Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Remove malware from surface pro 4

This is a discussion on Remove malware from surface pro 4 within the Resolved HJT Threads forums, part of the Tech Support Forum category. I seem to have installed malware on my surface pro 4. It disabled my antivirus and now opens any browser


 
 
Thread Tools Search this Thread
Old 10-17-2016, 12:51 PM   #1
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



I seem to have installed malware on my surface pro 4. It disabled my antivirus and now opens any browser to www-searching

I'm running Windows 10

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by tatia at 12:45:30 on 2016-10-17
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.4022.1537 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dashost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
C:\WINDOWS\System32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\System32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Users\tatia\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\msascui.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SurfaceService.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\AUDIODG.EXE
svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uLocal Page = %11%\blank.htm
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL
uRun: [OneDrive] "C:\Users\tatia\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify Web Helper] "C:\Users\tatia\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRunOnce: [Uninstall C:\Users\tatia\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\tatia\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\tatia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{58e33c7a-407e-407d-a7ae-25ca0c612cbd} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{58e33c7a-407e-407d-a7ae-25ca0c612cbd}\24F68756270275962756C6563737 : DHCPNameServer = 216.182.112.133 216.182.112.132
TCP: Interfaces\{58e33c7a-407e-407d-a7ae-25ca0c612cbd}\3435F4 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [SurfaceService.exe] C:\WINDOWS\System32\SurfaceService.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
x64-Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 107.178.255.88 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats
Hosts: 107.178.255.88 statcounter.com
Hosts: 107.178.255.88 ssl.goo.88 partner.googleadservices.com
Hosts: 107.178.255.88 google-analytics.com
Hosts: 107.178.255.88 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tatia\AppData\Roaming\Mozilla\Firefox\Profiles\qj3v7umd.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-7-16 45920]
R0 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-7-16 82784]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-10 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-7-16 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2207960]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_6e54c;CDPUserSvc_6e54c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [2016-6-20 76616]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2016-10-6 42792]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 OneSyncSvc_6e54c;Sync Host_6e54c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SurfaceService;Surface Integration Service;C:\WINDOWS\System32\SurfaceService.exe [2016-9-28 707336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-7-16 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-7-16 247296]
R3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-7-16 117248]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 CSI2HostControllerDriver;Intel(R) CSI2 Host Controller services;C:\WINDOWS\System32\drivers\CSI2HostControllerDriver.sys [2016-7-16 125456]
R3 iacamera64;Intel(R) AVStream Camera 2500;C:\WINDOWS\System32\drivers\iacamera64.sys [2016-7-16 2133520]
R3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
R3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
R3 IntcAudioBus;Intel(R) Smart Sound Technology (Intel(R) SST) Bus;C:\WINDOWS\System32\drivers\IntcAudioBus.sys [2016-6-28 217672]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-11 787424]
R3 IntcOED;Intel(R) Smart Sound Technology (Intel(R) SST) OED;C:\WINDOWS\System32\drivers\IntcOED.sys [2016-6-28 648264]
R3 IntTouch;Intel(R) Precise Touch Service;C:\WINDOWS\System32\drivers\iaPreciseTouch.sys [2016-9-28 272384]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 mrvlpcie8897;mrvlpcie8897;C:\WINDOWS\System32\drivers\mrvlpcie8897.sys [2016-4-22 1058832]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 ov5693;Camera Sensor OV5693;C:\WINDOWS\System32\drivers\ov5693.sys [2016-7-16 164880]
R3 ov7251;Camera Sensor OV7251;C:\WINDOWS\System32\drivers\ov7251.sys [2016-7-16 156176]
R3 ov8865;Camera Sensor OV8865;C:\WINDOWS\System32\drivers\ov8865.sys [2016-7-16 162320]
R3 PimIndexMaintenanceSvc_6e54c;Contact Data_6e54c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 SensorsHIDClassDriver;UMDF Reflector service for Sensors HID Class Driver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
R3 SkcController;Intel(R) Control Logic;C:\WINDOWS\System32\drivers\SkcController.sys [2016-7-16 170496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 supportdriver;Intel(R) Imaging Signal Processor 2500;C:\WINDOWS\System32\drivers\iaisp64.sys [2016-7-16 52752]
R3 SurfaceAccessoryDevice;Surface Accessory Device Service;C:\WINDOWS\System32\drivers\SurfaceAccessoryDevice.sys [2015-10-30 70264]
R3 SurfaceButton;Surface Button Service;C:\WINDOWS\System32\drivers\SurfaceButton.sys [2016-6-28 128144]
R3 SurfaceCoSAR;Surface CoSAR Driver Service;C:\WINDOWS\System32\drivers\SurfaceCoSAR.sys [2016-4-14 64656]
R3 SurfaceDigitizerIntegration;Surface Digitizer Integration Service;C:\WINDOWS\System32\drivers\SurfaceDigitizerIntegration.sys [2015-10-30 58504]
R3 SurfaceDisplayCalibration;Surface Display Calibration Service;C:\WINDOWS\System32\drivers\SurfaceDisplayCalibration.sys [2016-1-10 51344]
R3 SurfaceIntegrationDriver;Surface Integration Driver;C:\WINDOWS\System32\drivers\SurfaceIntegrationDriver.sys [2016-9-28 102152]
R3 SurfacePenDriver;SurfacePenDriver Service;C:\WINDOWS\System32\drivers\SurfacePenDriver.sys [2016-7-14 115592]
R3 SurfacePro4TypeCoverIntegration;Surface Pro 4 Type Cover Integration Service;C:\WINDOWS\System32\drivers\SurfacePro4TypeCoverIntegration.sys [2015-10-30 59448]
R3 SurfaceStorageFwUpdate;Surface Storage Firmware Update Service;C:\WINDOWS\System32\drivers\SurfaceStorageFwUpdate.sys [2015-10-30 2813592]
R3 SurfaceSystemTelemetryDriver;Surface System Telemetry Driver;C:\WINDOWS\System32\drivers\SurfaceSystemTelemetryDriver.sys [2015-10-30 64000]
R3 SurfaceTouchServicingML;Surface Touch Servicing ML;C:\WINDOWS\System32\drivers\SurfaceTouchServicingML.sys [2016-6-28 77584]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_6e54c;User Data Storage_6e54c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_6e54c;User Data Access_6e54c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-7-16 719360]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
RUnknown bd2b5e561e904254c7b2c9156a796880;bd2b5e561e904254c7b2c9156a796880; [x]
S2 b66cdaa38e5597a0d324686c8b881a27;b66cdaa38e5597a0d324686c8b881a27;C:\Program Files\b66cdaa38e5597a0d324686c8b881a27\1ddad2ff809160a18cf259ccc96ea06b.exe [2016-10-17 9508864]
