Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware and/or remote control of my computer


  • This topic is locked This topic is locked
5 replies to this topic

#1 tomtennis

tomtennis

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 12 November 2015 - 12:06 AM

I found strange logins at my Microsoft office online account using browsers I dont use on that account (Edge and also Internet Explorer were on the log at microsoft when I only use Chrome for daily routine) but the IP address is definitely my address.  More history:  I switched to Windows 10 from windows 8.1  in August after getting a strange feeling that my screen was blinking at odd times when sensitive information was on the screen such as a password login, etc. Blinking screen stopped after install of windows 10 so I thought I was ok until recent experiences such as the microsoft account.  Further background is that Ive had weird experiences that have left me suspicious but havnt been able to put my finger on anything.  Perhaps its a leftover gut reaction to the fact that my android moto x 2014 phone was clearly the victim of a hardware or operating system hack that wouldnt go away even after factory resets - someone was opening screens and typing random words in emails etc.  So I got a new phone.  And so Im suspicious also of my computer which I bought brand new with full warranty on Ebay from a high volume seller.  So I would appreciate any information as to why various logs show so many errors and whether my computer is entering into internet "conversations" etc. without my involvement.  

 

I have a dell xps 15 running windows 10.  A few weeks ago I added Hitman Pro to the basic protections that Windows 10 provides.

 

