US.S17E02.HDTV-MegaTV.mp4
2015-06-25 22:45 - 2015-06-25 22:45 - 00011890 _____ C:\Users\denve_000\Downloads\[kat.cr]big.brother.us.s17e02.hdtv.megatv.torrent
2015-06-15 08:22 - 2015-06-19 08:32 - 00003222 _____ C:\windows\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-15 01:48 - 2015-06-15 01:57 - 00000000 ____D C:\Users\denve_000\Downloads\San Andreas Quake (2015) [1080p]
2015-06-15 01:47 - 2015-06-15 01:58 - 00000000 ____D C:\Users\denve_000\Downloads\Edge of Tomorrow (2014) [1080p]
2015-06-15 01:29 - 2015-06-15 01:50 - 00000000 ____D C:\Users\denve_000\Downloads\John Wick (2014) [1080p]
2015-06-15 01:23 - 2015-06-15 01:23 - 00000000 ____D C:\Users\denve_000\Downloads\Whiplash (2014) [1080p]
2015-06-15 01:01 - 2015-06-15 01:03 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\DivX
2015-06-15 01:01 - 2015-06-15 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-06-15 01:01 - 2015-06-15 01:01 - 00000000 ____D C:\Program Files\DivX
2015-06-15 01:00 - 2015-06-15 01:02 - 00000000 ____D C:\ProgramData\DivX
2015-06-15 01:00 - 2015-06-15 01:02 - 00000000 ____D C:\Program Files (x86)\DivX
2015-06-15 01:00 - 2015-06-15 01:00 - 01010672 _____ (DivX, LLC) C:\Users\denve_000\Downloads\DivXInstaller.exe
2015-06-15 00:52 - 2015-06-15 00:52 - 00000000 ____D C:\Program Files (x86)\mp4player_setup
2015-06-15 00:51 - 2015-06-15 00:51 - 02168320 _____ C:\Users\denve_000\Downloads\mp4player_setup.msi
2015-06-15 00:44 - 2015-07-15 09:49 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 00:44 - 2015-07-15 00:49 - 00000924 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 00:44 - 2015-07-14 11:51 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-15 00:44 - 2015-06-15 00:44 - 00003900 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-15 00:44 - 2015-06-15 00:44 - 00003664 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-15 00:44 - 2015-06-15 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-15 00:43 - 2015-06-15 00:43 - 00931408 _____ (Google Inc.) C:\Users\denve_000\Downloads\ChromeSetup(1).exe
2015-06-15 00:13 - 2015-07-15 08:55 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 00:13 - 2015-06-29 17:33 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-15 00:13 - 2015-06-29 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-15 00:13 - 2015-06-29 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-15 00:13 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-15 00:13 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-15 00:13 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-15 00:13 - 2015-06-15 00:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-15 00:09 - 2015-06-15 00:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\denve_000\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-06-15 00:09 - 2015-06-15 00:09 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\denve_000\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-15 00:04 - 2015-06-15 01:13 - 00000000 ____D C:\Users\denve_000\Downloads\Fury (2014) [1080p]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-15 09:53 - 2015-06-11 13:48 - 00000948 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001UA.job
2015-07-15 09:51 - 2015-02-17 21:51 - 00000330 _____ C:\windows\Tasks\UpdaterEX.job
2015-07-15 09:26 - 2015-06-12 08:59 - 00015019 _____ C:\windows\setupact.log
2015-07-15 09:19 - 2015-06-11 17:38 - 01098050 _____ C:\windows\WindowsUpdate.log
2015-07-15 09:05 - 2015-05-12 10:45 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-15 09:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-07-15 05:43 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-15 02:00 - 2015-02-17 22:39 - 00000000 ____D C:\Users\denve_000\AppData\Local\Adobe
2015-07-14 17:19 - 2015-02-17 21:49 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1626269264-1846653108-2338462542-1001
2015-07-14 16:44 - 2015-02-19 10:32 - 00000000 ____D C:\Users\denve_000\Documents\Bills
2015-07-14 16:38 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-14 13:53 - 2015-06-11 13:48 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001Core.job
2015-07-14 13:05 - 2015-05-12 10:45 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-12 12:16 - 2015-03-02 00:37 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\vlc
2015-07-12 12:12 - 2014-03-18 04:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-12 11:42 - 2015-02-19 10:36 - 00000000 ____D C:\Users\denve_000\Documents\Wedding Stuff
2015-07-12 09:27 - 2014-12-03 02:38 - 00016896 _____ C:\windows\system32\VfService.trf
2015-07-10 17:09 - 2015-04-01 14:53 - 00000000 ___HD C:\Users\denve_000\AppData\Local\7210ea446d482758
2015-07-07 22:29 - 2015-02-18 00:08 - 00000000 ____D C:\Users\denve_000\AppData\Roaming\uTorrent
2015-07-07 16:52 - 2015-02-17 21:51 - 00000000 ____D C:\Users\denve_000\AppData\Local\CrashDumps
2015-07-07 10:39 - 2015-02-17 21:45 - 00000000 __RDO C:\Users\denve_000\OneDrive
2015-07-06 16:24 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 16:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 13:54 - 2015-06-08 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 09:44 - 2015-02-19 10:35 - 00000000 ____D C:\Users\denve_000\Documents\Food
2015-07-04 07:18 - 2015-06-14 21:17 - 00012698 _____ C:\windows\PFRO.log
2015-07-04 07:18 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-04 07:18 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-04 07:17 - 2015-02-17 22:36 - 05736100 _____ C:\Users\Public\CAFADEBUG.log
2015-06-30 21:27 - 2015-02-17 21:58 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-06-29 17:36 - 2015-02-17 22:59 - 00000000 ____D C:\Program Files\CCleaner
2015-06-29 17:34 - 2015-02-17 21:45 - 00000000 ____D C:\Users\denve_000\Documents\Bluetooth Folder
2015-06-23 02:21 - 2015-05-22 19:38 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-15 08:22 - 2015-03-19 00:35 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-15 08:22 - 2015-03-19 00:35 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-15 00:44 - 2015-02-17 21:58 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-15 00:41 - 2015-02-17 21:51 - 00000000 __SHD C:\Users\denve_000\AppData\Local\EmieSiteList
2015-06-15 00:30 - 2015-02-18 00:09 - 00000000 ____D C:\ProgramData\APN
2015-06-15 00:03 - 2015-06-14 23:43 - 00000000 ____D C:\Users\denve_000\Downloads\The Imitation Game (2014) [1080p]
 
