Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy setting virus/malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 Sarahlw1

Sarahlw1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 12 July 2017 - 01:04 PM

Hi, I'm hoping someone can help me with removing a very persistent virus affecting my proxy settings. I don't know where it came from, but a week or so ago I started having trouble connecting to the internet due to the proxy settings in chrome and on my computer being ticked. Everytime I untick the boxes in my LAN settings on chrome and windows settings, within a short amount of time (sometimes immediately) the boxes retick themselves. I have tried multiple tutorials for removing this with no success. I found a thread on here from 2014 of someone who had the same problem and tried to follow the instructions given to that person, but I don't know how to read the logs given by the malware scans and I don't want to mess up my computer doing something wrong. I'd rather not reset my system if possible. Thanks in advance for any advice!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 AM

Posted 13 July 2017 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 Sarahlw1

Sarahlw1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 13 July 2017 - 11:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by Sarah (administrator) on SILVERSTEIN (13-07-2017 23:55:04)
Running from C:\Users\Sarah\Downloads
Loaded Profiles: Sarah (Available Profiles: Sarah)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sarah\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-11-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-11-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\...\RunOnce: [Application Restart #3] => C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7873512 2017-05-18] (Pokki)
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\...\MountPoints2: {6fe63011-e562-11e4-bf35-0c54a52aff36} - "E:\VZW_Software_upgrade_assistant.exe" 
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-01-02]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1438898364-2138574653-338322406-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1438898364-2138574653-338322406-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{27BD5464-F9BF-4C93-A6D2-3EDF70A1D903}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7884C781-F71D-4F31-9CDF-987182C9E37A}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1438898364-2138574653-338322406-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1438898364-2138574653-338322406-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1438898364-2138574653-338322406-1001 -> {FC6D2888-B5CE-472A-9264-E9A8C365C6A6} URL = 
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-09] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-09] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-28] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-28] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-09] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\7pgbsqll.default-1472158970134 [2016-08-25]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1438898364-2138574653-338322406-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Sarah\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-12-09] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default [2017-07-12]
CHR Extension: (Google Docs) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Honey) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-03-24]
CHR Extension: (Ebates Cash Back) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-03-25]
CHR Extension: (Google Search) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-13]
CHR Extension: (Google Docs) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-02]
CHR Extension: (Google Drive) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-02]
CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-02]
CHR Extension: (Honey) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-12]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-07-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-02]
CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-24] (IDT, Inc.) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [6835784 2012-10-13] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-12] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-13] (Malwarebytes)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-13 23:55 - 2017-07-13 23:55 - 00022034 _____ C:\Users\Sarah\Downloads\FRST.txt
2017-07-13 23:54 - 2017-07-13 23:55 - 00000000 ____D C:\FRST
2017-07-13 23:54 - 2017-07-13 23:54 - 02435584 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64.exe
2017-07-13 23:54 - 2017-07-13 23:54 - 02435584 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (1).exe
2017-07-12 13:40 - 2017-07-12 13:40 - 00000000 ____D C:\_OTL
2017-07-12 13:35 - 2017-07-12 13:35 - 00002449 _____ C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2017-07-12 13:30 - 2017-07-12 13:30 - 01679096 _____ (SweetLabs,Inc.) C:\Users\Sarah\Downloads\PokkiStartMenuInstaller (1).exe
2017-07-12 13:29 - 2017-07-12 13:29 - 00003316 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2017-07-12 13:27 - 2017-07-12 13:27 - 01679096 _____ (SweetLabs,Inc.) C:\Users\Sarah\Downloads\PokkiStartMenuInstaller.exe
2017-07-12 12:21 - 2017-07-12 13:22 - 00000273 _____ C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2017-07-12 12:01 - 2017-07-12 12:01 - 00081930 _____ C:\Users\Sarah\Downloads\Extras.Txt
2017-07-12 12:00 - 2017-07-12 12:00 - 00101212 _____ C:\Users\Sarah\Downloads\OTL.Txt