S2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-7-14 391168]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-7-16 126304]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\IntelCpHDCPSvc.exe [2016-7-14 465912]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [2016-1-23 83768]
S3 iaLPSS2_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [2016-1-23 185144]
S3 iaLPSS2_SPI;Intel(R) Serial IO SPI Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [2015-10-30 152360]
S3 iaLPSS2_UART2;Intel(R) Serial IO UART Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [2015-10-30 281896]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MessagingService_6e54c;MessagingService_6e54c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2015-7-31 242864]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-7-16 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-7-16 1312768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 SurfacePenClickFilter;Surface Pen Click Filter Service;C:\WINDOWS\System32\drivers\SurfacePenClickFilter.sys [2015-10-30 56984]
S3 SurfacePenIntegration;Surface Pen Integration Service;C:\WINDOWS\System32\drivers\SurfacePenIntegration.sys [2015-10-30 61464]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_6e54c;Windows Push Notifications User Service_6e54c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [2016-1-9 252816]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-7-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-7-16 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2016-7-16 823136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
SUnknown odfebnfq;odfebnfq; [x]
SUnknown sjoxxhir;sjoxxhir; [x]
SUnknown tgvkmrju;tgvkmrju; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-10-17 19:40:03 79064 ----a-w- C:\WINDOWS\System32\drivers\mioqe.sys
2016-10-17 19:18:03 -------- d-----w- C:\WINDOWS\System32\cocf
2016-10-17 19:11:20 -------- d-----w- C:\uninst
2016-10-17 19:11:18 -------- d-----w- C:\Users\tatia\AppData\Local\Tempfolder
2016-10-17 19:10:52 187904 ----a-w- C:\WINDOWS\rsrcs.dll
2016-10-17 19:10:48 0 ---ha-w- C:\WINDOWS\System32\BIT1008.tmp
2016-10-17 19:09:13 -------- d-----w- C:\Program Files\b66cdaa38e5597a0d324686c8b881a27
2016-10-17 19:08:42 -------- d-----w- C:\Users\tatia\AppData\Local\Apps
2016-10-17 1945 -------- d-----w- C:\Users\tatia\AppData\Roaming\system
2016-10-17 19:03:42 -------- d-----w- C:\Users\tatia\AppData\Roaming\Microleaves
2016-10-17 19:03:13 12030488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20E07219-6D14-416B-BDB9-B97E3B0EFD8E}\mpengine.dll
2016-10-17 19:02:38 -------- d-----w- C:\WINDOWS\System32\SSL
2016-10-17 19:01:33 -------- d-----w- C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2
2016-10-17 14:03:42 1866930 ----a-w- C:\WINDOWS\1bd98f407969d819b987f84f911d0d81.exe
2016-10-17 13:55:22 57424 ------w- C:\WINDOWS\System32\drivers\bd2b5e561e904254c7b2c9156a796880.sys
2016-10-17 03:29:56 -------- d-----w- C:\Users\tatia\AppData\Roaming\Foxit Software
2016-10-17 03:27:21 -------- d-----w- C:\Program Files (x86)\Foxit Software
2016-10-17 02:55:23 -------- d-----w- C:\WINDOWS\Panther
2016-10-17 02:48:07 12030488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-10-13 15:29:44 4608 ----a-w- C:\Users\tatia\AppData\Local\dnow.exe
2016-10-11 02:49:54 8192 ----a-w- C:\WINDOWS\System32\drivers\es-MX\rdvgkmd.sys.mui
2016-10-11 02:46:28 -------- d-----w- C:\WINDOWS\SysWow64\hy-AM
2016-10-11 02:46:28 -------- d-----w- C:\WINDOWS\SysWow64\drivers\UMDF\hy-AM
2016-10-11 02:46:28 -------- d-----w- C:\WINDOWS\System32\hy-AM
2016-10-11 02:46:28 -------- d-----w- C:\WINDOWS\System32\drivers\UMDF\hy-AM
2016-10-11 02:46:28 -------- d-----w- C:\WINDOWS\hy-AM
2016-10-11 02:46:17 2560 ----a-w- C:\WINDOWS\System32\drivers\UMDF\hy-AM\SensorsCx.dll.mui
2016-10-11 02:44:52 -------- d-----w- C:\WINDOWS\System32\Microsoft
2016-10-11 02:43:39 885832 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-10-11 02:43:39 1349128 ----a-w- C:\WINDOWS\System32\winload.efi
2016-10-11 02:43:39 1163696 ----a-w- C:\WINDOWS\System32\winload.exe
2016-10-11 02:43:39 1046976 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-10-11 02:43:35 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2016-10-11 02:14:00 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2016-10-11 02:12:14 -------- d-----w- C:\Users\tatia\AppData\Local\ConnectedDevicesPlatform
2016-10-11 02:05:26 -------- d-----w- C:\ProgramData\USOShared
2016-10-11 02:04:52 -------- d-sh--we C:\ProgramData\Documents
2016-10-11 02:03:04 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2016-10-11 01:59:04 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2016-10-11 01:59:04 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2016-10-11 01:54:29 2716672 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-10-11 01:53:52 -------- d-----w- C:\WINDOWS\System32\Intel
2016-10-11 01:53:46 117272 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2016-10-11 01:53:45 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-11 01:53:45 0 ----a-w- C:\WINDOWS\System32\GfxValDisplayLog.bin
2016-10-11 01:53:39 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2016-10-11 01:53:32 -------- d-----w- C:\WINDOWS\Firmware
2016-10-11 01:52:29 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2016-10-11 01:52:11 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2016-10-11 01:52:11 -------- d-----w- C:\WINDOWS\ServiceProfiles
2016-10-09 02:04:32 -------- d-----w- C:\Users\tatia\AppData\Local\Mozilla
2016-10-07 19:09:33 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A311640D-A66E-4344-B703-68869BC0332C}\gapaengine.dll
2016-10-07 18:41:19 -------- d-----w- C:\ProgramData\ALM
2016-10-06 2130 42792 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2016-10-06 21:00:28 73840 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2016-10-06 21:00:28 73840 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2016-10-06 21:00:28 73840 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2016-09-29 06:55:50 102152 ----a-w- C:\WINDOWS\System32\drivers\SurfaceIntegrationDriver.sys
2016-09-29 06:23:32 272384 ----a-w- C:\WINDOWS\System32\drivers\iaPreciseTouch.sys
2016-09-29 06:23:28 707336 ----a-w- C:\WINDOWS\System32\SurfaceService.exe
2016-09-29 06:23:24 182928 ----a-w- C:\WINDOWS\System32\drivers\UMDF\SurfacePenPairing.dll
.
==================== Find3M ====================
.
2016-10-17 19:40:28 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-10-11 02:49:54 4096 ----a-w- C:\WINDOWS\SysWow64\wbem\es\Microsoft.AppV.AppVClientWmi.resources.dll
2016-10-11 02:49:54 4096 ----a-w- C:\WINDOWS\System32\wbem\es\Microsoft.AppV.AppVClientWmi.resources.dll
2016-10-11 02:49:45 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\es-MX\NdisImPlatform.sys.mui
2016-10-11 02:49:44 7680 ----a-w- C:\WINDOWS\SysWow64\drivers\es-ES\ndiscap.sys.mui
2016-10-11 02:49:44 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\es-ES\wfplwfs.sys.mui
2016-10-11 02:49:44 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\es-MX\SensorsCx.dll.mui
2016-10-11 02:46:18 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\hy-AM\SensorsCx.dll.mui
2016-10-08 23:11:09 635904 ----a-w- C:\WINDOWS\SysWow64\mqsnap.dll
2016-10-08 23:11:09 14848 ----a-w- C:\WINDOWS\SysWow64\mqcertui.dll
2016-07-27 19:25:34 504488 ------w- C:\WINDOWS\System32\MpSigStub.exe
.
============= FINISH: 12:46:06.98 ===============
Attached Files
File Type: txt dds.txt (34.6 KB, 34 views)
File Type: txt attach.txt (10.8 KB, 443 views)
oops-a-doodle is offline  
Sponsored Links
Advertisement
 