Thanks in advance for any assistance.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Kathy (administrator) on XPS15 (11-11-2015 22:41:45)
Running from C:\Users\Kathy\Downloads
Loaded Profiles: Kathy (Available Profiles: Edwal & Kathy)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-15] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-09] (Synaptics Incorporated)
HKU\S-1-5-21-3619061709-3279148008-1917783102-1005\...\Policies\system: [DisableLockWorkstation] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{066b3ac6-ce1a-4f51-b70e-b193c79e5b98}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9e1f6e0e-b5c8-40b7-a0f9-5cac8a2718d8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-10-26] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-10-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-06]
CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-06]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2856632 2015-10-15] (Microsoft Corporation)
R2 DptfParticipantDisplayService; C:\Windows\System32\DptfParticipantDisplayService.exe [141944 2014-09-15] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-15] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2014-09-15] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2014-09-15] (Intel Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-05-27] (Intel Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-08] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4087504 2015-11-05] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-09] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88179; C:\Windows\System32\drivers\ax88179_178a.sys [81576 2015-11-04] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-15] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-15] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-15] (Intel Corporation)
S3 DptfDevGen; C:\Windows\System32\drivers\DptfDevGen.sys [78504 2014-09-15] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-15] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-15] (Intel Corporation)
S3 DptfDevProc; C:\Windows\System32\drivers\DptfDevProc.sys [290256 2014-09-15] (Intel Corporation)
S3 DptfManager; C:\Windows\System32\drivers\DptfManager.sys [495320 2014-09-15] (Intel Corporation)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-05-27] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43000 2015-05-27] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [41976 2015-05-27] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-05-27] (Intel Corporation)
R3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [198216 2015-11-05] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [69960 2015-11-05] (SurfRight B.V.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-08-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-11-06] (CACE Technologies, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2015-04-28] (The OpenVPN Project)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-11 22:41 - 2015-11-11 22:41 - 02198528 _____ (Farbar) C:\Users\Kathy\Downloads\FRST64.exe
2015-11-11 22:41 - 2015-11-11 22:41 - 00012883 _____ C:\Users\Kathy\Downloads\FRST.txt
2015-11-11 22:41 - 2015-11-11 22:41 - 00000000 ____D C:\FRST
2015-11-11 21:43 - 2015-11-11 21:43 - 00016148 _____ C:\WINDOWS\system32\XPS15_Kathy_HistoryPrediction.bin
2015-11-11 21:42 - 2015-11-11 21:42 - 00016148 _____ C:\WINDOWS\system32\XPS15_Edwal_HistoryPrediction.bin
2015-11-11 12:11 - 2015-11-11 12:14 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-11 12:11 - 2015-11-11 12:11 - 00000000 ____D C:\Users\Edwal\AppData\LocalLow\Adobe
2015-11-11 12:11 - 2015-11-11 12:11 - 00000000 ____D C:\Users\Edwal\AppData\Local\CEF
2015-11-11 12:10 - 2015-11-11 12:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-11 12:10 - 2015-11-11 12:12 - 00000000 ____D C:\ProgramData\Adobe
2015-11-11 12:10 - 2015-11-11 12:10 - 00002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-11 12:10 - 2015-11-11 12:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-11 12:08 - 2015-11-11 12:11 - 00000000 ____D C:\Users\Edwal\AppData\Local\Adobe
2015-11-11 12:08 - 2015-11-11 12:09 - 00000000 ____D C:\Users\Kathy\AppData\Local\Adobe
2015-11-10 21:36 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 21:36 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 21:36 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 21:36 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 21:36 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 21:36 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 21:36 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 21:36 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 21:36 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 21:36 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 21:36 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 21:36 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 21:36 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 21:36 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 21:36 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 21:36 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 21:36 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 21:36 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 21:36 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 21:36 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 21:36 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 21:36 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 21:36 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 21:36 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 21:36 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 21:36 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 21:36 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 21:36 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 21:36 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 21:36 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 21:36 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 21:36 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 21:36 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 21:36 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 21:36 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 21:36 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 21:36 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 21:36 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 21:36 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 21:36 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 21:36 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 21:36 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 21:36 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 21:36 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 21:36 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 21:36 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 21:36 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 21:36 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 21:36 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 21:36 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 21:36 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 21:36 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 21:36 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 00:29 - 2015-11-08 00:29 - 00002443 _____ C:\Users\Edwal\Desktop\Ed - Chrome.lnk