2017-07-12 11:36 - 2017-07-12 13:13 - 00000000 ____D C:\AdwCleaner
2017-07-12 11:36 - 2017-07-12 11:36 - 04110280 _____ C:\Users\Sarah\Downloads\AdwCleaner.exe
2017-07-12 11:26 - 2017-07-12 11:26 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-SILVERSTEIN-Windows-8.1-(64-bit).dat
2017-07-12 11:25 - 2017-07-12 11:25 - 00000000 ____D C:\RegBackup
2017-07-12 11:24 - 2017-07-12 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-12 11:24 - 2017-07-12 11:25 - 00017991 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-07-12 11:24 - 2017-07-12 11:24 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-07-12 11:24 - 2017-07-12 11:24 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-12 11:23 - 2017-07-12 11:23 - 05766144 _____ (Tweaking.com) C:\Users\Sarah\Downloads\tweaking.com_registry_backup_setup.exe
2017-07-12 11:23 - 2017-07-12 11:23 - 05766144 _____ (Tweaking.com) C:\Users\Sarah\Downloads\tweaking.com_registry_backup_setup (1).exe
2017-07-12 11:23 - 2017-07-12 11:23 - 00602112 _____ (OldTimer Tools) C:\Users\Sarah\Downloads\OTL.exe
2017-07-11 22:57 - 2017-06-29 02:27 - 25734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-11 22:57 - 2017-06-29 02:02 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-11 22:57 - 2017-06-29 01:44 - 05975552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-11 22:57 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-11 22:57 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-11 22:57 - 2017-06-29 00:58 - 15253504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-11 22:57 - 2017-06-29 00:53 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-11 22:57 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-11 22:57 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-11 22:57 - 2017-06-29 00:41 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-11 22:57 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-11 22:57 - 2017-06-22 10:22 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-07-11 22:57 - 2017-06-17 12:45 - 03631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-11 22:57 - 2017-06-17 12:34 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-11 22:57 - 2017-06-17 12:11 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-11 22:57 - 2017-06-17 12:05 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-11 22:57 - 2017-06-15 18:02 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-11 22:57 - 2017-06-15 09:45 - 07440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-11 22:57 - 2017-06-15 09:45 - 01674520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-11 22:57 - 2017-06-15 09:45 - 01534064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-11 22:57 - 2017-06-15 09:45 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-11 22:57 - 2017-06-15 09:45 - 01370320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-11 22:57 - 2017-06-11 20:06 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-11 22:57 - 2017-06-11 17:00 - 00962560 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-11 22:57 - 2017-06-11 16:31 - 00781312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-11 22:57 - 2017-06-11 11:15 - 02013528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-11 22:57 - 2017-06-06 16:52 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-11 22:57 - 2017-06-06 16:42 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-07-11 22:57 - 2017-06-06 16:35 - 00517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-07-11 22:57 - 2017-06-06 15:11 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-07-11 22:57 - 2017-06-06 15:03 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-07-11 22:57 - 2017-06-06 14:56 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-07-11 22:57 - 2017-06-06 14:02 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-07-11 22:57 - 2017-06-03 12:27 - 02346496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-11 22:57 - 2017-06-03 12:03 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-11 22:57 - 2017-05-09 10:37 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2017-07-11 22:57 - 2017-05-09 10:35 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2017-07-11 22:57 - 2017-05-06 12:45 - 01114624 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-07-11 22:57 - 2017-05-02 16:08 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-11 22:57 - 2017-05-02 16:08 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-07-11 22:57 - 2017-05-02 14:31 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-07-11 22:57 - 2017-05-02 14:31 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\smbwmiv2.dll
2017-07-11 22:57 - 2017-04-30 12:48 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-07-11 22:57 - 2017-04-27 21:13 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-11 22:57 - 2017-04-27 21:11 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-11 22:56 - 2017-06-29 01:50 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-07-11 22:56 - 2017-06-29 01:17 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-07-11 22:56 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-07-11 22:56 - 2017-06-29 01:09 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-11 22:56 - 2017-06-29 00:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-07-11 22:56 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-11 22:56 - 2017-06-29 00:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-11 22:56 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-11 22:56 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-11 