Old 10-18-2016, 04:19 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-18-2016, 08:44 AM   #3
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



Hello,

I was able to run the ADWCleaner but once it was cleaning the threats, a popup from ADWCleaner popped up about how to prevent future threats. The touchscreen and the mouse wouldn't respond. I used esc to exit the popup and managed to restart the device. But it's been restarting for 20 mins.
oops-a-doodle is offline  
Sponsored Links
Advertisement
 
Old 10-18-2016, 09:16 AM   #4
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



Finally got out of restart & I was able to run the FRST. Please find the files attached

# AdwCleaner v6.021 - Logfile created 18/10/2016 at 08:11:00
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-16.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : tatia - TATIANA-TABLET
# Running from : C:\Users\tatia\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[-] Service deleted: b66cdaa38e5597a0d324686c8b881a27
[-] Service deleted: SMUpd
[-] Service deleted: SMUpdd


***** [ Folders ] *****

[-] Folder deleted: C:\Users\tatia\AppData\Local\BrowserAir
[-] Folder deleted: C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
[-] Folder deleted: C:\Program Files\Common Files\Noobzo
[-] Folder deleted: C:\ProgramData\SearchModule
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SearchModule
[-] Folder deleted: C:\uninst
[-] Folder deleted: C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa


***** [ Files ] *****

[-] File deleted: C:\Users\tatia\AppData\Local\Microsoft\Internet Explorer\DOMStore\QGNQH0VI\mytransitguide.dl.myway[1].xml
[-] File deleted: C:\Users\tatia\AppData\Local\Microsoft\Internet Explorer\DOMStore\N6CY1H04\hp.myway[1].xml
[-] File deleted: C:\Users\tatia\AppData\Local\Microsoft\Internet Explorer\DOMStore\N6CY1H04\www.mytransitguide[1].xml
[#] File deleted: C:\WINDOWS\SysNative\drivers\bd2b5e561e904254c7b2c9156a796880.sys
[-] File deleted: C:\Users\tatia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File deleted: C:\Users\tatia\Desktop\BrowserAir.lnk
[-] File deleted: C:\WINDOWS\SysNative\bi3.exe
[-] File deleted: C:\ProgramData\smp2.exe
[#] File deleted: C:\ProgramData\smp2.exe
[#] File deleted: C:\ProgramData\Application Data\smp2.exe
[-] File deleted: C:\Users\tatia\AppData\Roaming\Mozilla\Firefox\Profiles\qj3v7umd.default\searchplugins\smod.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk
[-] Shortcut disinfected: C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\tatia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mytransitguide.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mytransitguide.com
[-] Key deleted: HKU\S-1-5-21-3570299393-1799837360-84174179-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-3570299393-1799837360-84174179-1001\Software\BrowserAir
[-] Key deleted: HKU\S-1-5-21-3570299393-1799837360-84174179-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir
[#] Key deleted on reboot: HKCU\Software\BrowserAir
[-] Key deleted: HKLM\SOFTWARE\BrowserAir
[-] Key deleted: HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKLM\SOFTWARE\Social2S Browser Enhancer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\BrowserAir
[-] Key deleted: [x64] HKLM\SOFTWARE\BrowserAir
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: [x64] HKLM\SOFTWARE\Social2S Browser Enhancer
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akz.imgfarm.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\imgfarm.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.myway.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akz.imgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\imgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=gahzftpbl0cshmobu,acae4b59-a1c5-4415-b783-348cdac834cf,"
[-] Chrome preferences cleaned: "browser.newtab.url" - "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=gahzftpbl0cshmobu,acae4b59-a1c5-4415-b783-348cdac834cf,"
[-] [C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www-searching.com/?pid=s&s=gahzftpbl0cshmobu,acae4b59-a1c5-4415-b783-348cdac834cf,&vp=ch&prd=set_ch
[-] [C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www-searching.com/?pid=s&s=gahzftpbl0cshmobu,acae4b59-a1c5-4415-b783-348cdac834cf,&vp=ch&prd=set_ch