2015-11-06 23:25 - 2015-11-08 16:43 - 00000000 ____D C:\Users\Edwal\Downloads\Nighthawk R6700 ac1750 smart wifi router
2015-11-06 22:26 - 2015-11-06 22:26 - 24754657 _____ C:\Users\Edwal\Downloads\R6700-V1.0.0.24_10.0.18.zip
2015-11-06 22:08 - 2015-11-06 22:11 - 00000000 ____D C:\Users\Kathy\Downloads\NetGear Nighthawk R6700 ac1750
2015-11-06 22:07 - 2015-11-06 22:07 - 24754657 _____ C:\Users\Kathy\Downloads\R6700-V1.0.0.24_10.0.18 (1).zip
2015-11-06 22:06 - 2015-11-06 22:07 - 24754657 _____ C:\Users\Kathy\Downloads\R6700-V1.0.0.24_10.0.18.zip
2015-11-06 21:47 - 2015-11-06 21:47 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-11-06 21:47 - 2015-11-06 21:47 - 00000000 ____D C:\Users\Kathy\AppData\Local\NETGEARGenie
2015-11-06 21:40 - 2015-11-06 21:46 - 42789632 _____ (NETGEAR Inc.) C:\Users\Edwal\Downloads\NETGEARGenie-install.exe
2015-10-28 01:13 - 2015-10-28 01:13 - 01877736 _____ C:\Users\Edwal\Downloads\google (2).csv
2015-10-28 01:06 - 2015-10-28 01:06 - 00103863 _____ C:\Users\Edwal\Downloads\google (1).csv
2015-10-28 00:48 - 2015-10-28 00:48 - 01832592 _____ C:\Users\Edwal\Downloads\google.csv
2015-10-16 22:03 - 2015-10-16 22:03 - 07846992 _____ (Microsoft Corporation) C:\Users\Edwal\Downloads\OneDriveSetup.exe
2015-10-14 20:38 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 20:38 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 20:38 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 20:38 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 20:38 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 20:38 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 20:38 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 20:38 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 20:38 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 20:38 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 20:38 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 20:38 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 20:38 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 20:38 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 20:38 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 20:38 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 20:38 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 20:38 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 20:38 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 20:38 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 20:38 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 20:38 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 20:38 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 20:38 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 20:38 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 20:38 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 20:38 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 20:38 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 20:38 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 20:38 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 20:38 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 20:38 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 20:38 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 20:38 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 20:38 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 20:38 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 20:38 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 20:38 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 20:38 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 20:38 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 20:38 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 20:38 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 20:38 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 20:38 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 20:38 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 20:38 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 20:38 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 20:38 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 20:38 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-11 22:41 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-11 22:28 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-11 22:25 - 2015-08-23 22:10 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-11 21:49 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-11 21:43 - 2015-10-06 21:56 - 00000000 ____D C:\WINDOWS\CryptoGuard
2015-11-11 21:43 - 2015-08-23 22:10 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-11 21:43 - 2015-08-23 13:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-11 21:42 - 2014-06-14 22:34 - 00000000 ___RD C:\Users\Edwal\OneDrive
2015-11-11 16:20 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 15:19 - 2014-06-13 23:03 - 00000000 ____D C:\Users\Edwal\Documents\New Condo 2014
2015-11-11 15:07 - 2015-01-21 22:57 - 00000000 ____D C:\Users\Edwal\Documents\Outlook Files
2015-11-11 12:11 - 2015-08-23 15:20 - 00000000 ____D C:\Users\Edwal\AppData\Roaming\Adobe
2015-11-10 23:26 - 2015-08-23 22:11 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 23:19 - 2015-08-23 13:28 - 00832082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-10 23:14 - 2015-10-06 21:56 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2015-11-10 23:14 - 2015-10-06 21:56 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2015-11-10 23:14 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-10 23:13 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 23:13 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-10 22:50 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-10 21:40 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 21:39 - 2015-08-23 16:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 21:37 - 2015-08-23 16:29 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-08 13:51 - 2015-08-23 15:31 - 00000000 ____D C:\Users\Kathy\AppData\Local\Packages
2015-11-08 13:38 - 2015-08-23 15:32 - 00002345 _____ C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-08 13:38 - 2015-08-23 15:32 - 00000000 ___RD C:\Users\Kathy\OneDrive
2015-11-07 21:27 - 2015-08-23 15:20 - 00000000 ____D C:\Users\Edwal\AppData\Local\Packages
2015-11-06 22:27 - 2015-09-09 17:44 - 00003220 _____ C:\Users\Edwal\Downloads\R6700-V1.0.0.24_Release_Notes.html
2015-11-06 22:27 - 2015-08-06 17:08 - 24756282 _____ C:\Users\Edwal\Downloads\R6700-V1.0.0.24_10.0.18.chk
2015-11-05 00:35 - 2015-10-06 21:56 - 00830800 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2015-11-05 00:35 - 2015-10-06 21:56 - 00773456 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-11-05 00:35 - 2015-10-06 21:56 - 00198216 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-11-05 00:35 - 2015-10-06 21:56 - 00069960 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2015-11-04 21:00 - 2015-02-05 02:32 - 00081576 _____ (ASIX Electronics Corp.) C:\WINDOWS\system32\Drivers\ax88179_178a.sys
2015-11-03 13:20 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 08:55 - 2015-08-23 15:22 - 00002345 _____ C:\Users\Edwal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-31 16:20 - 2015-08-23 13:20 - 00001892 _____ C:\WINDOWS\PFRO.log
2015-10-27 20:02 - 2015-07-10 07:20 - 00030019 _____ C:\WINDOWS\setupact.log
2015-10-26 21:34 - 2015-09-28 19:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-22 19:56 - 2015-07-10 07:20 - 00331624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
 
==================== Files in the root of some directories =======
 
2015-08-23 13:22 - 2015-08-23 13:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-07 00:47
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 17 November 2015 - 12:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/596101 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 tomtennis

tomtennis
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 21 November 2015 - 04:20 PM

As I tried to previously describe, I have a sense that someone is watching me through my computer as in perhaps monitoring my screen or a program is going on line etc.  Perhaps I am paranoid because my moto x phone was apparently taken over in a manner that would not go away even after factory reset so I had to replace the phone.  Prior to Windows 10 on this dell xps I had some strange actions where the screen would quickly flash without warning or reason not unlike the old printscreen or a screenshot.  It seemed to do so on rather important websites.  I switched to Windows 10 (simply upgraded, didnt reformat) and that symptom did go away.  But I have some hard to identify activity coming from my IP address at sites that record that info which I am not terribly sure was my activity but memory isnt the best.  When I look casually at windows event logs, I have no true understanding of them but there are sure a lot of suspicious events and errors going on.  Finally my battery seems much more drained when I leave the computer even as I make sure it was a full shutdown.  But these are not clearly quantified events but the uncertainty is aggravating to me.  Any help would be great.  I use windows defender with HitmanPro.  Nothing other than cookies has ever come up on scans.  I have tried a variety of antivirus scans including norton, malwarebytes, kapersky, a couple others.  Before I realized my moto x phone had been infiltrated, I had plugged it into the usb port of this computer several times so Im not sure if the phone could have infected the machine or the usb hardware.  Or I guess potentially vice versa.  I have not plugged the new phone into my computer due to my paranoia at this point.  One last point is that I purchased this machine through a high volume ebay provider and nothing suspcious occurred as it came with full warranty etc.  Later the hard drive failed and a tech replaced the motherboard and the harddrive.
 
Thanks.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by K (administrator) on XPS15 (21-11-2015 15:49:38)
Running from C:\Users\K\Downloads
Loaded Profiles: K (Available Profiles: E & K)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Plantronics) C:\Program Files (x86)\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-15] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files (x86)\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [80384 2015-07-14] (Plantronics)
HKLM-x32\...\Run: [PLTUpdater.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTUpdater.exe -min
HKU\S-1-5-21-3619061709-3279148008-1917783102-1005\...\Policies\system: [DisableLockWorkstation] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{066b3ac6-ce1a-4f51-b70e-b193c79e5b98}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9e1f6e0e-b5c8-40b7-a0f9-5cac8a2718d8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-06]
CHR Extension: (Google Docs) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (YouTube) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]
CHR Extension: (Google Search) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-06]
CHR Extension: (Gmail) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 DptfParticipantDisplayService; C:\Windows\System32\DptfParticipantDisplayService.exe [141944 2014-09-15] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-15] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2014-09-15] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2014-09-15] (Intel Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-05-27] (Intel Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-08] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4087504 2015-11-05] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-09] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88179; C:\Windows\System32\drivers\ax88179_178a.sys [81576 2015-11-04] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2015-07-14] (CSR plc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-15] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-15] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-15] (Intel Corporation)
S3 DptfDevGen; C:\Windows\System32\drivers\DptfDevGen.sys [78504 2014-09-15] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-15] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-15] (Intel Corporation)
S3 DptfDevProc; C:\Windows\System32\drivers\DptfDevProc.sys [290256 2014-09-15] (Intel Corporation)
S3 DptfManager; C:\Windows\System32\drivers\DptfManager.sys [495320 2014-09-15] (Intel Corporation)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-05-27] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43000 2015-05-27] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [41976 2015-05-27] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-05-27] (Intel Corporation)
R3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [198216 2015-11-05] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [69960 2015-11-05] (SurfRight B.V.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-08-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-11-06] (CACE Technologies, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2015-04-28] (The OpenVPN Project)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-21 15:48 - 2015-11-21 15:48 - 00000000 ____D C:\Users\K\Downloads\FRST-OlderVersion
2015-11-21 15:47 - 2015-11-21 15:47 - 00016148 _____ C:\WINDOWS\system32\XPS15_K_HistoryPrediction.bin
2015-11-21 15:47 - 2015-11-21 15:47 - 00016148 _____ C:\WINDOWS\system32\XPS15_E_HistoryPrediction.bin
2015-11-21 15:45 - 2015-11-21 15:45 - 00001968 _____ C:\Users\E\Documents\bleep reply.txt
2015-11-21 15:43 - 2015-11-21 15:43 - 00020108 _____ C:\Users\E\Downloads\Addition.txt
2015-11-21 15:38 - 2015-11-21 15:43 - 00037190 _____ C:\Users\E\Downloads\FRST.txt
2015-11-21 15:38 - 2015-11-21 15:38 - 02345984 _____ (Farbar) C:\Users\E\Downloads\FRST64.exe
2015-11-21 13:36 - 2015-11-21 13:36 - 00000000 ____D C:\ProgramData\Plantronics
2015-11-21 13:36 - 2015-11-21 13:36 - 00000000 ____D C:\Program Files\DIFX
2015-11-21 13:36 - 2015-11-21 13:36 - 00000000 ____D C:\Program Files\Common Files\Plantronics
2015-11-21 13:36 - 2015-11-21 13:36 - 00000000 ____D C:\Program Files (x86)\Plantronics
2015-11-21 13:35 - 2015-11-21 13:35 - 39093160 _____ (Plantronics, Inc.) C:\Users\E\Downloads\MyHeadsetUpdaterInstaller_3_1_51094_21292.exe
2015-11-11 22:42 - 2015-11-11 22:42 - 00020763 _____ C:\Users\K\Downloads\Addition.txt
2015-11-11 22:41 - 2015-11-21 15:49 - 00013023 _____ C:\Users\K\Downloads\FRST.txt
2015-11-11 22:41 - 2015-11-21 15:48 - 02345984 _____ (Farbar) C:\Users\K\Downloads\FRST64.exe
2015-11-11 22:41 - 2015-11-21 15:48 - 00000000 ____D C:\FRST
2015-11-11 12:11 - 2015-11-11 12:14 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-11 12:11 - 2015-11-11 12:11 - 00000000 ____D C:\Users\E\AppData\LocalLow\Adobe
2015-11-11 12:11 - 2015-11-11 12:11 - 00000000 ____D C:\Users\E\AppData\Local\CEF
2015-11-11 12:10 - 2015-11-11 12:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-11 12:10 - 2015-11-11 12:12 - 00000000 ____D C:\ProgramData\Adobe
2015-11-11 12:10 - 2015-11-11 12:10 - 00002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-11 12:10 - 2015-11-11 12:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-11 12:08 - 2015-11-11 12:11 - 00000000 ____D C:\Users\E\AppData\Local\Adobe
2015-11-11 12:08 - 2015-11-11 12:09 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2015-11-10 21:36 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 21:36 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 21:36 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 21:36 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 21:36 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 21:36 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 21:36 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 21:36 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 21:36 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 21:36 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 21:36 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 21:36 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 21:36 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 21:36 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 21:36 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 21:36 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 21:36 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 21:36 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 21:36 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 21:36 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 21:36 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 21:36 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 21:36 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 21:36 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 21:36 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 21:36 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 21:36 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 21:36 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 21:36 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 21:36 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 21:36 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 21:36 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 21:36 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 21:36 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 21:36 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 21:36 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 21:36 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 21:36 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 21:36 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 21:36 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 21:36 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 21:36 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 21:36 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 21:36 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 21:36 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 21:36 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 21:36 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 21:36 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 21:36 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 21:36 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 21:36 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 21:36 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 21:36 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 00:29 - 2015-11-08 00:29 - 00002443 _____ C:\Users\E\Desktop\Ed - Chrome.lnk
2015-11-06 23:25 - 2015-11-08 16:43 - 00000000 ____D C:\Users\E\Downloads\Nighthawk R6700 ac1750 smart wifi router
2015-11-06 22:26 - 2015-11-06 22:26 - 24754657 _____ C:\Users\E\Downloads\R6700-V1.0.0.24_10.0.18.zip
2015-11-06 22:08 - 2015-11-06 22:11 - 00000000 ____D C:\Users\K\Downloads\NetGear Nighthawk R6700 ac1750
2015-11-06 22:07 - 2015-11-06 22:07 - 24754657 _____ C:\Users\K\Downloads\R6700-V1.0.0.24_10.0.18 (1).zip
2015-11-06 22:06 - 2015-11-06 22:07 - 24754657 _____ C:\Users\K\Downloads\R6700-V1.0.0.24_10.0.18.zip
2015-11-06 21:47 - 2015-11-06 21:47 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
2015-11-06 21:47 - 2015-11-06 21:47 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-11-06 21:47 - 2015-11-06 21:47 - 00000000 ____D C:\Users\K\AppData\Local\NETGEARGenie
2015-11-06 21:40 - 2015-11-06 21:46 - 42789632 _____ (NETGEAR Inc.) C:\Users\E\Downloads\NETGEARGenie-install.exe
2015-10-28 01:13 - 2015-10-28 01:13 - 01877736 _____ C:\Users\E\Downloads\google (2).csv
2015-10-28 01:06 - 2015-10-28 01:06 - 00103863 _____ C:\Users\E\Downloads\google (1).csv
2015-10-28 00:48 - 2015-10-28 00:48 - 01832592 _____ C:\Users\E\Downloads\google.csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-21 15:48 - 2015-10-06 21:56 - 00000000 ____D C:\WINDOWS\CryptoGuard
2015-11-21 15:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-21 15:47 - 2015-08-23 22:10 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 15:47 - 2015-08-23 13:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-21 15:47 - 2014-06-14 22:34 - 00000000 ___RD C:\Users\E\OneDrive
2015-11-21 15:25 - 2015-08-23 22:10 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-21 15:08 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-21 13:36 - 2015-08-23 16:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-17 22:37 - 2015-09-28 19:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-14 16:25 - 2015-08-23 13:28 - 00832082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 16:21 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 16:20 - 2015-10-06 21:56 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2015-11-14 16:20 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 16:20 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-11 16:20 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 15:19 - 2014-06-13 23:03 - 00000000 ____D C:\Users\E\Documents\New Condo 2014
2015-11-11 15:07 - 2015-01-21 22:57 - 00000000 ____D C:\Users\E\Documents\Outlook Files
2015-11-11 12:11 - 2015-08-23 15:20 - 00000000 ____D C:\Users\E\AppData\Roaming\Adobe
2015-11-10 23:26 - 2015-08-23 22:11 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 23:14 - 2015-10-06 21:56 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2015-11-10 23:13 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 22:50 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-10 21:40 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 21:39 - 2015-08-23 16:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 21:37 - 2015-08-23 16:29 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-08 13:51 - 2015-08-23 15:31 - 00000000 ____D C:\Users\K\AppData\Local\Packages
2015-11-08 13:38 - 2015-08-23 15:32 - 00002345 _____ C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-08 13:38 - 2015-08-23 15:32 - 00000000 ___RD C:\Users\K\OneDrive
2015-11-07 21:27 - 2015-08-23 15:20 - 00000000 ____D C:\Users\E\AppData\Local\Packages
2015-11-06 22:27 - 2015-09-09 17:44 - 00003220 _____ C:\Users\E\Downloads\R6700-V1.0.0.24_Release_Notes.html
2015-11-06 22:27 - 2015-08-06 17:08 - 24756282 _____ C:\Users\E\Downloads\R6700-V1.0.0.24_10.0.18.chk
2015-11-05 00:35 - 2015-10-06 21:56 - 00830800 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2015-11-05 00:35 - 2015-10-06 21:56 - 00773456 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-11-05 00:35 - 2015-10-06 21:56 - 00198216 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-11-05 00:35 - 2015-10-06 21:56 - 00069960 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2015-11-04 21:00 - 2015-02-05 02:32 - 00081576 _____ (ASIX Electronics Corp.) C:\WINDOWS\system32\Drivers\ax88179_178a.sys
2015-11-03 13:20 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 08:55 - 2015-08-23 15:22 - 00002345 _____ C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-31 16:20 - 2015-08-23 13:20 - 00001892 _____ C:\WINDOWS\PFRO.log
2015-10-27 20:02 - 2015-07-10 07:20 - 00030019 _____ C:\WINDOWS\setupact.log
2015-10-22 19:56 - 2015-07-10 07:20 - 00331624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-22 19:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
 
==================== Files in the root of some directories =======
 
2015-08-23 13:22 - 2015-08-23 13:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-13 22:46
 
==================== End of FRST.txt ============================

 

Attached Files

  • Attached File  FRST.txt   36.32KB   0 downloads


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 23 November 2015 - 10:58 AM

Greetings tomtennis and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Your logs are clean. Errors in logs are quite common and none of those errors would be related to malicious activity on your computer. If you would like to have someone review those errors to see if they are of any consequence you can start a Topic in the Windows 10 Forum.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 26 November 2015 - 09:17 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 28 November 2015 - 12:13 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users