22:56 - 2017-06-27 10:29 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-11 22:56 - 2017-06-27 10:29 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-07-11 22:56 - 2017-06-27 10:26 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-07-11 22:56 - 2017-06-27 10:26 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 22:56 - 2017-06-15 09:45 - 00086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-11 22:56 - 2017-06-11 18:21 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2017-07-11 22:56 - 2017-06-11 17:43 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-11 22:56 - 2017-06-11 17:25 - 00478720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2017-07-11 22:56 - 2017-06-11 17:15 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-11 22:56 - 2017-06-11 17:08 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-11 22:56 - 2017-06-11 17:07 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2017-07-11 22:56 - 2017-06-11 16:58 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-11 22:56 - 2017-06-11 16:40 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-11 22:56 - 2017-06-11 16:35 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-11 22:56 - 2017-06-06 16:38 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2017-07-11 22:56 - 2017-06-06 16:36 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
2017-07-11 22:56 - 2017-06-06 16:36 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\convert.exe
2017-07-11 22:56 - 2017-06-06 15:13 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2017-07-11 22:56 - 2017-06-06 15:11 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-07-11 22:56 - 2017-06-06 15:11 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
2017-07-11 22:56 - 2017-06-06 15:11 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
2017-07-11 22:56 - 2017-06-06 15:08 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-11 22:56 - 2017-06-06 14:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cnvfat.dll
2017-07-11 22:56 - 2017-06-06 14:57 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uudf.dll
2017-07-11 22:56 - 2017-06-06 14:03 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2017-07-11 22:56 - 2017-06-06 14:02 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-07-11 22:56 - 2017-06-06 14:02 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ufat.dll
2017-07-11 22:56 - 2017-06-06 14:02 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uexfat.dll
2017-07-11 22:56 - 2017-05-31 17:20 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-11 22:56 - 2017-05-15 18:09 - 00057688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-07-11 22:56 - 2017-05-15 16:03 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-11 22:56 - 2017-05-09 10:29 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2017-07-11 22:56 - 2017-05-09 10:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-11 22:56 - 2017-05-09 10:28 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2017-07-11 22:56 - 2017-05-09 10:28 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2017-07-11 22:56 - 2017-05-09 10:12 - 00448576 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-07-11 22:56 - 2017-05-06 12:41 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2017-07-11 22:56 - 2017-05-02 16:09 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-11 22:56 - 2017-05-02 14:41 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-07-11 22:56 - 2017-05-02 13:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-07-11 21:53 - 2017-07-13 23:46 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-11 21:53 - 2017-07-12 13:43 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-11 21:53 - 2017-07-12 13:43 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-11 21:53 - 2017-07-12 13:43 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-11 21:53 - 2017-07-11 21:53 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-11 21:53 - 2017-07-11 21:53 - 00001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 21:53 - 2017-07-11 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-11 21:52 - 2017-07-11 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 21:52 - 2017-07-11 21:52 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 21:52 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-11 21:45 - 2017-07-11 21:50 - 65033984 _____ (Malwarebytes ) C:\Users\Sarah\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-10 13:09 - 2017-07-10 13:09 - 01027368 _____ (Symantec Corporation) C:\Users\Sarah\Downloads\NSDeluxeDownloader (1).exe
2017-07-10 13:08 - 2017-07-10 13:08 - 01027368 _____ (Symantec Corporation) C:\Users\Sarah\Downloads\NSDeluxeDownloader.exe
2017-07-10 11:59 - 2017-07-10 13:17 - 00021504 _____ C:\WINDOWS\system32\umstartup.etl
2017-07-10 01:23 - 2017-07-12 13:47 - 00004350 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2017-07-10 00:54 - 2017-07-10 00:54 - 00000000 ___HD C:\$SysReset
2017-07-09 16:45 - 2017-07-09 16:45 - 24327234 _____ C:\Users\Sarah\Downloads\19_Heart (2).pptx
2017-06-30 23:22 - 2017-06-30 23:22 - 00100941 _____ C:\Users\Sarah\Downloads\Payoff_Statement.pdf
2017-06-29 16:06 - 2017-07-10 14:15 - 00687298 _____ C:\WINDOWS\ntbtlog.txt
2017-06-29 15:54 - 2017-07-12 12:14 - 00510360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-28 23:38 - 2017-06-28 23:38 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-06-28 23:38 - 2017-06-28 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-28 23:36 - 2017-06-28 23:36 - 00000000 ____D C:\Program Files\iPod
2017-06-28 23:35 - 2017-06-28 23:38 - 00000000 ____D C:\Program Files\iTunes