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8829 Bytes] - [18/10/2016 08:11:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [9166 Bytes] - [18/10/2016 08:09:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8975 Bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by tatia (administrator) on TATIANA-TABLET (18-10-2016 09:10:52)
Running from C:\Users\tatia\Downloads
Loaded Profiles: tatia (Available Profiles: tatia)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Spotify Ltd) C:\Users\tatia\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SurfaceService.exe] => C:\WINDOWS\System32\SurfaceService.exe [707336 2016-09-28] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3570299393-1799837360-84174179-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3570299393-1799837360-84174179-1001\...\Run: [Spotify Web Helper] => C:\Users\tatia\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-06-11] (Spotify Ltd)
HKU\S-1-5-21-3570299393-1799837360-84174179-1001\...\RunOnce: [Uninstall C:\Users\tatia\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tatia\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{58e33c7a-407e-407d-a7ae-25ca0c612cbd}: [DhcpNameServer] 75.75.75.75 75.75.76.76
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3570299393-1799837360-84174179-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-3570299393-1799837360-84174179-1001 -> is enabled.
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qj3v7umd.default
FF ProfilePath: C:\Users\tatia\AppData\Roaming\Mozilla\Firefox\Profiles\qj3v7umd.default [2016-10-17]
FF Homepage: Mozilla\Firefox\Profiles\qj3v7umd.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (All Aboard) - C:\Users\tatia\AppData\Roaming\Mozilla\Firefox\Profiles\qj3v7umd.default\Extensions\@all-aboard-v1-2 [2016-10-08]
FF Extension: (Dashlane) - C:\Users\tatia\AppData\Roaming\Mozilla\Firefox\Profiles\qj3v7umd.default\Extensions\[email protected] [2016-10-04]
FF Extension: (uBlock Origin) - C:\Users\tatia\AppData\Roaming\Mozilla\Firefox\Profiles\qj3v7umd.default\Extensions\[email protected] [2016-10-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2016-04-04] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2016-04-04] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=gahzftpbl0cshmobu,acae4b59-a1c5-4415-b783-348cdac834cf,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default [2016-10-18]
CHR Extension: (Google Translate) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-01-07]
CHR Extension: (Google Slides) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-07]
CHR Extension: (WhatFontis.com) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abgojkiegljpbjgofklpmkakkeapjlpp [2016-01-07]
CHR Extension: (Google Docs) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-07]
CHR Extension: (Google Drive) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-07]
CHR Extension: (Poper Blocker) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-06-13]
CHR Extension: (YouTube) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-07]
CHR Extension: (Spotify - Music for every moment) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-01-07]
CHR Extension: (Google Search) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-07]
CHR Extension: (Netflix) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2016-01-07]
CHR Extension: (Google Calendar) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-12]
CHR Extension: (Pandora) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-01-07]
CHR Extension: (Dashlane) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-10-07]
CHR Extension: (Google Sheets) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-07]
CHR Extension: (Songza) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikbbcifofebbnlfffhdlolcgjnleofo [2016-01-07]
CHR Extension: (iCloud Bookmarks) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-01-07]
CHR Extension: (Chrome Remote Desktop) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-17]
CHR Extension: (Google Docs Offline) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-10-09]
CHR Extension: (OneNote Web Clipper) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2016-10-07]
CHR Extension: (Pixlr Editor) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2016-01-07]
CHR Extension: (Google Play Music) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07]
CHR Extension: (Apps Launcher) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-10-07]
CHR Extension: (Google Scholar Button) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2016-01-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-08]
CHR Extension: (Mint) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg [2016-01-07]
CHR Extension: (Pocket) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-01-07]
CHR Extension: (Google Play Books) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-05-03]
CHR Extension: (My Study Life) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2016-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Adblock Pro) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-18]
CHR Extension: (Tumblr Savior) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2016-08-31]
CHR Extension: (My Chrome Theme) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-01-07]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-09-18]
CHR Extension: (RealtimeBoard: Whiteboard for Collaboration) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2016-01-07]
CHR Extension: (Gmail) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\tatia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR HKU\S-1-5-21-3570299393-1799837360-84174179-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [465912 2016-07-14] (Intel Corporation)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-10-06] (Windows (R) Win 7 DDK provider)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [391168 2016-07-14] (Intel Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [1725952 2015-02-27] (Pharos Systems International) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S2 SurfaceService; C:\WINDOWS\system32\SurfaceService.exe [707336 2016-09-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CSI2HostControllerDriver; C:\WINDOWS\System32\drivers\CSI2HostControllerDriver.sys [125456 2016-07-16] (Intel(R) Corporation)
R3 iacamera64; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [2133520 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [83768 2016-01-23] (Windows (R) Win 7 DDK provider)