==================== Files in the root of some directories =======
 
2015-02-21 09:59 - 2015-02-21 09:59 - 14190648 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-02-17 22:36 - 2015-04-04 09:21 - 0000135 _____ () C:\Users\denve_000\AppData\Roaming\WB.CFG
2015-04-18 15:35 - 2015-04-18 15:35 - 0177364 _____ () C:\Users\denve_000\AppData\Local\ars.cache
2015-04-18 15:35 - 2015-04-18 15:35 - 0405167 _____ () C:\Users\denve_000\AppData\Local\census.cache
2015-02-19 11:52 - 2015-02-19 11:52 - 0234679 _____ () C:\Users\denve_000\AppData\Local\dsi1.dat
2015-02-19 11:52 - 2015-02-19 11:52 - 0161916 _____ () C:\Users\denve_000\AppData\Local\dsi2.dat
2015-04-18 15:24 - 2015-04-18 15:24 - 0000036 _____ () C:\Users\denve_000\AppData\Local\housecall.guid.cache
2015-04-18 15:32 - 2015-04-18 15:32 - 0000010 _____ () C:\Users\denve_000\AppData\Local\sponge.last.runtime.cache
2014-12-03 01:59 - 2014-12-03 01:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-12 19:43
 
==================== End of log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by denve_000 at 2015-07-15 09:53:03
Running from C:\Users\denve_000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1626269264-1846653108-2338462542-500 - Administrator - Disabled)
denve_000 (S-1-5-21-1626269264-1846653108-2338462542-1001 - Administrator - Enabled) => C:\Users\denve_000
Guest (S-1-5-21-1626269264-1846653108-2338462542-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
ChromecastApp (HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Spotify (HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.0 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1626269264-1846653108-2338462542-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\denve_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1626269264-1846653108-2338462542-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\denve_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
25-06-2015 01:15:44 Windows Update
02-07-2015 17:46:57 Scheduled Checkpoint
09-07-2015 05:38:53 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-02-17 22:46 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0013D1CB-528D-4020-B3D7-6536B5B48763} - \Gamma Task Menager Cleaner No Task File <==== ATTENTION
Task: {0A5295BF-B6D6-48CE-A98E-F80271A1D5A4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {1089123B-DFCA-4F50-ACA6-3482DF820BA4} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-denver.boren@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {1397CF9F-EFAA-4B84-B658-08F97F60E726} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1CCA104B-FBEA-47E1-AA89-87B865BE460F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001Core => C:\Users\denve_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {3317A024-A9F4-4433-87F0-33696F81CAEB} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {33B71FB9-2C50-441C-86DF-CBE2C19FC274} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {35A550CC-B310-46F5-94B0-24E510AC0FBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001UA => C:\Users\denve_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {3C0CD292-5B4D-4C99-BB75-737CFECA7836} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {3EF54BBB-AA3F-45CB-AD99-EF2C1DDA6BBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {4349864F-983A-4C62-806E-4752D75E6A3D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-13] (Synaptics Incorporated)
Task: {66335A10-1213-4DFA-87D2-D5961ACD9A1E} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
Task: {89D7CCE3-0370-4990-917C-14C62B1D20BC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8D29E3D5-1E9D-453B-92D8-B1C8ADBD5B5E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8FEF793E-BFE4-4258-A9D7-6383D929C450} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {952F308F-86C6-4939-ABB9-64273D426870} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {A7D08EA8-0983-4758-94CA-EACEE7619C9E} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {A7E3DF6E-2379-46A8-B114-9EC2520D2549} - System32\Tasks\UpdaterEX => C:\Users\DENVE_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B261AD43-9607-45A0-95F1-B8B1FC5801AA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {B3DED417-8673-4333-AD6C-F2760BCF5192} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {B572FBAA-0BF7-4ED1-B60D-794361EDFB83} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {CDC83963-EA84-4575-9533-AE8F91E81C4F} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {D3EC8470-4886-42DA-B9E7-1544CB869B3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {DB20DEE1-25BE-4C38-9B98-F26D88B1B104} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {E099213C-441B-4376-8D92-418D4B662E21} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {EDFE15FE-E8DE-4C8D-A13E-D358DF3D0ACB} - System32\Tasks\Win Installer => C:\Users\denve_000\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {F22451D3-D283-4E67-A4FB-C4D96429B0CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-09] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001Core.job => C:\Users\denve_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626269264-1846653108-2338462542-1001UA.job => C:\Users\denve_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\UpdaterEX.job => 0x0306010030AFCF4CA80FF8438A6D169002C8DBD9460018010000000044440000200000000014730F030007800013040020208021DF07070003000F0009003300000011000000410043003A005C00550073006500720073005C00440045004E00560045005F007E0031005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000160042006F00720065006E004C006100700074006F0070005C00640065006E00760065005F0030003000300000000000000008000000000000000000010030000000D2070300070000000000000014003300A00500003C0000000000000001000000010000000000000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-03 02:38 - 2014-12-03 02:38 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-12-03 02:38 - 2014-12-03 02:38 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-07 04:48 - 2013-09-07 04:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 04:45 - 2013-09-07 04:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 04:52 - 2013-09-07 04:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-09-07 04:52 - 2013-09-07 04:52 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-12-03 02:38 - 2014-12-03 02:38 - 00082704 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfCamera.dll
2015-05-17 09:26 - 2015-05-17 09:26 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-17 09:26 - 2015-05-17 09:26 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-03 10:24 - 2015-07-03 10:24 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070300\algo.dll
2015-07-15 05:42 - 2015-07-15 05:42 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071500\algo.dll
2015-03-22 18:32 - 2015-03-22 18:32 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-14 11:51 - 2015-07-13 16:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 11:51 - 2015-07-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\denve_000\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.10.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\StartupApproved\StartupFolder: => "SuperOptimizer.lnk"
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_602651FF7CA30ACC4692C273F757A7C9"
HKU\S-1-5-21-1626269264-1846653108-2338462542-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{13D261EE-E463-485F-B6C5-FB7D6481CA3C}] => (Allow) LPort=55100
FirewallRules: [{269A04DD-6E1C-4859-A6FB-0711A8C39C55}] => (Allow) C:\Users\denve_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B9824A50-3EC3-49D6-8A25-5C520DD894A4}] => (Allow) C:\Users\denve_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E65AA42D-75FE-4E27-B000-F3C11A817332}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DB4B8519-F028-453F-BA9D-50ED48B3CAD4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D961BE33-B7C6-42E1-834C-74E176821404}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{43640C3B-7DA8-4D25-ADFE-3EFC8ECE0167}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1A2B0B5A-BA2D-4047-BE34-33AEC36A95AB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FFFB88E4-0390-4CBC-A183-B1F4F492166F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C55EB1B5-0C37-46B2-BB0C-1BDFC6FAAED8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F1721685-00A3-4A26-A91C-63F7B912DB76}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{59BCFED0-2E0E-4B6B-9599-F524D35E6AD5}] => (Allow) LPort=5556
FirewallRules: [{B3767BCE-2CDD-46C6-A9E3-26199F35CB77}] => (Allow) LPort=5558
FirewallRules: [TCP Query User{544AFEE5-FEC3-47D5-A7A6-00F111CF184C}C:\users\denve_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\denve_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4E2E229E-6BF5-44BF-9ECA-551513246EE7}C:\users\denve_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\denve_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{93C0CDC0-4CE7-4DF1-8DA0-25B8EE0B14FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E6DAAC2-9646-4FB0-A159-7C896583F104}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{323D9FB7-ACC0-4884-B41C-2D53999F0862}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{ED723068-A63C-4C53-9815-DB12C338994D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2C7D88C9-2DB7-466A-BDA1-633DBDFC634D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2015 05:57:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/14/2015 01:24:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/13/2015 09:27:04 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/12/2015 10:27:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.3.9600.17415, time stamp: 0x5450541b
Faulting module name: VfCredProv.dll_unloaded, version: 0.0.0.0, time stamp: 0x519ca83b
Exception code: 0xc0000005
Fault offset: 0x0000000000003916
Faulting process id: 0x2c68
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3
Faulting package full name: LogonUI.exe4
Faulting package-relative application ID: LogonUI.exe5
 