2017-06-28 23:30 - 2017-06-28 23:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-06-28 23:30 - 2017-06-28 23:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-06-27 16:33 - 2017-06-27 16:33 - 01196900 _____ C:\Users\Sarah\Downloads\contract.pdf
2017-06-27 16:33 - 2017-06-27 16:33 - 01196900 _____ C:\Users\Sarah\Downloads\contract (1).pdf
2017-06-27 15:42 - 2017-06-27 15:42 - 00000000 ____D C:\ProgramData\XDMessagingv4
2017-06-25 20:14 - 2017-06-25 20:14 - 24327234 _____ C:\Users\Sarah\Downloads\19_Heart (1).pptx
2017-06-21 01:00 - 2017-06-29 20:27 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-21 01:00 - 2017-06-29 20:27 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-19 01:34 - 2017-06-19 01:34 - 12343978 _____ C:\Users\Sarah\Downloads\18_Blood.pptx
2017-06-18 21:37 - 2017-06-18 21:37 - 14477230 _____ C:\Users\Sarah\Downloads\Anatomy & Physiology II lecture 1 endocrine oer (2).pptx
2017-06-15 20:10 - 2017-05-11 22:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-15 20:10 - 2017-05-11 19:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-15 20:10 - 2017-05-11 19:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-15 20:09 - 2017-06-02 08:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-15 20:09 - 2017-06-02 08:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-15 20:09 - 2017-06-02 08:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-15 20:09 - 2017-06-02 08:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-15 20:09 - 2017-06-02 07:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-15 20:09 - 2017-06-02 06:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-15 20:09 - 2017-05-15 15:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-15 20:09 - 2017-05-14 16:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-15 20:09 - 2017-05-14 16:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-15 20:09 - 2017-05-14 15:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-15 20:09 - 2017-05-14 15:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-15 20:09 - 2017-05-14 14:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-15 20:09 - 2017-05-14 14:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-15 20:09 - 2017-05-14 14:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-15 20:09 - 2017-05-12 12:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-15 20:09 - 2017-05-12 12:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-15 20:09 - 2017-05-11 22:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-15 20:09 - 2017-05-11 22:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-15 20:09 - 2017-05-10 14:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-15 20:09 - 2017-05-06 12:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-15 20:09 - 2017-05-06 12:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-15 20:09 - 2017-04-06 13:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-15 20:09 - 2017-04-06 12:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-15 20:09 - 2017-04-06 12:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-15 20:09 - 2017-04-06 12:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-15 20:09 - 2017-04-06 12:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-15 20:09 - 2017-04-02 10:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-15 20:08 - 2017-06-02 08:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-15 20:08 - 2017-06-02 06:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-15 20:08 - 2017-06-02 06:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-15 20:08 - 2017-06-02 05:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-15 20:08 - 2017-05-12 13:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-15 20:08 - 2017-05-12 11:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-15 20:08 - 2017-05-12 11:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-15 20:08 - 2017-05-12 11:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-15 20:08 - 2017-05-12 11:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-15 20:08 - 2017-05-12 00:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-15 20:08 - 2017-05-11 22:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-15 20:08 - 2017-05-11 22:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-15 20:08 - 2017-05-11 22:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-15 20:08 - 2017-05-11 22:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-15 20:08 - 2017-05-11 22:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-15 20:08 - 2017-05-11 22:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-15 20:08 - 2017-04-06 13:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-15 20:08 - 2017-04-06 12:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-15 20:08 - 2017-04-06 11:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-13 13:16 - 2017-06-13 13:16 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Leadertech
2017-06-13 13:15 - 2017-06-13 13:15 - 00000044 _____ C:\WINDOWS\XP-430.ini
2017-06-13 12:46 - 2017-07-13 23:46 - 00000943 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {538E7431-ECB1-4FC4-9324-C0D56DCBFC5D}.job
2017-06-13 12:46 - 2017-06-13 12:46 - 00003974 _____ C:\WINDOWS\System32\Tasks\EPSON XP-430 Series Update {538E7431-ECB1-4FC4-9324-C0D56DCBFC5D}
2017-06-13 12:46 - 2017-06-13 12:46 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Epson
2017-06-13 12:42 - 2017-07-13 16:42 - 00000943 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {0BFC1CA7-45B5-457C-8AE7-2950FEDB48E5}.job