S3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185144 2016-01-23] (Intel Corporation)
S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152360 2015-09-03] (Intel Corporation)
S3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281896 2015-09-03] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [217672 2016-06-28] (Intel(R) Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [648264 2016-06-28] (Intel(R) Corporation)
R3 IntTouch; C:\WINDOWS\System32\drivers\iaPreciseTouch.sys [272384 2016-09-28] (Intel Corporation)
R3 mrvlpcie8897; C:\WINDOWS\System32\drivers\mrvlpcie8897.sys [1058832 2016-04-22] (Marvell Semiconductors Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 ov5693; C:\WINDOWS\System32\drivers\ov5693.sys [164880 2016-07-16] (Intel(R) Corporation)
R3 ov7251; C:\WINDOWS\System32\drivers\ov7251.sys [156176 2016-07-16] (Intel Corporation)
R3 ov8865; C:\WINDOWS\System32\drivers\ov8865.sys [162320 2016-07-16] (Intel Corporation)
R3 SkcController; C:\WINDOWS\System32\drivers\SkcController.sys [170496 2016-07-16] (Intel(R) Corporation)
R3 supportdriver; C:\WINDOWS\System32\drivers\iaisp64.sys [52752 2016-07-16] (Intel(R) Corporation)
R3 SurfaceAccessoryDevice; C:\WINDOWS\System32\drivers\SurfaceAccessoryDevice.sys [70264 2015-09-09] (Microsoft Corporation)
R3 SurfaceButton; C:\WINDOWS\System32\drivers\SurfaceButton.sys [128144 2016-06-28] (Microsoft Corporation)
R3 SurfaceCoSAR; C:\WINDOWS\System32\drivers\SurfaceCoSAR.sys [64656 2016-04-14] (Microsoft Corporation)
R3 SurfaceDigitizerIntegration; C:\WINDOWS\System32\drivers\SurfaceDigitizerIntegration.sys [58504 2015-09-09] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\WINDOWS\System32\drivers\SurfaceDisplayCalibration.sys [51344 2016-01-10] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\WINDOWS\System32\drivers\SurfaceIntegrationDriver.sys [102152 2016-09-28] (Microsoft Corporation)
S3 SurfacePenClickFilter; C:\WINDOWS\System32\drivers\SurfacePenClickFilter.sys [56984 2015-09-09] (Microsoft Corporation)
R3 SurfacePenDriver; C:\WINDOWS\System32\drivers\SurfacePenDriver.sys [115592 2016-07-14] (Microsoft Corporation)
S3 SurfacePenIntegration; C:\WINDOWS\System32\drivers\SurfacePenIntegration.sys [61464 2015-09-09] (Microsoft Corporation)
R3 SurfacePro4TypeCoverIntegration; C:\WINDOWS\System32\drivers\SurfacePro4TypeCoverIntegration.sys [59448 2015-09-09] (Microsoft Corporation)
R3 SurfaceStorageFwUpdate; C:\WINDOWS\System32\drivers\SurfaceStorageFwUpdate.sys [2813592 2015-10-22] (Microsoft Corporation)
R3 SurfaceSystemTelemetryDriver; C:\WINDOWS\System32\drivers\SurfaceSystemTelemetryDriver.sys [64000 2015-09-09] (Microsoft Corporation)
R3 SurfaceTouchServicingML; C:\WINDOWS\System32\drivers\SurfaceTouchServicingML.sys [77584 2016-06-28] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-18 09:10 - 2016-10-18 09:11 - 00021018 _____ C:\Users\tatia\Downloads\FRST.txt
2016-10-18 09:10 - 2016-10-18 09:10 - 00000000 ____D C:\FRST
2016-10-18 09:09 - 2016-10-18 09:09 - 00009134 _____ C:\Users\tatia\Desktop\AdwCleaner[C0].txt
2016-10-18 08:08 - 2016-10-18 08:11 - 00000000 ____D C:\AdwCleaner
2016-10-18 08:08 - 2016-10-18 08:08 - 02407424 _____ (Farbar) C:\Users\tatia\Downloads\FRST64.exe
2016-10-18 08:08 - 2016-10-18 08:08 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5CD947E-E01A-4C51-B02C-9C6D3BDA4361}
2016-10-18 08:07 - 2016-10-18 08:08 - 03874368 _____ C:\Users\tatia\Downloads\AdwCleaner.exe
2016-10-18 08:05 - 2016-10-18 08:05 - 00004420 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_313938343930323936372d5b554a6c6c5a23572a415534
2016-10-18 08:05 - 2016-10-18 08:05 - 00002016 _____ C:\Users\tatia\Desktop\Hotmail.lnk
2016-10-17 12:46 - 2016-10-17 12:46 - 00035481 _____ C:\Users\tatia\Desktop\dds.txt
2016-10-17 12:46 - 2016-10-17 12:46 - 00011012 _____ C:\Users\tatia\Desktop\attach.txt
2016-10-17 12:44 - 2016-10-17 12:45 - 00688992 ____R (Swearware) C:\Users\tatia\Downloads\dds.scr
2016-10-17 12:18 - 2016-10-17 12:18 - 00000000 ____D C:\WINDOWS\system32\cocf
2016-10-17 12:11 - 2016-10-17 12:17 - 00000000 ____D C:\Users\tatia\AppData\LocalLow\Company
2016-10-17 12:11 - 2016-10-17 12:11 - 00000000 ____D C:\Users\tatia\AppData\Local\Tempfolder
2016-10-17 12:10 - 2016-10-18 08:05 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-10-17 12:10 - 2016-10-17 12:10 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-10-17 12:09 - 2016-10-17 12:09 - 00000003 _____ C:\Users\tatia\AppData\Local\run1.txt
2016-10-17 12:09 - 2016-10-17 12:09 - 00000000 ____D C:\Program Files\b66cdaa38e5597a0d324686c8b881a27
2016-10-17 12:08 - 2016-10-17 12:17 - 00000000 ____D C:\Users\tatia\AppData\Local\Apps\2.0
2016-10-17 12:07 - 2016-10-17 12:07 - 00000000 _____ C:\TOSTACK
2016-10-17 12:06 - 2016-10-17 12:17 - 00000000 ____D C:\Users\tatia\AppData\Roaming\system
2016-10-17 12:03 - 2016-10-17 12:04 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Microleaves
2016-10-17 12:02 - 2016-10-17 12:12 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-10-17 12:01 - 2016-10-17 12:17 - 00000000 ____D C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2
2016-10-17 12:00 - 2016-10-17 12:00 - 00000000 ____D C:\Users\tatia\AppData\LocalLow\uTorrent
2016-10-17 07:03 - 2016-10-17 07:03 - 01866930 _____ C:\WINDOWS\1bd98f407969d819b987f84f911d0d81.exe
2016-10-16 20:29 - 2016-10-16 20:29 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Foxit Software
2016-10-16 20:27 - 2016-10-16 20:27 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-10-16 19:55 - 2016-10-17 12:29 - 00040190 _____ C:\WINDOWS\system32\OV7251_FRONT.aiqd
2016-10-16 19:55 - 2016-10-17 12:29 - 00040190 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
2016-10-16 19:55 - 2016-10-16 19:55 - 00000000 ____D C:\WINDOWS\Panther
2016-10-16 19:44 - 2016-10-18 09:09 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-10-13 18:32 - 2016-10-13 18:32 - 02021379 _____ C:\Users\tatia\Documents\Chapter (cont).pdf
2016-10-13 17:26 - 2016-10-13 17:26 - 01553568 _____ C:\Users\tatia\Documents\Chapter) Organizing Themes in Development.pdf
2016-10-13 08:29 - 2016-10-13 08:29 - 00004608 _____ C:\Users\tatia\AppData\Local\dnow.exe
2016-10-10 19:50 - 2016-10-17 12:37 - 00635674 _____ C:\WINDOWS\system32\perfh00A.dat
2016-10-10 19:50 - 2016-10-17 12:37 - 00122148 _____ C:\WINDOWS\system32\perfc00A.dat
2016-10-10 19:50 - 2016-10-13 18:30 - 00000000 ____D C:\Windows.old
