Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tech support scam popup


  • This topic is locked This topic is locked
13 replies to this topic

#1 coolcat22

coolcat22

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 20 February 2016 - 02:47 PM

Hello, yesterday while I was browsing websites I encountered one of the tech support scan pop ups that told me I had a virus and a lady was speaking telling me it was blocked. I knew better of course and ended google chrome in the task tree. However, I forgot I had some tabs I still needed and had restore the tabs but the pop up site kept coming up before i could close out real quick. This happened 2-4 times. I was reading some articles and they said even though I didn't click ok, phone them, give them any sort of access to my computer I could have gotten a drive by download or fileless infection like these articles state

 

https://blog.malwarebytes.org/exploits-2/2014/11/tech-support-website-infects-your-computer-before-you-even-dial-in/

 

The site I encountered was very similar to this posts

 

http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/your-microsoft-computer-has-been-blocked-with-the/441bf00b-bf93-4d00-b8a1-64aac2f5914c

 

https://blog.malwarebytes.org/exploits-2/2014/09/fileless-infections-from-exploit-kit-an-overview/

 

https://blog.malwarebytes.org/fraud-scam/2014/11/psa-tech-support-scams-pop-ups-on-the-rise/

 

 

I noticed it said something about rundll.exe, registry files, and personal info could be messed with. Even though I knew enough to close out and not call them and have not had any pop ups since the incident or any other odd things happen to my computer since then I'd like to be sure there isn't something on my browser or computer in the background keylogging me or have access to my data.

 

I have ran Malwarebytes and AVG before this and had no results so far but I am going to run more later. I'm running Windows 8.1 on my computer.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016
Ran by AlienAlpha (administrator) on ALPHA-J3MR322 (20-02-2016 13:32:37)
Running from C:\Users\AlienAlpha\Desktop
Loaded Profiles: AlienAlpha (Available Profiles: AlienAlpha & Alpha Console)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(TODO: <Company name>) C:\Program Files (x86)\HiveMind\HiveMindService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
() C:\Program Files (x86)\AlphaUI\AlphaService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\HiveMind\HiveMindMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\HiveMind\HiveMindMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(iolo technologies, LLC) C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2014-12-17] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-09-25] (Alienware)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-17] (Electronic Arts)
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [10116392 2015-12-21] (Visicom Media Inc.)
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\...\MountPoints2: {1da3d9cd-9aec-11e5-825a-a088697e6e76} - "D:\Autorun.exe" 
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
Startup: C:\Users\AlienAlpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DishAnywherePlayerShortcut.lnk [2016-01-22]
ShortcutTarget: DishAnywherePlayerShortcut.lnk -> C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Sling Media Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{4EFC1A04-D150-4879-A17D-35BB1F2C5358}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{699B9EEA-ABC1-47DF-B14E-2A482A5D255C}: [DhcpNameServer] 10.119.4.11 10.119.4.12 163.244.235.81
 