2017-06-13 12:42 - 2017-06-13 12:42 - 00003974 _____ C:\WINDOWS\System32\Tasks\EPSON XP-430 Series Update {0BFC1CA7-45B5-457C-8AE7-2950FEDB48E5}
2017-06-13 12:42 - 2017-06-13 12:42 - 00000000 ____D C:\Program Files\Common Files\EPSON
2017-06-13 12:34 - 2017-06-13 12:34 - 00000165 _____ C:\Users\Public\Desktop\Epson XP-430_XP-434 Guide.url
2017-06-13 12:32 - 2017-06-13 12:32 - 00000000 ____D C:\Program Files\EPSON
2017-06-13 12:27 - 2017-06-13 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-06-13 12:27 - 2017-06-13 12:33 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2017-06-13 12:27 - 2017-06-13 12:27 - 00000000 ____D C:\Program Files\EpsonNet
2017-06-13 12:25 - 2017-06-13 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-06-13 12:25 - 2017-06-13 12:34 - 00000000 ____D C:\Program Files (x86)\epson
2017-06-13 12:25 - 2017-06-13 12:25 - 00000957 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-06-13 12:25 - 2014-06-03 00:00 - 00472064 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2017-06-13 12:25 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2017-06-13 12:24 - 2014-03-04 15:06 - 00180224 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMBPAE.DLL
2017-06-13 12:24 - 2011-03-14 14:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BPAE.DLL
2017-06-13 12:23 - 2017-06-13 13:04 - 00000000 ____D C:\ProgramData\EPSON
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-13 23:52 - 2014-03-23 00:00 - 00000000 ____D C:\Users\Sarah\AppData\Local\SweetLabs App Platform
2017-07-13 16:43 - 2014-03-25 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-13 16:40 - 2014-03-25 21:36 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-13 16:40 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-13 16:39 - 2014-03-23 00:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1438898364-2138574653-338322406-1001
2017-07-13 16:05 - 2017-04-25 09:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 15:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2017-07-12 13:46 - 2017-05-27 10:36 - 00003304 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2017-07-12 13:43 - 2014-05-31 03:21 - 00000000 ___RD C:\Users\Sarah\OneDrive
2017-07-12 13:42 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-12 13:42 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-07-12 13:34 - 2014-03-23 17:00 - 00002295 _____ C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2017-07-12 13:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 13:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-12 13:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Globalization
2017-07-12 13:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-12 13:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-07-12 13:06 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2017-07-12 13:00 - 2014-05-26 14:02 - 02331648 ___SH C:\Users\Sarah\Downloads\Thumbs.db
2017-07-12 12:26 - 2015-01-14 01:35 - 00788480 ___SH C:\Users\Sarah\Documents\Thumbs.db
2017-07-10 14:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-10 14:24 - 2013-11-26 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-10 14:08 - 2014-04-01 22:40 - 00000000 ____D C:\Users\Sarah
2017-07-10 14:03 - 2015-12-07 23:19 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-10 14:03 - 2015-01-30 01:10 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-10 01:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-10 01:07 - 2017-01-12 21:35 - 00000000 ____D C:\Users\Sarah\AppData\Local\Verto Analytics
2017-07-10 00:59 - 2017-04-25 09:22 - 00000000 ____D C:\Program Files\TrueKey
2017-07-08 01:51 - 2017-04-25 09:38 - 00001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-07-08 01:51 - 2017-04-25 09:38 - 00001182 _____ C:\Users\Public\Desktop\True Key.lnk
2017-07-01 01:58 - 2016-04-16 15:51 - 00022016 ___SH C:\Users\Sarah\Desktop\Thumbs.db
2017-06-29 00:01 - 2014-03-23 00:29 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-29 00:01 - 2014-03-23 00:29 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 23:34 - 2014-04-09 18:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-28 23:30 - 2014-04-09 18:38 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-06-28 23:13 - 2015-01-30 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-28 23:12 - 2015-01-30 01:24 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-06-28 23:09 - 2015-01-30 01:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-28 17:20 - 2014-10-27 21:11 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Nitro PDF
2017-06-28 17:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-27 15:41 - 2016-07-07 01:16 - 00000000 ____D C:\Program Files (x86)\SmartApp
2017-06-26 01:35 - 2014-03-23 00:01 - 00000000 ____D C:\Users\Sarah\AppData\Local\Packages
2017-06-21 00:51 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-17 00:38 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-17 00:38 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-17 00:34 - 2017-02-17 17:58 - 00002351 _____ C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-06-17 00:34 - 2016-12-05 21:19 - 00003178 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-17 00:34 - 2016-03-20 21:22 - 00003186 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1438898364-2138574653-338322406-1001
2017-06-13 16:40 - 2013-11-14 03:28 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-13 12:28 - 2013-11-26 17:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2014-09-27 23:32 - 2014-09-27 23:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-26 17:53 - 2013-11-26 17:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-13 16:49
 