2016-10-10 19:50 - 2016-10-10 19:50 - 00346498 _____ C:\WINDOWS\system32\perfi00A.dat
2016-10-10 19:50 - 2016-10-10 19:50 - 00043804 _____ C:\WINDOWS\system32\perfd00A.dat
2016-10-10 19:50 - 2016-10-10 19:50 - 00000000 ____D C:\WINDOWS\SysWOW64\es
2016-10-10 19:50 - 2016-10-10 19:50 - 00000000 ____D C:\WINDOWS\system32\es
2016-10-10 19:46 - 2016-10-17 12:18 - 00000000 ____D C:\WINDOWS\hy-AM
2016-10-10 19:46 - 2016-10-10 19:46 - 00000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2016-10-10 19:46 - 2016-10-10 19:46 - 00000000 ____D C:\WINDOWS\system32\hy-AM
2016-10-10 19:44 - 2016-10-10 19:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-10-10 19:43 - 2016-10-10 19:43 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-10 19:43 - 2016-10-10 19:43 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-10 19:43 - 2016-10-10 19:43 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-10 19:43 - 2016-10-10 19:43 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-10 19:43 - 2016-10-10 19:43 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-10-10 19:35 - 2016-10-10 19:35 - 00011724 ____H C:\Users\tatia\AppData\Local\IconCache.db.backup
2016-10-10 19:14 - 2016-10-10 19:14 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-10-10 19:12 - 2016-10-12 10:23 - 00000000 ____D C:\Users\tatia\AppData\Local\ConnectedDevicesPlatform
2016-10-10 19:12 - 2016-10-10 19:12 - 00000020 ___SH C:\Users\tatia\ntuser.ini
2016-10-10 19:05 - 2016-10-10 19:05 - 00000000 ____D C:\ProgramData\USOShared
2016-10-10 19:04 - 2016-10-10 19:04 - 00000000 _SHDL C:\Users\Default\My Documents
2016-10-10 19:04 - 2016-10-10 19:04 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-10-10 19:04 - 2016-10-10 19:04 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-10-10 19:04 - 2016-10-10 19:04 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-10-10 19:04 - 2016-10-10 19:04 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-10-10 19:04 - 2016-10-10 19:04 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-10-10 19:04 - 2016-10-10 19:04 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-10-10 19:03 - 2016-10-18 09:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-10 19:03 - 2016-10-10 19:04 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-10-10 19:03 - 2016-10-10 19:04 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-10-10 18:58 - 2016-10-17 12:27 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-10 18:58 - 2016-10-10 18:58 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-10-10 18:58 - 2016-10-10 18:58 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-10-10 18:55 - 2016-10-16 19:54 - 00000000 ____D C:\Users\tatia
2016-10-10 18:55 - 2016-10-10 18:58 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-10-10 18:55 - 2016-10-10 18:55 - 00000000 _SHDL C:\Users\tatia\My Documents
2016-10-10 18:55 - 2016-10-10 18:55 - 00000000 _SHDL C:\Users\tatia\Documents\My Videos
2016-10-10 18:55 - 2016-10-10 18:55 - 00000000 _SHDL C:\Users\tatia\Documents\My Pictures
2016-10-10 18:55 - 2016-10-10 18:55 - 00000000 _SHDL C:\Users\tatia\Documents\My Music
2016-10-10 18:54 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-10-10 18:53 - 2016-10-18 09:09 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-10 18:53 - 2016-10-10 18:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SurfacePenDriver_01011.Wdf
2016-10-10 18:53 - 2016-10-10 18:53 - 00000000 ____D C:\WINDOWS\system32\Intel
2016-10-10 18:53 - 2016-10-10 18:53 - 00000000 ____D C:\WINDOWS\Firmware
2016-10-10 18:53 - 2016-10-10 18:53 - 00000000 ____D C:\Program Files\Intel
2016-10-10 18:53 - 2016-10-10 18:53 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-10-10 18:53 - 2016-07-14 19:32 - 00117272 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-10-10 18:52 - 2016-10-18 09:09 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-10 18:52 - 2016-10-10 19:35 - 00513896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-10 18:52 - 2016-10-10 18:52 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-10-08 19:04 - 2016-10-09 13:11 - 00000000 ____D C:\Users\tatia\AppData\Local\Mozilla
2016-10-08 19:04 - 2016-10-08 19:04 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Mozilla
2016-10-08 16:22 - 2016-10-18 08:10 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-08 16:22 - 2016-10-18 08:10 - 00001125 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-08 16:22 - 2016-10-08 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-07 11:46 - 2016-10-07 11:47 - 00000000 ____D C:\Users\tatia\Desktop\illustrator
2016-10-07 11:46 - 2016-10-07 11:46 - 00000000 ____D C:\Users\tatia\Desktop\photoshop
2016-10-07 11:45 - 2016-10-07 12:35 - 00000034 _____ C:\Users\tatia\AppData\Roaming\AdobeWLCMCache.dat
2016-10-07 11:41 - 2016-10-17 12:27 - 00001591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-10-07 11:41 - 2016-10-07 11:41 - 00000000 ____D C:\ProgramData\ALM
2016-10-06 14:06 - 2016-10-06 14:06 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DbxSvc.exe
2016-10-06 14:00 - 2016-10-06 14:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-10-06 14:00 - 2016-10-06 14:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-10-06 14:00 - 2016-10-06 14:00 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-09-28 23:55 - 2016-09-28 23:55 - 00102152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SurfaceIntegrationDriver.sys
2016-09-28 23:23 - 2016-09-28 23:23 - 00707336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SurfaceService.exe
2016-09-28 23:23 - 2016-09-28 23:23 - 00272384 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaPreciseTouch.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-18 09:09 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Cursors
2016-10-18 08:25 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-10-18 08:16 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-18 08:10 - 2016-01-12 14:07 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-10-18 08:10 - 2016-01-07 18:27 - 00001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-18 08:07 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-10-18 08:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-18 08:04 - 2016-02-15 17:50 - 00000000 ____D C:\Users\tatia\AppData\Local\Adobe
2016-10-17 12:46 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-17 12:41 - 2016-02-15 07:42 - 00000000 ____D C:\Program Files (x86)\Dashlane
