Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I get rid of blue double-underlined words and pop up ads?In


  • Please log in to reply
5 replies to this topic

#1 KenSZ

KenSZ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 12 September 2015 - 11:56 AM

In a Chrome web page many words have blue double underlines; on mouse over an ad pops up. How can I get rid of the double underlines? Can I do this for other browsers?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Ken (administrator) on KENTHINKPAD (11-09-2015 11:12:11)
Running from C:\Users\Ken\Desktop
Loaded Profiles: Ken (Available Profiles: Ken)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(The Workrave development team) C:\Program Files (x86)\Workrave\lib\Workrave.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Don HO don.h@free.fr) C:\Software\Notepad++\npp.6.7.7.bin\notepad++.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Workrave\lib\WorkraveHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-13] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Check Point Endpoint Security] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [738824 2010-09-26] (Check Point Software Technologies)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\...\Run: [Workrave] => C:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team)
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\...\Run: [Google Update] => C:\Users\Ken\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\...\Run: [GoogleChromeAutoLaunch_861707E8F7A97EE6849DE009D6312468] => C:\Users\Ken\AppData\Local\Google\Chrome SxS\Application\chrome.exe [803144 2015-09-11] (Google Inc.)
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1238152 2015-04-23] (Ruiware)
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\...\Run: [3E04CDCF51BC64C6D6E520520BB7F76D39810925._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\...\Run: [Dropbox Update] => C:\Users\Ken\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-24] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3DC76361-4875-4BE9-BC56-6300F8973E6A}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B408624B-9E8F-400D-806B-72EE22BE39CE}: [DhcpNameServer] 10.9.200.1
Tcpip\..\Interfaces\{D871B2A1-27F6-44AC-B9AF-5034BAAE367F}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-24] (AVAST Software)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-24] (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-06-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2777158130-3766288472-1289631861-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\q27lukv7.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxps://www.google.com/calendar/render?#h
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2013-08-07] (AuthenTec, Inc)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\SysWOW64\npdeployJava1.dll [2013-10-03] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-10] (VideoLAN)
FF Plugin HKU\S-1-5-21-2777158130-3766288472-1289631861-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ken\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2777158130-3766288472-1289631861-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ken\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF SearchPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\q27lukv7.default\searchplugins\yahoo-avast.xml [2014-06-08]
FF Extension: Google Web Toolkit Developer Plugin for Firefox - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\q27lukv7.default\Extensions\gwt-dev-plugin@google.com [2014-05-23]
FF Extension: Advertising Cookie Opt-out - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\q27lukv7.default\Extensions\optout@google.com.xpi [2014-10-06]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-26]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2014-03-26]
FF Extension: No Name - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\q27lukv7.default\extensions\hacktheweb@instantfox.com.xpi [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/calendar/render?pli=1&gsessionid=Pj6UkCChnWCXfeMnhgHwVQ
CHR StartupUrls: Default -> "hxxps://www.google.com/calendar/render?pli=1&gsessionid=Pj6UkCChnWCXfeMnhgHwVQ#g","hxxps://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (YouTube) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (GWT DMP Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.11357_0\WINNT_x86-msvc/npGwtDevPlugin.dll (Google Inc)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)
CHR Plugin: (Google Update) - C:\Users\Ken\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Profile: C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Web Developer) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-03-01]
CHR Extension: (YouTube) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-06]
CHR Extension: (\n\thttp://learnable.com/store/cart/add/139,169) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocpikcoleijlckogbadadafkpblddcn [2013-10-30]
CHR Extension: (Google Search) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-06]
CHR Extension: (Chromebleed) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-29]
CHR Extension: (Google Calendar) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-12-31]
CHR Extension: (Page Eraser) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2013-10-14]
CHR Extension: (https://www.google.com/calendar/render?gsessi) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggboobajebombbjolfinilmachejiipd [2012-12-14]
CHR Extension: (CSSViewer) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce [2015-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-14]
CHR Extension: (EasyVoiceSearch) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifabnpjjgbggngmgijikmfjkppdhfpgj [2014-12-31]
CHR Extension: (GWT Developer Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim [2013-03-01]
CHR Extension: (Google Voice (by Google)) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-12-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (http://att.my.yahoo.com/) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgjmbdppcbclnejcolhagpmfefebpdl [2014-09-08]
CHR Extension: (Save to Pocket) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-09-11]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2015-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2015-06-01]
CHR Extension: (Gmail) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-06]
CHR HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-24] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
S2 intelsba; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [50440 2012-11-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1114608 2013-12-12] ()
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-05] (Samsung Electronics) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4142608 2010-09-26] (Check Point Software Technologies)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-05-28] (WiseCleaner.com) [File not signed]
S2 HPSLPSVC; C:\Users\Ken\AppData\Local\Temp\7zS6DBE\hpslpsvc64.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2012-12-14] (Google Inc)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-24] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-21] (Intel Corporation)
R0 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [637360 2012-03-21] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R0 mv64xx; C:\Windows\System32\drivers\mv64xx.sys [333352 2011-04-11] (Marvell Semiconductor, Inc.)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [169992 2015-04-02] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-20] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2010-09-26] (Check Point Software Technologies)
R1 vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [457264 2010-09-13] (Check Point Software Technologies Ltd.)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-06-06] (WinISO.com)
U2 CP_OMDRV; no ImagePath
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
U2 VNASC; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 11:12 - 2015-09-11 11:13 - 00037254 _____ C:\Users\Ken\Desktop\FRST.txt
2015-09-11 11:11 - 2015-09-11 11:12 - 00000000 ____D C:\FRST
2015-09-11 11:10 - 2015-09-11 11:10 - 02190848 _____ (Farbar) C:\Users\Ken\Desktop\FRST64.exe
2015-09-11 11:07 - 2015-09-11 11:07 - 00000138 _____ C:\Users\Ken\Desktop\How do I get rid of blue double-underlined words and pop up ads- - Virus, Trojan, Spyware, and Malware Removal Logs.url
2015-09-11 11:03 - 2015-09-11 11:03 - 00000000 ____D C:\Users\Ken\New folder