Internet Explorer:
==================
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3401314451-2428410538-3309546427-1001 -> DefaultScope {A4C6509C-6E34-42DA-8350-4F1F504AEBD8} URL = 
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-3401314451-2428410538-3309546427-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\AlienAlpha\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-11-23] (Nagravision)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-04]
CHR Extension: (Google Docs) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-04]
CHR Extension: (Google Drive) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (Adblock Plus) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
CHR Extension: (Google Search) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Video Downloader professional) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-01-11]
CHR Extension: (Google Sheets) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-04]
CHR Extension: (Google Docs Offline) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR Extension: (Gmail) - C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [14568 2014-09-25] (Alienware)
R2 AlphaService; C:\Program Files (x86)\AlphaUI\AlphaService.exe [53504 2015-09-21] ()
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
R2 HiveMindService; C:\Program Files (x86)\HiveMind\HiveMindService.exe [286624 2015-11-24] (TODO: <Company name>)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\service.exe [77528 2015-12-15] (Visicom Media Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AlphaMouse; C:\Windows\System32\drivers\AlphaMouse.sys [20416 2014-08-13] (Alienware)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2015-12-04] () [File not signed]
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HiveMindFilterDrv; C:\Windows\System32\drivers\HiveMindFilterDrv.sys [29184 2015-11-24] (Alienware)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-06-12] (Intel Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2015-12-04] () [File not signed]
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-07-08] (Intel Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-01-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 dcdbas; \SystemRoot\System32\drivers\dcdbas64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 13:32 - 2016-02-20 13:33 - 00021059 _____ C:\Users\AlienAlpha\Desktop\FRST.txt
2016-02-20 13:32 - 2016-02-20 13:32 - 00000000 ____D C:\FRST
2016-02-20 13:30 - 2016-02-20 13:30 - 02371072 _____ (Farbar) C:\Users\AlienAlpha\Desktop\FRST64.exe
2016-02-19 12:56 - 2016-02-19 12:56 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\AVG
2016-02-19 12:55 - 2016-02-19 12:55 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-19 12:53 - 2016-02-19 12:53 - 00000000 ___HD C:\$AVG
2016-02-19 12:53 - 2016-02-19 12:53 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\TuneUp Software
2016-02-19 12:53 - 2016-02-19 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-19 12:49 - 2016-02-20 05:43 - 00000000 ____D C:\ProgramData\MFAData
2016-02-19 12:49 - 2016-02-19 12:49 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-19 12:49 - 2016-02-19 12:49 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\MFAData
2016-02-19 12:49 - 2016-02-19 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-19 12:47 - 2016-02-19 12:53 - 00000000 ____D C:\ProgramData\Avg
2016-02-19 12:47 - 2016-02-19 12:52 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-19 12:46 - 2016-02-19 12:56 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\Avg
2016-02-19 12:46 - 2016-02-19 12:49 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\AvgSetupLog
2016-02-19 12:45 - 2016-02-19 12:46 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\AlienAlpha\Downloads\AVG_Protection_Free_698.exe
2016-02-17 12:58 - 2016-02-17 14:03 - 1186450111 _____ C:\Users\AlienAlpha\Downloads\Shameless.US.S06E06.720p.HDTV.X264-DIMENSION.mkv
2016-02-15 06:56 - 2016-02-15 06:56 - 19916957 _____ (The TTR Team) C:\Users\AlienAlpha\Downloads\TTRBetaInstaller-v1.2.3.exe
2016-02-10 01:19 - 2016-02-10 03:24 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\PAYDAY 2
2016-02-10 01:18 - 2016-02-10 01:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-02-09 12:07 - 2016-02-09 12:07 - 00000221 _____ C:\Users\AlienAlpha\Desktop\Metro Last Light.url
2016-02-09 08:34 - 2016-02-09 08:34 - 00000222 _____ C:\Users\AlienAlpha\Desktop\PAYDAY 2.url
2016-02-07 23:24 - 2016-02-07 23:47 - 411426172 _____ C:\Users\AlienAlpha\Downloads\shameless.us.s06e05.720p.hdtv.hevc.x265.mkv
2016-02-07 21:50 - 2016-02-07 22:28 - 1403409915 _____ C:\Users\AlienAlpha\Downloads\Shameless.US.S06E04.720p.HDTV.X264-DIMENSION.mkv
2016-02-07 21:21 - 2016-02-07 21:44 - 412213121 _____ C:\Users\AlienAlpha\Downloads\shameless.us.604.hdtv-lol.mp4
2016-02-07 03:33 - 2016-02-07 03:54 - 2115023872 _____ C:\Users\AlienAlpha\Desktop\mushuplus.avi
2016-02-05 17:12 - 2016-02-05 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-02-05 17:12 - 2014-12-16 22:38 - 00616136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-02-05 17:09 - 2016-02-05 17:12 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-02-05 17:08 - 2014-12-17 16:16 - 31894856 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 20921544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 17258696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 14034032 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 13945976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 13137608 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-02-05 17:08 - 2014-12-17 16:16 - 11398960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 11336944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 04292240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 04013896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 01875144 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434501.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434501.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00963784 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00935752 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00925000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00899272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00499912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00415944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00390856 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-02-05 17:08 - 2014-12-17 16:16 - 00348488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-02-05 17:08 - 2013-11-28 20:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-02-05 17:08 - 2013-11-28 20:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-02-05 16:46 - 2016-02-05 16:52 - 318606376 _____ (Dell Inc.) C:\Users\AlienAlpha\Downloads\ASM100_Video_Driver_0DN1F_WN32_9.18.13.4501_A02.EXE
2016-02-05 16:26 - 2016-02-05 16:26 - 00000000 ____D C:\Users\AlienAlpha\Documents\Dell Downloads
2016-02-05 16:24 - 2016-02-05 16:24 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-02-05 16:23 - 2016-02-05 16:23 - 00417064 _____ () C:\Users\AlienAlpha\Downloads\DellSystemDetectLauncher.exe
2016-02-04 18:27 - 2016-02-04 18:27 - 869810504 _____ C:\Windows\MEMORY.DMP
2016-02-04 18:27 - 2016-02-04 18:27 - 00301568 _____ C:\Windows\Minidump\020416-31484-01.dmp
2016-02-04 18:27 - 2016-02-04 18:27 - 00000000 ____D C:\Windows\Minidump
2016-02-04 03:09 - 2016-02-04 03:28 - 4243598112 _____ C:\Users\AlienAlpha\Desktop\vlc-record-2016-02-04-03h09m18s-~temp.avi-.avi
2016-02-04 01:39 - 2016-02-04 02:29 - 4248858112 _____ C:\Users\AlienAlpha\Desktop\~temp.avi
2016-02-01 12:59 - 2016-02-01 13:02 - 458274304 _____ C:\Users\AlienAlpha\Desktop\macvidmsgnoaudio.avi
2016-01-28 18:32 - 2016-01-28 18:32 - 00000000 __HDC C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
2016-01-28 15:05 - 2016-01-28 15:05 - 00004070 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-01-28 15:05 - 2016-01-28 15:05 - 00003504 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-01-28 15:05 - 2016-01-28 15:05 - 00003368 _____ C:\Windows\System32\Tasks\PCDDataUploadTask
2016-01-28 15:05 - 2016-01-28 15:05 - 00003248 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-01-28 15:05 - 2016-01-28 15:05 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-01-26 10:42 - 2016-01-26 11:10 - 1310962256 _____ C:\Users\AlienAlpha\Downloads\Shameless.US.S06E03.720p.HDTV.X264-DIMENSION.mkv
2016-01-26 06:18 - 2016-01-26 06:27 - 732111360 _____ C:\Users\AlienAlpha\Desktop\claudio_clooke2.avi
2016-01-24 07:18 - 2016-01-24 07:20 - 84475352 _____ (Sling Media) C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (3).exe
2016-01-23 09:38 - 2014-04-28 10:21 - 00108611 _____ C:\Users\AlienAlpha\Desktop\Edvr.cfg
2016-01-23 09:38 - 2014-03-15 14:39 - 00428925 _____ C:\Users\AlienAlpha\Desktop\WMP_MediaFilter.rar
2016-01-23 09:38 - 2012-03-04 11:05 - 01364995 _____ C:\Users\AlienAlpha\Desktop\CamStudio20.exe
2016-01-23 07:34 - 2016-01-23 08:56 - 244975956 _____ C:\Users\AlienAlpha\Downloads\will_and_grace.1x02.a_new_lease_on_life.dvdrip_xvid-fov.rar
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-01-22 04:00 - 2016-01-22 04:00 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player
2016-01-22 04:00 - 2016-01-22 04:00 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\DISH Anywhere
2016-01-22 03:56 - 2016-01-22 03:58 - 84475352 _____ (Sling Media) C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (2).exe
2016-01-22 03:56 - 2016-01-22 03:58 - 84475352 _____ (Sling Media) C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (1).exe
2016-01-21 23:22 - 2016-01-22 00:43 - 245621074 _____ C:\Users\AlienAlpha\Downloads\will_and_grace.1x01.love_and_marriage.dvdrip_xvid-fov.rar
2016-01-21 06:15 - 2016-01-21 07:32 - 235819347 _____ C:\Users\AlienAlpha\Downloads\will_and_grace.1x15.will_works_out.ac3.dvdrip_xvid-fov.rar
2016-01-21 01:33 - 2016-01-21 01:33 - 00001032 _____ C:\Users\Public\Desktop\CamStudio.lnk
2016-01-21 01:33 - 2016-01-21 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
2016-01-21 01:32 - 2016-01-21 01:33 - 00000000 ____D C:\Program Files (x86)\CamStudio
2016-01-21 01:23 - 2016-01-21 01:24 - 17130066 _____ C:\Users\AlienAlpha\Desktop\WIN_20160114_145150.MP4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 13:20 - 2015-12-27 23:19 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Skype
2016-02-20 12:37 - 2015-12-04 19:22 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-20 11:28 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2016-02-20 03:23 - 2015-12-04 18:36 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3401314451-2428410538-3309546427-1001
2016-02-20 02:48 - 2014-11-02 16:43 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2016-02-20 02:43 - 2014-03-18 03:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-20 02:37 - 2015-12-04 19:22 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-20 02:36 - 2015-12-04 19:05 - 00000000 ____D C:\Users\Alpha Console\AppData\Roaming\Kodi
2016-02-20 02:35 - 2014-11-02 16:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-20 02:35 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 02:34 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-20 02:33 - 2015-12-04 18:30 - 00000000 ____D C:\Users\AlienAlpha
2016-02-19 14:44 - 2015-12-04 19:23 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 14:44 - 2015-12-04 19:23 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 12:59 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-02-19 12:53 - 2013-08-22 09:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-19 10:27 - 2015-12-04 19:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-17 16:23 - 2016-01-19 01:19 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\vlc
2016-02-15 06:57 - 2015-12-21 20:35 - 00001095 _____ C:\Users\Public\Desktop\Toontown Rewritten.lnk
2016-02-14 17:08 - 2015-12-27 23:19 - 00000000 ____D C:\ProgramData\Skype
2016-02-14 17:00 - 2015-12-04 20:50 - 00000000 ____D C:\ProgramData\Origin
2016-02-14 10:08 - 2014-11-02 16:43 - 00000000 ____D C:\ProgramData\PCDr
2016-02-12 10:15 - 2014-11-02 16:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-11 20:40 - 2014-11-02 16:43 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-02-10 07:54 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 07:54 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-10 01:18 - 2014-11-02 16:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-09 21:32 - 2015-12-04 19:22 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-09 21:32 - 2015-12-04 19:22 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-09 12:07 - 2015-12-06 00:47 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-06 03:52 - 2015-12-06 02:32 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\ElevatedDiagnostics
2016-02-06 02:44 - 2015-12-27 15:10 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Audacity
2016-02-06 00:30 - 2015-12-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-02-06 00:30 - 2015-12-04 18:45 - 00000000 ____D C:\Program Files\Dell
2016-02-05 17:12 - 2014-11-02 16:46 - 00000000 ____D C:\Temp
2016-02-05 17:07 - 2014-11-02 17:00 - 00000000 ____D C:\ProgramData\Dell
2016-02-05 16:24 - 2015-12-04 19:22 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\Deployment
2016-01-31 01:25 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-28 18:33 - 2015-12-05 15:17 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-01-28 15:05 - 2014-11-02 16:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2016-01-24 07:31 - 2015-12-28 22:16 - 00000000 ____D C:\Program Files (x86)\DishAnywhereDesktop
2016-01-22 04:01 - 2015-12-28 22:18 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\SlingMedia
2016-01-22 04:01 - 2014-11-02 16:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-21 10:26 - 2015-12-27 02:10 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\ManyCam
 
==================== Files in the root of some directories =======
 
2014-11-02 16:13 - 2014-11-02 16:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\AlienAlpha\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\AlienAlpha\AppData\Local\Temp\EADEF82.exe
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\AlienAlpha\AppData\Local\Temp\nvStInst.exe
C:\Users\AlienAlpha\AppData\Local\Temp\Setup_OnHD.exe
C:\Users\AlienAlpha\AppData\Local\Temp\UninstallEADM.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-13 02:23
 
==================== End of FRST.txt ============================
 
 
If I'm missing anything, please tell me.

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 20 February 2016 - 04:36 PM

Hello coolcat22 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 20 February 2016 - 05:25 PM

Hi

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\...\MountPoints2: {1da3d9cd-9aec-11e5-825a-a088697e6e76} - "D:\Autorun.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default
C:\Users\AlienAlpha\AppData\Local\AvgSetupLog
C:\Users\AlienAlpha\AppData\Local\MFAData
C:\ProgramData\MFAData
C:\Users\AlienAlpha\AppData\Roaming\AVG
C:\Users\AlienAlpha\AppData\Roaming\TuneUp Software
C:\Users\AlienAlpha\AppData\Local\PAYDAY 2
C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
2016-01-22 03:56 - 2016-01-22 03:58 - 84475352 _____ (Sling Media) C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (2).exe
2016-01-22 03:56 - 2016-01-22 03:58 - 84475352 _____ (Sling Media) C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (1).exe
2016-02-20 13:20 - 2015-12-27 23:19 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Skype
C:\Users\Alpha Console\AppData\Roaming\Kodi
C:\Users\AlienAlpha\AppData\Roaming\vlc
2016-02-06 03:52 - 2015-12-06 02:32 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\ElevatedDiagnostics
2016-02-06 02:44 - 2015-12-27 15:10 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Audacity
2016-01-22 04:01 - 2015-12-28 22:18 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\SlingMedia
2016-01-22 04:01 - 2014-11-02 16:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-21 10:26 - 2015-12-27 02:10 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\ManyCam
2014-11-02 16:13 - 2014-11-02 16:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\AlienAlpha\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\AlienAlpha\AppData\Local\Temp\EADEF82.exe
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\AlienAlpha\AppData\Local\Temp\nvStInst.exe
C:\Users\AlienAlpha\AppData\Local\Temp\Setup_OnHD.exe
C:\Users\AlienAlpha\AppData\Local\Temp\UninstallEADM.dll
Emptytemp:
end

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.
=============================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

===============================================================================================

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

=================================================================================================

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 coolcat22

coolcat22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 20 February 2016 - 07:28 PM

When I opened FRST i got an 2 error pop ups for ERUNT.exe. One says it stopped resonding and another saying "exception EAcessViolation in module ERUNT.exe." it has more but I didn't want to type it all. Does this have to do with the FRST program? I closed out and opened FRST again and nothing came that time and removed things normally.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by AlienAlpha (2016-02-20 17:02:52) Run:1
Running from C:\Users\AlienAlpha\Desktop
Loaded Profiles: AlienAlpha (Available Profiles: AlienAlpha & Alpha Console)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\...\MountPoints2: {1da3d9cd-9aec-11e5-825a-a088697e6e76} - "D:\Autorun.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default
C:\Users\AlienAlpha\AppData\Local\AvgSetupLog
C:\Users\AlienAlpha\AppData\Local\MFAData
C:\ProgramData\MFAData
C:\Users\AlienAlpha\AppData\Roaming\AVG
C:\Users\AlienAlpha\AppData\Roaming\TuneUp Software
C:\Users\AlienAlpha\AppData\Local\PAYDAY 2
C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
2016-01-22 03:56 - 2016-01-22 03:58 - 84475352 _____ (Sling Media) C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (2).exe
2016-01-22 03:56 - 2016-01-22 03:58 - 84475352 _____ (Sling Media) C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (1).exe
2016-02-20 13:20 - 2015-12-27 23:19 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Skype
C:\Users\Alpha Console\AppData\Roaming\Kodi
C:\Users\AlienAlpha\AppData\Roaming\vlc
2016-02-06 03:52 - 2015-12-06 02:32 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\ElevatedDiagnostics
2016-02-06 02:44 - 2015-12-27 15:10 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\Audacity
2016-01-22 04:01 - 2015-12-28 22:18 - 00000000 ____D C:\Users\AlienAlpha\AppData\Roaming\SlingMedia
2016-01-22 04:01 - 2014-11-02 16:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-21 10:26 - 2015-12-27 02:10 - 00000000 ____D C:\Users\AlienAlpha\AppData\Local\ManyCam
2014-11-02 16:13 - 2014-11-02 16:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\AlienAlpha\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\AlienAlpha\AppData\Local\Temp\EADEF82.exe
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\AlienAlpha\AppData\Local\Temp\nvStInst.exe
C:\Users\AlienAlpha\AppData\Local\Temp\Setup_OnHD.exe
C:\Users\AlienAlpha\AppData\Local\Temp\UninstallEADM.dll
Emptytemp:
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3401314451-2428410538-3309546427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da3d9cd-9aec-11e5-825a-a088697e6e76}" => key removed successfully
HKCR\CLSID\{1da3d9cd-9aec-11e5-825a-a088697e6e76} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
Chrome Session Restore: => removed successfully
CHR Profile: C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\AlienAlpha\AppData\Local\AvgSetupLog => moved successfully
C:\Users\AlienAlpha\AppData\Local\MFAData => moved successfully
C:\ProgramData\MFAData => moved successfully
C:\Users\AlienAlpha\AppData\Roaming\AVG => moved successfully
C:\Users\AlienAlpha\AppData\Roaming\TuneUp Software => moved successfully
C:\Users\AlienAlpha\AppData\Local\PAYDAY 2 => moved successfully
C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075} => moved successfully
"C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (2).exe" => not found.
"C:\Users\AlienAlpha\Downloads\DishAnywhere-Desktop (1).exe" => not found.
 
"C:\Users\AlienAlpha\AppData\Roaming\Skype" folder move:
 
Could not move "C:\Users\AlienAlpha\AppData\Roaming\Skype" => Scheduled to move on reboot.
 
C:\Users\Alpha Console\AppData\Roaming\Kodi => moved successfully
C:\Users\AlienAlpha\AppData\Roaming\vlc => moved successfully
C:\Users\AlienAlpha\AppData\Local\ElevatedDiagnostics => moved successfully
C:\Users\AlienAlpha\AppData\Roaming\Audacity => moved successfully
 
"C:\Users\AlienAlpha\AppData\Roaming\SlingMedia" folder move:
 
Could not move "C:\Users\AlienAlpha\AppData\Roaming\SlingMedia" => Scheduled to move on reboot.
 
C:\ProgramData\Package Cache => moved successfully
C:\Users\AlienAlpha\AppData\Local\ManyCam => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\drm_dyndata_7400009.dll => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\EADEF82.exe => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\nvSCPAPISvr.exe => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\Setup_OnHD.exe => moved successfully
C:\Users\AlienAlpha\AppData\Local\Temp\UninstallEADM.dll => moved successfully
EmptyTemp: => 1.9 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-20 17:11:02)
 
C:\Users\AlienAlpha\AppData\Roaming\Skype => Is moved successfully
C:\Users\AlienAlpha\AppData\Roaming\SlingMedia => Is moved successfully
 
==== End of Fixlog 17:11:02 ====
 
 
 
 

Zemana AntiMalware 2.19.2.904 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/2/20
Operating System       : Windows 8.1 64-bit
Processor              : 4X Intel® Core™ i3-4130T CPU @ 2.90GHz
BIOS Mode              : UEFI
CUID                   : 00BD75C697FFB649C71B18
Scan Type              : Smart Scan
Duration               : 3m 35s
Scanned Objects        : 12622
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Internet Explorer Homepage
Status             : Scanned
Object             : http://www.alienwarearena.com/welcome-us
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage
 
ManyCamWebInstaller.exe
Status             : Scanned
Object             : %userprofile%\downloads\manycamwebinstaller.exe
MD5                : 21951F038156F15925F2C7119B7985DD
Publisher          : Visicom Media Inc.
Size               : 296472
Version            : 1.2.0.1
Detection          : Adware:Win32/VisicomToolbar!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\manycamwebinstaller.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 
 
 

~ ZHPCleaner v2016.2.20.32 by Nicolas Coolman (2016/02/20)
~ Run by AlienAlpha (Administrator)  (20/02/2016 18:21:19)
~ State version : 
~ Type : Repair
~ Report : C:\Users\AlienAlpha\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\AlienAlpha\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit  (Build 9600)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.
 
 
---\\  Registry ( Key, Value, Data) (2)
DELETED key*: HKEY_USERS\S-1-5-21-3401314451-2428410538-3309546427-1001\SOFTWARE\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
DELETED key: HKCU\Software\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
 
 
---\\  Summary of the elements found (1)
http://www.nicolascoolman.fr/?p=5143  =>Toolbar.AVGSafeGuard
 
 
---\\  Other deletions. (25)
~ Registry Keys Tracing deleted (25)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 266
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 2
 
 
~ End of clean in 00h00mn04s
===================
ZHPCleaner-[R]-20022016-18_21_23.txt
ZHPCleaner-[S]-20022016-18_20_58.txt
 
 
 
Hope I did all the scans correctly! 
 

Attached Files



#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 21 February 2016 - 05:34 PM

Perfect :thumbup2:

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 coolcat22

coolcat22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 21 February 2016 - 11:15 PM

Here are the three logs you asked for, hope everything is in order.

 

 

 

# AdwCleaner v5.035 - Logfile created 21/02/2016 at 21:29:52
# Updated 18/02/2016 by Xplode
# Database : 2016-02-21.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : AlienAlpha - ALPHA-J3MR322
# Running from : C:\Users\AlienAlpha\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\AlienAlpha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1609 bytes] ##########
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 8.1 x64 
Ran by AlienAlpha (Administrator) on Sun 02/21/2016 at 21:41:06.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\wininit.ini (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/21/2016 at 21:46:02.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : AlienAlpha [Administrator]
Started from : C:\Users\AlienAlpha\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/21/2016 22:06:08
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3401314451-2428410538-3309546427-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{699B9EEA-ABC1-47DF-B14E-2A482A5D255C} | DhcpNameServer : 10.119.4.11 10.119.4.12 163.244.235.81 ([X][X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{699B9EEA-ABC1-47DF-B14E-2A482A5D255C} | DhcpNameServer : 10.119.4.11 10.119.4.12 163.244.235.81 ([X][X][X])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] 72dcda1709c1fcab31ee6645eadfd363
[BSP] efc41c1235cb1def1432c982aca82e87 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
4 - Basic data partition | Offset (sectors): 2906112 | Size: 468588 MB
5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 962574336 | Size: 6932 MB
User = LL1 ... OK
User = LL2 ... OK
 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 22 February 2016 - 05:41 AM

Hi coolcat22,

 

Rogue Log is clean

================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

=========================================================================

How is the machine running now and any issues ? Please let me know.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 coolcat22

coolcat22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 23 February 2016 - 01:06 AM

Nothing was found in the ESET scan but I got the log from the program files folder. Hope this is correct thing to do. I have not had anything pop up at all so I think its safe to assume the tech support scam didn't mess with my computer I suppose. is there anything else you would like for me to do?

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e9c257fd4bd30442ae40b8033f2007ca
# end=init
# utc_time=2016-02-23 04:36:00
# local_time=2016-02-22 10:36:00 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e9c257fd4bd30442ae40b8033f2007ca
# end=init
# utc_time=2016-02-23 04:36:29
# local_time=2016-02-22 10:36:29 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 28257
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e9c257fd4bd30442ae40b8033f2007ca
# end=updated
# utc_time=2016-02-23 04:42:08
# local_time=2016-02-22 10:42:08 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e9c257fd4bd30442ae40b8033f2007ca
# engine=28257
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-23 06:02:00
# local_time=2016-02-23 12:02:00 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition'
# compatibility_mode=1057 16777213 100 97 212525 1764928 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4091155 19910490 0 0
# scanned=280369
# found=0
# cleaned=0
# scan_time=4791

Edited by coolcat22, 23 February 2016 - 01:06 AM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 23 February 2016 - 07:06 PM

  Scan with Zoek script:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   98 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 coolcat22

coolcat22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 24 February 2016 - 06:36 PM

Here is my zoek log

Attached Files



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 25 February 2016 - 11:28 AM

How is the PC running now ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 coolcat22

coolcat22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 26 February 2016 - 12:20 AM

It seems to be running normally and I haven't had any signs to show that anything has infected my computer from the tech support site. Should i run anything else?



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 26 February 2016 - 06:56 PM

Congratulations! :thumbup2:  The machine is clean now.

 

Thank you for your patience.  Please do the following:

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

I would recommend you:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices

How Malware Spreads - How your system gets infected

Best Practices for Safe Computing - Prevention of Malware Infection

 

Some safety suggestions !

Best regards.wave.gif

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 13 March 2016 - 03:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users