Error: (07/12/2015 09:26:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.3.9600.17415, time stamp: 0x5450541b
Faulting module name: VfCredProv.dll_unloaded, version: 0.0.0.0, time stamp: 0x519ca83b
Exception code: 0xc0000005
Fault offset: 0x0000000000003206
Faulting process id: 0x2b30
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3
Faulting package full name: LogonUI.exe4
Faulting package-relative application ID: LogonUI.exe5
 
Error: (07/11/2015 03:51:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.3.9600.17415, time stamp: 0x5450541b
Faulting module name: VfCredProv.dll_unloaded, version: 0.0.0.0, time stamp: 0x519ca83b
Exception code: 0xc0000005
Fault offset: 0x00000000000031a8
Faulting process id: 0x2c68
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3
Faulting package full name: LogonUI.exe4
Faulting package-relative application ID: LogonUI.exe5
 
Error: (07/11/2015 09:32:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/10/2015 03:15:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.3.9600.17415, time stamp: 0x5450541b
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x00000000000551e0
Faulting process id: 0x30f0
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3
Faulting package full name: LogonUI.exe4
Faulting package-relative application ID: LogonUI.exe5
 
Error: (07/10/2015 03:11:42 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/09/2015 02:43:05 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
 
System errors:
=============
Error: (07/07/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/07/2015 09:47:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/07/2015 09:46:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/04/2015 07:22:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/02/2015 10:49:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VeriFaceSrv service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/02/2015 10:49:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant SmartAudio service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/02/2015 10:48:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/02/2015 10:48:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/02/2015 10:33:10 AM) (Source: DCOM) (EventID: 10010) (User: BORENLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/02/2015 10:33:10 AM) (Source: DCOM) (EventID: 10010) (User: BORENLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office:
=========================
Error: (07/15/2015 05:57:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/14/2015 01:24:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/13/2015 09:27:04 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/12/2015 10:27:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bVfCredProv.dll_unloaded0.0.0.0519ca83bc000000500000000000039162c6801d0bcafc1badba6C:\windows\system32\LogonUI.exeVfCredProv.dll88fe9f2d-28aa-11e5-8273-acb57d893b17
 