2015-09-11 10:52 - 2015-09-11 10:56 - 00000000 ____D C:\AdwCleaner
2015-09-11 10:49 - 2015-09-11 10:49 - 01660416 _____ C:\Users\Ken\Desktop\AdwCleaner.exe
2015-09-10 15:54 - 2015-09-10 15:54 - 00022763 _____ C:\Users\Ken\Downloads\Fwd  TheGreen  post-budget Education update.eml.html
2015-09-09 07:24 - 2015-09-11 11:02 - 00203075 _____ C:\Windows\WindowsUpdate.log
2015-09-08 23:50 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 23:50 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 23:50 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 23:50 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-08 23:50 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-08 23:50 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 23:50 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 23:50 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 23:50 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 23:50 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 23:50 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 23:50 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 23:50 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 23:50 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 23:49 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 23:49 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 23:49 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 23:49 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 23:49 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 23:49 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 23:49 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 23:49 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 23:49 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 23:49 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 23:49 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 23:49 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 23:49 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 23:49 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 23:49 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 23:49 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 23:49 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 23:49 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 23:49 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 23:49 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 23:49 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 23:49 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 23:49 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 23:49 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 23:49 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 23:49 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 23:49 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 23:49 - 2015-08-22 09:40 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 23:49 - 2015-08-22 09:40 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-08 23:49 - 2015-08-22 09:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-08 23:49 - 2015-08-22 08:51 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 23:49 - 2015-08-22 08:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 23:49 - 2015-08-22 08:51 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 23:49 - 2015-08-22 08:51 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 23:49 - 2015-08-22 08:50 - 19291648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 23:49 - 2015-08-22 08:50 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 23:49 - 2015-08-22 08:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 23:49 - 2015-08-20 13:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-08 23:49 - 2015-08-20 13:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 23:49 - 2015-08-20 13:21 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-08 23:49 - 2015-08-20 13:19 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 23:49 - 2015-08-20 12:56 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-09-08 23:49 - 2015-08-20 12:55 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-09-08 17:10 - 2015-09-08 18:09 - 3018306228 _____ C:\Users\Ken\Downloads\601-HD.mov
2015-09-08 12:03 - 2015-09-08 12:03 - 00170964 ____H C:\Windows\SysWOW64\mlfcache.dat
2015-09-08 12:02 - 2014-04-21 11:03 - 00002503 _____ C:\Users\Ken\Desktop\Safari.lnk
2015-09-05 16:52 - 2015-09-11 11:09 - 00003241 _____ C:\Windows\setupact.log
2015-09-05 16:52 - 2015-09-05 16:52 - 00000000 _____ C:\Windows\setuperr.log
2015-09-01 16:40 - 2015-09-01 16:40 - 00000207 _____ C:\Users\Ken\Desktop\ExtendBootstrap.URL
2015-09-01 10:53 - 2015-09-01 10:53 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 11:49 - 2015-08-31 11:49 - 00000500 _____ C:\Users\Ken\Desktop\JorgeRamos.txt
2015-08-30 10:14 - 2015-08-30 10:14 - 00000244 _____ C:\Users\Ken\Desktop\1491 - The Atlantic.URL
2015-08-24 12:42 - 2015-08-24 12:42 - 00000000 ____D C:\Windows\SysWOW64\Zonelabs
2015-08-24 12:42 - 2015-08-24 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-08-24 12:20 - 2015-08-24 12:22 - 00000000 ____D C:\NewVPN
2015-08-24 11:14 - 2015-08-24 11:14 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-24 11:14 - 2015-08-24 11:14 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-21 09:43 - 2015-08-21 09:43 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-08-16 14:49 - 2015-08-16 15:00 - 00005853 _____ C:\Users\Ken\Desktop\HamiltonInNormandy.txt
2015-08-15 12:52 - 2015-08-15 12:53 - 00000000 ____D C:\Users\Ken\Downloads\Patrick
2015-08-13 03:08 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:08 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:42 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 04:42 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 04:42 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 04:42 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 04:42 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 04:42 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 04:42 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 04:42 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 04:42 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 04:42 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 04:42 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 04:42 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 04:42 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 04:42 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 04:42 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 04:42 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 04:42 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 04:42 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 04:42 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 04:42 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 04:42 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 04:42 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 04:42 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 04:42 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 04:42 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 04:42 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 04:42 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 04:42 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 04:42 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 04:42 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 04:42 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 04:42 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 04:42 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 04:42 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 04:42 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 04:42 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 04:42 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 04:42 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 04:42 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 04:42 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 04:42 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 04:42 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 04:42 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 04:42 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 04:42 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 04:42 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 04:42 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 04:42 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 04:42 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 04:42 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 04:42 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 04:42 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 04:41 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 04:41 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 04:41 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 04:41 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 04:41 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 04:41 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 04:41 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 04:41 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 04:41 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 04:41 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 04:41 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 04:41 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 04:41 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 04:41 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 04:41 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 04:41 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 04:41 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 04:41 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 04:41 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 04:41 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 04:41 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 04:40 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 04:40 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 04:40 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 11:10 - 2013-04-04 17:01 - 00000000 ____D C:\Users\Ken\AppData\Roaming\TeraCopy
2015-09-11 11:09 - 2015-06-15 19:59 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2777158130-3766288472-1289631861-1000UA.job
2015-09-11 11:07 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-11 11:07 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-11 11:05 - 2012-12-07 13:51 - 00000000 ____D C:\Program Files (x86)\Everything
2015-09-11 11:03 - 2012-12-06 20:10 - 00000000 ____D C:\Users\Ken
2015-09-11 11:00 - 2012-12-09 11:25 - 00000000 ___RD C:\Users\Ken\Dropbox
2015-09-11 11:00 - 2012-12-09 11:23 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Dropbox
2015-09-11 10:59 - 2014-05-16 22:47 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 10:59 - 2014-02-22 17:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 10:59 - 2013-05-31 10:23 - 00000418 _____ C:\Windows\Tasks\Wise Care 365.job
2015-09-11 10:59 - 2013-05-31 10:20 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Wise Care 365
2015-09-11 10:59 - 2012-11-08 12:18 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-09-11 10:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 10:48 - 2015-06-23 10:16 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Jarte
2015-09-11 10:39 - 2013-10-14 12:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 10:29 - 2012-12-08 22:12 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777158130-3766288472-1289631861-1000UA.job
2015-09-11 10:00 - 2013-05-31 10:23 - 00000398 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2015-09-11 08:22 - 2015-06-15 19:59 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2777158130-3766288472-1289631861-1000Core.job
2015-09-10 21:35 - 2009-07-14 00:13 - 00753248 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 20:29 - 2012-12-08 22:12 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777158130-3766288472-1289631861-1000Core.job
2015-09-10 15:55 - 2012-11-08 12:18 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-09-09 15:22 - 2012-12-26 15:00 - 00000000 ____D C:\medical
2015-09-09 08:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 07:25 - 2015-05-16 16:19 - 00000000 ____D C:\ProgramData\ProductData
2015-09-09 07:24 - 2011-02-24 12:03 - 00000000 ____D C:\Windows\Panther
2015-09-09 07:23 - 2009-07-13 23:45 - 00356672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 03:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-08 12:45 - 2015-04-16 16:56 - 00001932 _____ C:\Users\Ken\Desktop\SLhours.xls.lnk
2015-09-08 12:04 - 2014-03-19 16:49 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Apple Computer
2015-09-08 09:36 - 2014-12-01 12:37 - 00007891 _____ C:\Windows\BRRBCOM.INI
2015-09-08 09:35 - 2012-12-10 16:12 - 00000000 ____D C:\Users\Ken\Documents\FinePrint files
2015-09-05 06:10 - 2012-12-07 13:56 - 00000000 ___RD C:\Users\Ken\Desktop\SHORTCUTS
2015-09-05 05:56 - 2014-12-01 12:43 - 00000000 ____D C:\Users\Ken\AppData\Roaming\ControlCenter4
2015-09-01 22:08 - 2012-12-10 16:28 - 00000000 ____D C:\Users\Ken\AppData\Local\CutePDF Writer
2015-08-31 15:42 - 2015-03-28 09:44 - 00001629 _____ C:\Users\Ken\Desktop\Public KENDESK.lnk
2015-08-31 06:08 - 2013-03-26 22:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-29 14:34 - 2014-02-22 17:42 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 14:34 - 2013-10-14 12:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 20:24 - 2012-12-08 22:12 - 00003870 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2777158130-3766288472-1289631861-1000UA
2015-08-27 20:24 - 2012-12-08 22:12 - 00003474 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2777158130-3766288472-1289631861-1000Core
2015-08-26 11:55 - 2014-02-13 13:44 - 00000000 ____D C:\Users\Ken\Desktop\tt
2015-08-24 12:42 - 2012-12-10 12:11 - 00000000 ____D C:\Users\Ken\AppData\Roaming\CheckPoint
2015-08-24 12:42 - 2012-12-10 11:01 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2015-08-24 11:15 - 2013-03-26 22:36 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-24 11:14 - 2014-04-25 06:15 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-24 11:14 - 2013-12-31 11:51 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-24 11:14 - 2013-03-26 22:49 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-24 11:14 - 2013-03-26 22:49 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-24 11:14 - 2013-03-26 22:36 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-24 11:14 - 2013-03-26 22:36 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-24 11:14 - 2013-03-26 22:36 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-19 20:26 - 2014-06-04 21:42 - 00003828 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1398096786
2015-08-19 20:26 - 2014-04-21 11:13 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-18 17:12 - 2012-12-12 12:06 - 00000000 ____D C:\Users\Public\SL-work
2015-08-13 03:27 - 2013-03-13 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:27 - 2013-03-13 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:08 - 2013-03-13 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2013-10-14 12:00 - 2014-01-11 15:16 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-05-16 19:26 - 2015-05-16 19:26 - 0000000 _____ () C:\Users\Ken\AppData\Roaming\AbsoluteReminder.xml
2013-04-23 16:54 - 2015-06-23 21:52 - 0000703 _____ () C:\Users\Ken\AppData\Roaming\Jarteerror.log
2014-01-23 18:51 - 2014-01-28 15:51 - 0000121 _____ () C:\Users\Ken\AppData\Roaming\WB.CFG
2013-03-06 19:55 - 2013-03-06 19:55 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.3bpony
2013-03-06 19:43 - 2013-03-06 19:43 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.7to37m
2013-03-06 19:54 - 2013-03-06 19:54 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.7zonvc
2013-03-07 13:16 - 2013-03-07 13:16 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.8t9574
2013-03-06 19:56 - 2013-03-06 19:56 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.atr933
2013-03-07 13:16 - 2013-03-07 13:16 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.crjsq3
2013-01-23 09:23 - 2013-01-23 09:23 - 0004478 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.d6avys
2013-01-23 09:23 - 2013-01-23 09:23 - 0004478 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.qkre38
2013-02-25 11:33 - 2013-02-25 11:34 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.uvdjng
2013-03-07 13:16 - 2013-03-07 13:16 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.v2vroc
2013-03-06 19:44 - 2013-03-06 19:44 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.z2bdyp
2013-02-25 11:34 - 2013-02-25 11:34 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.znurth
2013-03-06 19:43 - 2013-03-06 19:43 - 0004519 _____ () C:\Users\Ken\AppData\Local\CPAUTO.tmp.zvbfbo
2012-12-27 20:09 - 2012-12-27 20:09 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Public\X12-30263.exe
 
 
Some files in TEMP:
====================
C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpft2i6a.dll
C:\Users\Ken\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 00:01
 
==================== End of FRST.txt ============================
 
I followed a previous topic, then found that it was locked. Please provide the same directions. 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 13 September 2015 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
CHR HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2777158130-3766288472-1289631861-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\q27lukv7.default\searchplugins\yahoo-avast.xml [2014-06-08]
FF Extension: No Name - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\q27lukv7.default\extensions\hacktheweb@instantfox.com.xpi [not found]
CHR Plugin: (YouTube) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ken\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-14]
CHR HKU\S-1-5-21-2777158130-3766288472-1289631861-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-16]
S2 HPSLPSVC; C:\Users\Ken\AppData\Local\Temp\7zS6DBE\hpslpsvc64.dll [X]
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
U2 CP_OMDRV; no ImagePath
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
U2 VNASC; no ImagePath
Task: {4B4AC305-1282-438E-8BED-67D2FFE816E0} - \MySearchDial -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 18 September 2015 - 08:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 18 September 2015 - 03:45 PM

This topic has been re-opened at the request of the person who originally posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 PM

Posted 23 September 2015 - 06:12 AM

Are you still with me?

#6 KenSZ

KenSZ
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 23 September 2015 - 10:30 AM

Yes, and I appreciate your help.  Urgent matters have kept me away from the computer for a few days. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users