2016-10-17 12:40 - 2016-02-03 21:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-17 12:37 - 2015-10-30 21:19 - 01835714 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-17 12:29 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-10-17 12:27 - 2016-06-11 16:25 - 00001863 _____ C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-10-17 12:27 - 2016-06-11 16:25 - 00001857 _____ C:\Users\tatia\Desktop\Spotify.lnk
2016-10-17 12:27 - 2016-05-08 20:37 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-10-17 12:27 - 2016-05-08 20:33 - 00001622 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-10-17 12:27 - 2016-05-08 20:33 - 00001604 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-10-17 12:27 - 2016-04-04 19:02 - 00001018 _____ C:\Users\Public\Desktop\LockDown Browser.lnk
2016-10-17 12:27 - 2016-03-28 05:27 - 00001107 _____ C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2016-10-17 12:27 - 2016-02-08 15:14 - 00001030 _____ C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-10-17 12:27 - 2016-01-11 23:09 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:08 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-10-17 12:27 - 2016-01-11 23:05 - 00002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-10-17 12:27 - 2016-01-07 18:24 - 00002368 _____ C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-17 12:26 - 2016-05-03 15:10 - 00001802 _____ C:\Users\tatia\Desktop\Google Drive.lnk
2016-10-17 12:22 - 2016-07-16 04:42 - 00646136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-10-17 12:22 - 2016-07-16 04:42 - 00496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-10-17 12:17 - 2016-08-24 14:45 - 00000000 ____D C:\Program Files\Office 2016 KMS Activator Ultimate v1.1 Final
2016-10-16 20:21 - 2016-05-20 11:51 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Telegram Desktop
2016-10-16 20:18 - 2016-02-15 17:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-16 19:55 - 2016-03-07 10:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-16 19:49 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-14 15:21 - 2016-01-07 20:58 - 00000000 ___RD C:\Users\tatia\Google Drive
2016-10-13 18:23 - 2016-05-25 17:04 - 00000000 ____D C:\Program Files (x86)\Birdfont
2016-10-13 18:23 - 2016-01-10 16:18 - 00000000 ____D C:\ProgramData\Apple
2016-10-13 18:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-10-13 17:11 - 2016-01-07 18:18 - 00000000 ____D C:\Users\tatia\AppData\Local\Packages
2016-10-13 16:27 - 2016-01-07 18:24 - 00000000 ____D C:\Users\tatia\AppData\Local\Comms
2016-10-12 10:19 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-10 19:51 - 2016-07-16 04:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-10-10 19:50 - 2016-07-16 07:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-10-10 19:50 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Com
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\IME
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Help
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Defender
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-10-10 19:50 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-10-10 19:50 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-10-10 19:50 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\servicing
2016-10-10 19:35 - 2016-01-07 18:24 - 00000000 ___RD C:\Users\tatia\OneDrive
2016-10-10 19:12 - 2015-10-30 21:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-10 19:05 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-10-10 19:04 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-10-10 19:03 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Registration
2016-10-10 19:03 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-10-10 19:00 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-10 19:00 - 2016-01-26 19:10 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-10-10 18:58 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-10 18:58 - 2016-06-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-10 18:58 - 2016-05-20 11:51 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2016-10-10 18:58 - 2016-05-08 20:37 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-10-10 18:58 - 2016-05-03 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-10-10 18:58 - 2016-04-04 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus
2016-10-10 18:58 - 2016-02-08 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pharos
2016-10-10 18:58 - 2016-01-11 23:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-10-10 18:58 - 2016-01-07 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-10 18:58 - 2016-01-07 18:34 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-10-10 18:58 - 2015-10-30 02:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-10-10 18:58 - 2015-10-29 23:28 - 00000000 ____D C:\Users\Default.migrated
2016-10-10 18:56 - 2016-07-16 07:15 - 00000000 ____D C:\WINDOWS\OCR
2016-10-10 18:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-10-10 18:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-10 18:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-10 18:56 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-10-10 18:56 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-10 18:56 - 2016-02-29 10:10 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-10-10 18:54 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-10-10 18:54 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-10-10 18:54 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-10 18:54 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-10 17:45 - 2016-04-04 19:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-10 17:42 - 2016-01-07 18:27 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-10 14:42 - 2016-01-07 18:27 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-08 16:22 - 2016-01-11 23:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-08 16:11 - 2015-10-30 00:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-10-08 16:11 - 2015-10-30 00:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-10-07 12:36 - 2016-01-07 18:18 - 00000000 ____D C:\Users\tatia\AppData\Roaming\Adobe
2016-10-07 12:16 - 2016-01-10 16:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-07 12:12 - 2016-01-10 16:30 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-07 12:10 - 2016-05-08 20:34 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-07 11:40 - 2016-05-08 20:34 - 00000000 ____D C:\Program Files\Adobe