Error: (07/12/2015 09:26:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bVfCredProv.dll_unloaded0.0.0.0519ca83bc000000500000000000032062b3001d0bc258111e4f0C:\windows\system32\LogonUI.exeVfCredProv.dll0a2a82b4-28a2-11e5-8273-acb57d893b17
 
Error: (07/11/2015 03:51:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bVfCredProv.dll_unloaded0.0.0.0519ca83bc000000500000000000031a82c6801d0bbfd3e2f37b6C:\windows\system32\LogonUI.exeVfCredProv.dll98bf6fdf-280e-11e5-8273-acb57d893b17
 
Error: (07/11/2015 09:32:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/10/2015 03:15:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bntdll.dll6.3.9600.17736550f4336c000000500000000000551e030f001d0bb278520e856C:\windows\system32\LogonUI.exeC:\windows\SYSTEM32\ntdll.dll5f51e179-2740-11e5-8273-acb57d893b17
 
Error: (07/10/2015 03:11:42 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/09/2015 02:43:05 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-22 21:13:30.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8104.27 MB
Available physical RAM: 5392.53 MB
Total Virtual: 10162.18 MB
Available Virtual: 6873.15 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:889.76 GB) (Free:646.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:11.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 78C6E0AF)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 15 July 2015 - 10:20 AM

Greetings Denver. I could have provided more specific instructions.

Let's run this fix.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2015-07-15 09:51 - 2015-02-17 21:51 - 00000330 _____ C:\windows\Tasks\UpdaterEX.job
Task: {0013D1CB-528D-4020-B3D7-6536B5B48763} - \Gamma Task Menager Cleaner No Task File <==== ATTENTION
Task: {A7E3DF6E-2379-46A8-B114-9EC2520D2549} - System32\Tasks\UpdaterEX => C:\Users\DENVE_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\DENVE_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
Task: {EDFE15FE-E8DE-4C8D-A13E-D358DF3D0ACB} - System32\Tasks\Win Installer => C:\Users\denve_000\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
C:\Users\denve_000\AppData\Roaming\Updater
Task: C:\windows\Tasks\UpdaterEX.job => 0x0306010030AFCF4CA80FF8438A6D169002C8DBD9460018010000000044440000200000000014730F030007800013040020208021DF07070003000F0009003300000011000000410043003A005C00550073006500720073005C00440045004E00560045005F007E0031005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000160042006F00720065006E004C006100700074006F0070005C00640065006E00760065005F0030003000300000000000000008000000000000000000010030000000D2070300070000000000000014003300A00500003C0000000000000001000000010000000000000000000000
AlternateDataStreams: C:\Users\denve_000\OneDrive:ms-properties
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 dboren23

dboren23
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 July 2015 - 10:43 AM

The fixlog information is below. As for the computer performance, the speed of my computer doesn't seem to be slowed by this virus/malware. The Total Ad Performance only showed itself when my Avast anti-virus gave me a "threat has been detected" notification. So, I suppose I'll know if the threat has been removed by browsing, which I'll be doing a lot of in the next few days. Should I just reply with the performance after I've had some time to see if the fix worked?

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by denve_000 at 2015-07-15 10:38:15 Run:8
Running from C:\Users\denve_000\Desktop
Loaded Profiles: denve_000 (Available Profiles: denve_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2015-07-15 09:51 - 2015-02-17 21:51 - 00000330 _____ C:\windows\Tasks\UpdaterEX.job
Task: {0013D1CB-528D-4020-B3D7-6536B5B48763} - \Gamma Task Menager Cleaner No Task File <==== ATTENTION
Task: {A7E3DF6E-2379-46A8-B114-9EC2520D2549} - System32\Tasks\UpdaterEX => C:\Users\DENVE_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\DENVE_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
Task: {EDFE15FE-E8DE-4C8D-A13E-D358DF3D0ACB} - System32\Tasks\Win Installer => C:\Users\denve_000\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
C:\Users\denve_000\AppData\Roaming\Updater
Task: C:\windows\Tasks\UpdaterEX.job => 0x0306010030AFCF4CA80FF8438A6D169002C8DBD9460018010000000044440000200000000014730F030007800013040020208021DF07070003000F0009003300000011000000410043003A005C00550073006500720073005C00440045004E00560045005F007E0031005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000160042006F00720065006E004C006100700074006F0070005C00640065006E00760065005F0030003000300000000000000008000000000000000000010030000000D2070300070000000000000014003300A00500003C0000000000000001000000010000000000000000000000
AlternateDataStreams: C:\Users\denve_000\OneDrive:ms-properties
*****************
 
C:\windows\Tasks\UpdaterEX.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0013D1CB-528D-4020-B3D7-6536B5B48763}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0013D1CB-528D-4020-B3D7-6536B5B48763}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gamma Task Menager Cleaner" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7E3DF6E-2379-46A8-B114-9EC2520D2549}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7E3DF6E-2379-46A8-B114-9EC2520D2549}" => key removed successfully
C:\Windows\System32\Tasks\UpdaterEX => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => key removed successfully
"C:\Users\DENVE_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDFE15FE-E8DE-4C8D-A13E-D358DF3D0ACB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDFE15FE-E8DE-4C8D-A13E-D358DF3D0ACB}" => key removed successfully
C:\Windows\System32\Tasks\Win Installer => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Installer" => key removed successfully
"C:\Users\denve_000\AppData\Roaming\Updater" => File/Folder not found.
C:\windows\Tasks\UpdaterEX.job not found.
"C:\Users\denve_000\OneDrive" => ":ms-properties" ADS not found.
 
==== End of Fixlog 10:38:15 ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 15 July 2015 - 10:57 AM

I would like you to touch base by tomorrow, or sooner if you get a pop up. In the meantime let's do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • ESET report
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 dboren23

dboren23
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 July 2015 - 01:48 PM

Here are the results of the scans:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 7/15/2015 11:25:41 AM
User account: BORENLAPTOP\denve_000
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 7/15/2015 11:27:42 AM
C:\ProgramData\apn detected: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} detected: Application.AdGenie (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\NETWORK\VDWFP detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{617E26CE-E6E1-4C75-A68A-A001F2B98491} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8128586C-DF69-4266-873F-CF4C6F705A7C} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{617E26CE-E6E1-4C75-A68A-A001F2B98491} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8128586C-DF69-4266-873F-CF4C6F705A7C} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD} detected: Adware.Superfish (A)
 
Scanned 81103
Found 45
 
Scan end: 7/15/2015 11:33:01 AM
Scan time: 0:05:19
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8128586C-DF69-4266-873F-CF4C6F705A7C} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{617E26CE-E6E1-4C75-A68A-A001F2B98491} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\NETWORK\VDWFP Quarantined Adware.Superfish (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Quarantined Application.AdGenie (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
C:\ProgramData\apn Quarantined Application.AppInstall (A)
 
Quarantined 26
 
 
 
 
 

C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deleting - quarantined
C:\Users\denve_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_037a23 HTML/FakeAlert.AK trojan cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\cbsidlm-cbsi118-mHotspot-BP-75452123.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\cbsidlm-cbsi145-Free_PDF_to_JPG-SEO-75728284.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\cbsidlm-cbsi183-Any_Video_Converter-SEO-10661456.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\cbsidlm-cbsi183-Free_AVI_to_MP4_Converter-SEO-75891861.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\FileZilla_3.10.1.1_win32-setup.exe a variant of Win32/InstallCore.WI potentially unwanted application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\freeripmp3-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\FreeYouTubeDownloaderInstaller.exe Win32/Somoto.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\Software\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\ecodsoft-keylogger.exe a variant of Win32/KeyLogger.iSafeKeylogger application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\Software\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\Keylogger\iSafeProtect.dll Win32/KeyLogger.iSafeKeylogger application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\Software\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\Keylogger\USBFind.dll Win32/KeyLogger.iSafeKeylogger application cleaned by deleting - quarantined
C:\Users\denve_000\Documents\Old Files\Downloads\Software\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\Ecodsoft Keylogger v3.5.8 By Adrian Dennis\Keylogger\winsrv.exe a variant of Win32/KeyLogger.iSafeKeylogger application cleaned by deleting - quarantined
 
 
 
 
 

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (39.0) 
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:48 PM

Posted 15 July 2015 - 01:56 PM

That looks great. Give it a good workout and touch base tomorrow unless something comes up.

 

Nice work.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users