==================== End of FRST.txt ============================


#4 Sarahlw1

Sarahlw1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 13 July 2017 - 11:06 PM

Sorry, did not attach the other log!

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 AM

Posted 14 July 2017 - 07:25 AM

Hi,

Remove these programs in bold via the Control Panel > Programs > Programs and Features.

FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) <- old version
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) <- old version
Pokki (HKU\S-1-5-21-1438898364-2138574653-338322406-1001\...\SweetLabs_AP) (Version: 0.269.7.981 - Pokki)


Press the windows key Windows-8.1gif.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\...\RunOnce: [Application Restart #3] => C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7873512 2017-05-18] (Pokki)
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
ProxyEnable: [S-1-5-21-1438898364-2138574653-338322406-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1438898364-2138574653-338322406-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1438898364-2138574653-338322406-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1438898364-2138574653-338322406-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1438898364-2138574653-338322406-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
CHR Extension: (Honey) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-03-24]
CHR Extension: (Ebates Cash Back) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-03-25]
CHR Extension: (Avast Online Security) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Extension: (Honey) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {074A012D-257F-404A-8B45-F7AADE073E5B} - System32\Tasks\SweetLabs App Platform => C:\Users\Sarah\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-09-15] (Pokki)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
C:\Windows\System32\Tasks\SweetLabs App Platform
C:\Users\Sarah\AppData\Local\SweetLabs App Platform
C:\Program Files (x86)\FreeRide Games

RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

#6 Sarahlw1

Sarahlw1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 14 July 2017 - 11:31 PM

As of now, the proxy settings problem still persists. Thank you for your help so far!

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 AM

Posted 15 July 2017 - 07:31 AM

If Internet Explorer and Firefox proxy is set execute this.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:xxxxx if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If required press the Apply button.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===


If the proxy is set in Chrome

:step1: Remove Chrome from your Computer and reinstall a fresh copy.

:step2: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

:step3: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

:step4: If you Sync your data.
Delete Your Google Chrome Browser Sync Data
https://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/
<<<>>>

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Re-install Chrome and the Bookmarks.
====


restart the computer normally.

Keep me posted.

Edited by nasdaq, 15 July 2017 - 07:37 AM.


#8 Sarahlw1

Sarahlw1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 15 July 2017 - 10:24 PM

How do I export my bookmarks? I can only find "import your bookmarks" which isn't working. Moreover, I downloaded firefox, hoping I could import my bookmarks from chrome that way, but firefox is blocking me from going to literally any site saying that the connection is not secure...? 



#9 Sarahlw1

Sarahlw1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 15 July 2017 - 10:36 PM

To clarify, I am needing to export my bookmarks from chrome. 



#10 Sarahlw1

Sarahlw1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 15 July 2017 - 11:17 PM

Ok, sorry for so many posts in a row but I ended up importing them from explorer and uninstalled/reinstalled chrome. so far it seems to have taken care of the problem. Thank you for all of your help!



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:18 AM

Posted 16 July 2017 - 06:57 AM

Good work.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users