==================== Files in the root of some directories =======

2016-10-07 11:45 - 2016-10-07 12:35 - 0000034 _____ () C:\Users\tatia\AppData\Roaming\AdobeWLCMCache.dat
2016-05-08 22:45 - 2016-05-08 22:47 - 0001456 _____ () C:\Users\tatia\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-13 08:29 - 2016-10-13 08:29 - 0004608 _____ () C:\Users\tatia\AppData\Local\dnow.exe
2016-10-17 12:09 - 2016-10-17 12:09 - 0000003 _____ () C:\Users\tatia\AppData\Local\run1.txt

Some files in TEMP:
====================
C:\Users\tatia\AppData\Local\Temp\libeay32.dll
C:\Users\tatia\AppData\Local\Temp\msvcr120.dll
C:\Users\tatia\AppData\Local\Temp\nsa5EF6.tmp.exe
C:\Users\tatia\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-10 18:51

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (30.5 KB, 36 views)
File Type: txt AdwCleaner[C0].txt (8.9 KB, 261 views)
File Type: txt FRST.txt (43.7 KB, 17 views)
oops-a-doodle is offline  
Old 10-18-2016, 01:48 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You are using an illegal version of MS Office.

Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

A recent study revealed that more often than not, keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-18-2016, 06:37 PM   #6
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



Thank you for responding, Chemist. I had gotten this tablet from a friend & didn't realize that the version of MS Office was illegal. I've uninstalled Office as well as other programs I feel may have been illegal.

I reran AdwCleaner (no threats) and FRST (see attached)

The internet browsers are no longer opening to that site; does this mean my system is clean?

Thank you!
Attached Files
File Type: txt Addition.txt (28.2 KB, 21 views)
File Type: txt FRST.txt (157.4 KB, 32 views)
oops-a-doodle is offline  
Old 10-19-2016, 06:55 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello oops-a-doodle. You're welcome. We'll have to see if you're clean after a few more steps.

Are you aware that you have no system restore points? Did you delete them, or have you disabled System Restore?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {5824FB3B-4B72-4103-9312-496213A68E1D} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {5C44184D-AEC9-4BE3-A135-AEE428A2418B} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {A16A4611-4A57-42F1-B15C-379A075C2700} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
    Task: {A88D1111-885F-4C55-98F1-0EE408B2E4EB} - \Adobe Flash Player Updater -> No File <==== ATTENTION
    Task: {B18F2F27-83A5-40A5-8B83-F2C980F11DC9} - System32\Tasks\SMW_UpdateTask_Time_313938343930323936372d5b554a6c6c5a23572a415534 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
    Task: {D1E458FD-DFD4-4E78-9807-9F786817521F} - \[email protected] -> No File <==== ATTENTION
    FirewallRules: [{F9E720B0-1D51-4B9E-868B-C546299335EC}] => (Allow) C:\Users\tatia\AppData\Local\Temp\installer1.exe
    FirewallRules: [{C3FB6CC5-D211-40B5-A122-F5D5EC0CE89D}] => (Allow) C:\Users\tatia\AppData\Local\36844733.exe
    FirewallRules: [{28E9DFDC-2336-479D-9A53-0AB07B30418C}] => (Allow) C:\Users\tatia\AppData\Local\BrowserAir\Application\BrowserairExec.exe
    HKU\S-1-5-18\...\Run: [] => 0
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3570299393-1799837360-84174179-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=gahzftpbl0cshmobu,acae4b59-a1c5-4415-b783-348cdac834cf,
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    2016-10-17 12:01 - 2016-10-17 12:17 - 00000000 ____D C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2
    BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
    BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL
    C:\Program Files (x86)\Microsoft Office
    StartupFolder: C:\Users\tatia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
    C:\Program Files\Microsoft Office
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
    Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
    x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
    x64-Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
    x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL
    RUnknown bd2b5e561e904254c7b2c9156a796880;bd2b5e561e904254c7b2c9156a796880; [x]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2015-7-31 242864]
    2016-10-10 18:58 - 2016-01-11 23:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-19-2016, 11:41 PM   #8
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



Hello Chemist,

No, I was not aware that I have no system restore points. Is that an issue?

I've attached the fixlog file

thank you!
Attached Files
File Type: txt Fixlog.txt (14.1 KB, 27 views)
oops-a-doodle is offline  
Old 10-20-2016, 03:36 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, oops-a-doodle. You're very welcome. How is the machine behaving?

See if you can turn on system restore:

Right-click the Windows logo button > 'System' > 'System protection'.

Highlight the Windows(C:)(System) drive under the Protection settings box, choose 'Configure...' then tick 'Turn on system protection' > 'Apply' > 'OK'.

Now highlight the Windows(C:)(System) drive under the Protection settings box again, choose 'Create...', type a name for a test system restore point, then choose 'Create'.

It should now begin creating a system restore point. Once done, choose 'Done' > 'OK'.

Let me know if you were successful turning on System Restore.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-22-2016, 11:39 PM   #10
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



Hello Chemist,

The system seems to be performing normally & I was able to set up the system restore point.

Please find the MBAM & ESET scans attached
Attached Files
File Type: txt eset.txt (3.1 KB, 15 views)
File Type: txt mbam scan 10.22.16.txt (2.9 KB, 22 views)
oops-a-doodle is offline  
Old 10-23-2016, 06:24 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, oops-a-doodle. Glad to hear it.

Most of the ESET finds have already been quarantined by AdwCleaner or FRST. Those will get deleted when we uninstall those tools.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /a/f/q "C:\Users\tatia\AppData\Local\Microsoft\Windows\INetCache\IE\1814QHZ3\BrowserAir48Inst[1].exe"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c del /a/f/q "C:\Windows\System32\SppExtComObjHook.dll"

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-23-2016, 09:57 PM   #12
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



Thank you! Everything looks good. Will I be able to restore the device to factory settings to make sure anything my friend had installed is no longer on the device?
oops-a-doodle is offline  
Old 10-24-2016, 10:47 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome. Glad to have helped.

Yes, you can restore to factory settings, but you could have done without having to have gone through this cleansing.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-24-2016, 12:01 PM   #14
Registered Member
 
Join Date: Mar 2016
Posts: 16
OS: windows 10



Okay thank you! I wasn't sure if resetting it would mess anything up.

Thank you very much for your help!
oops-a-doodle is offline  
Old 10-26-2016, 10:08 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Laptop vs surface pro 3/4
I am looking to pick up a new/used laptop or surface pro 3/4 for college. Is one better then the other? The main features I require are: 1. Battery life 2. touch screen (and possibly a digitizer touch screen) 3. ability to be used in a lap because desks in lecture hall may be too small 4....
dylan151 Laptop Support 3 11-24-2015 05:58 AM
Windows Surface Pro 2 Gaming?
For starters, I don't know if this is the correct forum, so I apologize if it's not. Anyways, I am almost though my first semester in college and I have decided that living on campus (As convenient as it is) gets very boring because I never leave. So I've been looking at houses with my roommate...
Saturisk PC Gaming Support 20 11-08-2013 08:20 PM
browser redirect help
I am using firefox and as of two days ago everything was fine. Then I started having issues with my browser redirecting. I ran the combofix software and these are the results. Can someone please assist me as to what I should do next? ComboFix 11-04-03.03 - jats5 04/04/2011 13:48:01.1.4 - x64...
jatspic5 Inactive Malware Help Topics 2 04-16-2011 07:53 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:51 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts