Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RewardBrandSurvey Keeps Starting up in Background


  • This topic is locked This topic is locked
35 replies to this topic

#1 JayJax

JayJax

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 14 April 2016 - 10:40 AM

I started a discussion on B.C. in another area but they were unable to help.    I'm not sure if this should be listed here on in Am I Infected but hopefully you can help - Thanks.
 
I don't know if this is a program or a virus or whatever but instructions I found upon doing a search do not work in that it tells steps to show programs on computer and it is not in that list so i can't remove it.
 
I have seen other websites that have a tool or whatever to download to remove it but i am not wanting to download a fix as it may be just another problem installed on my computer.
 
So I am listing my problem here..
 
I have blocked it on Firefox but it keeps coming up in the background anyway.
 
Here is the information I was able to find when it came up on my computer:

Mod Edit: Disabled links - Hamluis.
 
Referring URL    hxxx://www1.bop-bop-bam.com/18506/null/null/1_ctx_243462de-80a3-4562-a257-]www1.bop-bop-bam.com/18506/null/null/1_ctx_243462de-80a3-4562-a257-[
 
Modified: Wednesday, March 23, 2016 8:42:48 PM
 
Meta (2 tags)
 
Media:

hxxx://rewardbrandsurveys.com/images/favicon_3923.png]hxxx://rewardbrandsurveys.com/images/favicon_3923.png
hxxx://rewardbrandsurveys.com/images/service_rep_7676.jpg]hxxx://rewardbrandsurveys.com/images/service_rep_7676.jpg hxxx://rewardbrandsurveys.com/images/foot_secure.png]hxxx://rewardbrandsurveys.com/images/foot_secure.png
hxxx://rewardbrandsurveys.com/images/foot_guarantee.png]hxxx://rewardbrandsurveys.com/images/foot_guarantee.png
hxxx://rewardbrandsurveys.com/images/thankyou_5934.jpg]hxxx://rewardbrandsurveys.com/images/thankyou_5934.jpg

Permissions I set to Block All
 
Security says I visited this page 3 other times
 
Says its not encrypted
 
Says website does not supply owner information
 
Verified by: not specified
 
I hope I am posting this is the Correct Group - if not I apologize.
 
HERE'S THE RESULTS OF THE FRST I ran today.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Anne (2016-04-14 10:12:06)
Running from C:\Users\Anne\Desktop
Windows 8.1 (X64) (2015-05-26 04:07:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================
Administrator (S-1-5-21-1818071923-735345186-3340230363-500 - Administrator - Disabled) => C:\Users\Administrator
Anne (S-1-5-21-1818071923-735345186-3340230363-1002 - Administrator - Enabled) => C:\Users\Anne
Guest (S-1-5-21-1818071923-735345186-3340230363-501 - Limited - Enabled)
jjaxa_000 (S-1-5-21-1818071923-735345186-3340230363-1003 - Limited - Enabled)

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B3C41846-0ED2-2FE4-C154-F736C9D53364}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell System Detect (HKU\S-1-5-21-1818071923-735345186-3340230363-1002\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1818071923-735345186-3340230363-1002\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.181 - Dell Inc.)
FastStone Image Viewer 5.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.4 - FastStone Soft)
FastStone Photo Resizer 3.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.3 - FastStone Soft.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.1.1000 - Maxthon International Limited)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
NIKON IMAGE SPACE UPLOADER (HKLM-x32\...\com.nikonimagespace.uploader) (Version: 1.2 - NIKON CORPORATION)
NIKON IMAGE SPACE UPLOADER (x32 Version: 1.2 - NIKON CORPORATION) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Opera Stable 35.0.2066.92 (HKLM-x32\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9150 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1818071923-735345186-3340230363-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C58CFC-45C7-4B66-A49D-4D96E79606BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {24DBE28B-E2EA-4308-8DB1-60E106AB818E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-14] (Dell Inc.)
Task: {25ECA170-A76E-4D37-9FC3-C66D704E0FB8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1818071923-735345186-3340230363-1002UA => C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-26] (Dropbox, Inc.)
Task: {337E5382-971D-41E2-B102-57B1E9E005AD} - System32\Tasks\Opera scheduled Autoupdate 1456107763 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {3B851B42-7975-4CAE-93C6-82ABC1258AB5} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {47CE050B-6D97-48F2-ADD9-BD8287B8B80C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-18] (Microsoft Corporation)
Task: {4A4C9CBC-ED47-427B-B693-5A00CA469D4B} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {6B584FDE-29C8-4264-9DC5-DA52633942D1} - System32\Tasks\Opera scheduled Autoupdate 1454785497 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {710E2CCA-B909-4EFC-A2F6-00F1DE254BB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {76871D72-DA4A-47D7-862A-0445167A72AD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {7CD0676D-77BF-4300-812C-D5B68EDCB761} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1818071923-735345186-3340230363-1002Core => C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-26] (Dropbox, Inc.)
Task: {8119A2D7-E485-4BCB-8663-51EEE5CEE3A1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {83B4F091-DD60-4479-BA3A-2A0509F61824} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {97596790-2E3E-4FAB-8885-75C5A215DC1D} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {A936EB17-2032-4188-B709-49ED4453EC15} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2016-02-23] (Maxthon International ltd.)
Task: {A9505098-2780-4091-999F-2D8301A6F1FB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-14] (Synaptics Incorporated)
Task: {A9662071-99B5-43A6-B7F9-2B5A3B2D6850} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {B6E9911D-BEB8-47FD-BF5E-950EF17BB1EC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D5223537-5AEE-45B0-AF4C-808D95125444} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {EF859734-E03E-4D82-8338-D727A1E3C435} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {F7C0A918-9EF0-493D-BD75-2A2A54644DB2} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {F84C0049-B2B2-49D4-BD5A-561CF9F7DAF2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {FD3C986E-6845-4A53-A9AD-9E8BA4785191} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1818071923-735345186-3340230363-1002Core.job => C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1818071923-735345186-3340230363-1002UA.job => C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-25 12:23 - 2014-03-25 12:23 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-13 21:57 - 2014-01-13 21:57 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2016-03-25 16:53 - 2016-03-23 18:43 - 00111352 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2016-03-25 16:53 - 2016-03-23 18:43 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-09-21 16:40 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Anne\Documents\WORDS.odt:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1818071923-735345186-3340230363-1002\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1818071923-735345186-3340230363-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1818071923-735345186-3340230363-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1818071923-735345186-3340230363-1002\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1818071923-735345186-3340230363-1002\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6D722C19-F242-4E88-8C01-F0916239812E}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{027A3C33-2390-44CD-B841-D7569C3F7FE2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{0E9C84F8-228D-411D-ABB8-835A8F287656}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8468921F-5684-4E19-8763-95EA5EB5FE82}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{888C4602-03C5-42B5-8E4B-6FD279D98B58}] => (Allow) C:\Users\Anne\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{775B96D6-3EC6-47A6-8499-95B8B9CF4B3D}] => (Allow) C:\Users\Anne\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7F50A1BF-24B5-45B3-8C48-79E87CD6EAC1}C:\users\anne\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\anne\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{10244174-2F63-407C-97DA-BFF08DF179EB}C:\users\anne\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\anne\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{37D5D2D9-BE25-43CA-95E2-5D458E7F5766}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1FF65148-FE67-4280-9BBD-1ECF5146607C}] => (Allow) LPort=2869
FirewallRules: [{FB44713D-2169-4CE1-BC2E-522D6756C06E}] => (Allow) LPort=1900
FirewallRules: [{56329930-031D-4A73-B9F7-0596999F6B36}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{4625CB37-DF7E-4E24-94F6-D84845085C08}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{7CC5FB35-E06D-4947-BA94-6B4843120DB7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{58D94A6F-16DB-4D2A-AD21-1FA23D4B216D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{0FC7DB6D-03CB-4CF0-BC1F-1C4EE5F62006}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0BAC151-3918-4AC5-B371-BC9C5694ABCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DFC81DB-A27D-4183-B97C-C16C6EBB9EF4}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

28-03-2016 13:03:45 Removed Bonjour
05-04-2016 18:11:14 Scheduled Checkpoint
11-04-2016 18:11:32 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2016 12:20:02 PM) (Source: DellUpdate) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: The ChannelDispatcher at 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039' with contract(s) '"IDellUpdateWcfSession"' is unable to open its IChannelListener. ---> System.InvalidOperationException: A registration already exists for URI 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039'.
   at System.ServiceModel.Channels.UriPrefixTable`1.RegisterUri(Uri uri, HostNameComparisonMode hostNameComparisonMode, TItem item)
   at System.ServiceModel.Channels.ConnectionOrientedTransportManager`1.Register(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.TransportChannelListener.On....

Error: (04/03/2016 01:48:42 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (04/03/2016 01:34:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 45.0.1.5918 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d78

Start Time: 01d18d188c0aa96b

Termination Time: 392

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 10757fff-f966-11e5-829a-b82a72ccd808

Faulting package full name:

Faulting package-relative application ID:

Error: (04/01/2016 05:38:31 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (03/31/2016 03:23:04 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (03/30/2016 06:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.1.5918, time stamp: 0x56e8b7df
Faulting module name: mozglue.dll, version: 45.0.1.5918, time stamp: 0x56e8a981
Exception code: 0x80000003
Fault offset: 0x0000f0ea
Faulting process id: 0x408
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (03/30/2016 11:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18155, time stamp: 0x5661aa1f
Faulting module name: ntdll.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000005
Fault offset: 0x000000000003dd8e
Faulting process id: 0x2690
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (03/29/2016 07:25:03 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (03/27/2016 06:12:02 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (03/27/2016 06:07:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5e10

Start Time: 01d187a3363769a4

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: f9f211bd-f40b-11e5-829a-b82a72ccd808

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (04/13/2016 02:12:56 AM) (Source: DCOM) (EventID: 10010) (User: MYDELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/13/2016 02:12:56 AM) (Source: DCOM) (EventID: 10010) (User: MYDELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/11/2016 06:02:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xffffe001042fb3d0, 0xfffff800c10dcc04, 0xffffffffc0000001, 0x0000000000000003)C:\WINDOWS\MEMORY.DMP041116-27656-01

Error: (04/11/2016 06:02:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:55:28 PM on ‎4/‎11/‎2016 was unexpected.

Error: (04/07/2016 04:18:27 AM) (Source: DCOM) (EventID: 10010) (User: MYDELL)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/07/2016 04:18:27 AM) (Source: DCOM) (EventID: 10010) (User: MYDELL)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/03/2016 07:13:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:01:47 PM on ‎4/‎3/‎2016 was unexpected.

Error: (04/01/2016 11:09:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (04/01/2016 03:50:47 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (04/01/2016 03:50:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll


CodeIntegrity:
===================================
  Date: 2016-04-07 12:39:49.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-07 12:39:49.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-07 12:39:48.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-07 12:39:45.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-07 12:39:44.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-06 05:51:51.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-06 05:51:50.743
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-06 05:51:50.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-06 05:51:49.711
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-06 05:51:49.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 55%
Total physical RAM: 3512.56 MB
Available physical RAM: 1567.21 MB
Total Virtual: 7096.56 MB
Available Virtual: 4504.54 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.98 GB) (Free:402.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BB28E042)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by hamluis, 14 April 2016 - 05:18 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 AM

Posted 15 April 2016 - 01:18 PM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
When you ran FRST two logs where made. You have posted the Addition.txt. There should be a log named FRST.txt on your desktop or where FRST is located. Can you please post that log for my review.

Edited by fireman4it, 15 April 2016 - 01:19 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 17 April 2016 - 10:49 AM

Hello

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
When you ran FRST two logs where made. You have posted the Addition.txt. There should be a log named FRST.txt on your desktop or where FRST is located. Can you please post that log for my review.

 

Thanks for responding to my request for assistance.  I have only now just seen your instructions including to not remove any files and I am not sure if I may have removed some files or not.  I recall at some point getting a message that a program was interfering with  another program  and I'm not sure if I made changes or tried to after that.   I'm sorry I spend a great deal of time on my computer and after a while it all starts to run together as to what I remember.  I might have removed a browser (Maxthon) as it wasn't working properly also.     I hope this is the log you requested.   If you would like me to rerun the test since I'm not sure, please let me know and I will do so ASAP.  If there is any other information you need please advise, Thanks.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Anne (administrator) on MYDELL (14-04-2016 10:09:59)
Running from C:\Users\Anne\Desktop
Loaded Profiles: Anne (Available Profiles: Anne & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKU\S-1-5-21-1818071923-735345186-3340230363-1002\...\Run: [Dropbox Update] => C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-26] (Dropbox, Inc.)
HKU\S-1-5-21-1818071923-735345186-3340230363-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anne\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-09-21]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-06-24] ()
Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CB060F0E-1290-4074-A592-3A50C919FC71}: [DhcpNameServer] 172.5.1.171
Tcpip\..\Interfaces\{CEF2297A-D7F0-4D22-AEE5-F720824EC65F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1818071923-735345186-3340230363-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1818071923-735345186-3340230363-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1818071923-735345186-3340230363-1002 -> DefaultScope {1F56B519-4D7B-428A-8ADB-AA4B82317FC8} URL =

FireFox:
========
FF ProfilePath: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.youtube.com/subscription_manager
hxxps://www.youtube.com/watch?v=XjgVlUHtS6E
hxxps://forums.malwarebytes.org/index.php?%2Fforum%2F7-malware-removal-help%2F%3Futm_source=facebook&utm_medium=social
hxxps://mail.google.com/mail/u/0/?tab=cm#inbox/1540514b133ef9eb
hxxps://www.youtube.com/watch?v=bYczNrUGXok&nohtml5=False
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\searchplugins\amazon-search-suggestions.xml [2015-11-06]
FF SearchPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\searchplugins\google-default.xml [2015-12-23]
FF SearchPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\searchplugins\ixquick-https.xml [2015-12-23]
FF Extension: Show my Password - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2015-05-28]
FF Extension: Imgur Uploader - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\giorgio@gilestro.tk.xpi [2015-05-28]
FF Extension: Open In Chrome - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\openinchrome@griffeltavla.wordpress.com.xpi [2015-09-01]
FF Extension: NewScrollbars (aka NoiaScrollbars) - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\NoiaScrollbars@ArisT2_Noia4dev.xpi [2016-03-01]
FF Extension: Screengrab (fix version) - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-03-16]
FF Extension: FirefoxAdKiller - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2016-03-30]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\artur.dubovoy@gmail.com [2016-04-01]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-04-06]
FF Extension: Classic Theme Restorer - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-04-08]
FF Extension: Adguard AdBlocker - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\Extensions\adguardadblocker@adguard.com.xpi [2016-03-30]
FF Extension: Classic Toolbar Buttons - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2016-04-08]
FF Extension: cyscon Security Shield - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\Extensions\cyscon-phishing-protection@patugo.com.xpi [2016-03-20]
FF Extension: Old Default Image Style - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\Extensions\olddefaultimagestyle@dagger2-addons.mozilla.org.xpi [2015-05-28]
FF Extension: Open With Google Chrome - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\Extensions\{3cc6c6ba-654c-417e-a8af-6997ac388ae1}.xpi [2016-04-06]
FF Extension: Theme Font & Size Changer - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\ho763sai.THIRD PROFILE\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2016-04-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://gmail/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxp://trees.ancestry.com/tree/34674012","hxxps://mail.aol.com/webmail-std/en-us/suite"
CHR Profile: C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Google Docs) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Google Drive) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Kate Spade) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc [2016-02-24]
CHR Extension: (Google Search) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Google Sheets) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Gmail) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2014-01-23] (Broadcom Corporation.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-04-10] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264904 2015-04-10] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2014-01-23] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-23] (Broadcom Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-04-12] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 10:09 - 2016-04-14 10:10 - 00018434 _____ C:\Users\Anne\Desktop\FRST.txt
2016-04-14 10:09 - 2016-04-14 10:09 - 00000000 ____D C:\FRST
2016-04-14 10:08 - 2016-04-14 10:08 - 02375168 _____ (Farbar) C:\Users\Anne\Desktop\FRST64.exe
2016-04-13 19:43 - 2016-04-13 19:47 - 00000000 ____D C:\Users\Anne\Desktop\04132016 pics
2016-04-11 18:02 - 2016-04-11 18:02 - 01664952 _____ C:\WINDOWS\Minidump\041116-27656-01.dmp
2016-04-11 18:01 - 2016-04-11 18:01 - 427824685 _____ C:\WINDOWS\MEMORY.DMP
2016-04-10 19:05 - 2016-04-10 19:05 - 01478534 _____ C:\Users\Anne\Desktop\pet sentry manual 2016.pdf
2016-04-08 17:14 - 2016-04-08 17:14 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-08 16:50 - 2016-04-08 16:50 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-03 11:48 - 2016-04-13 14:18 - 00000000 ____D C:\Users\Anne\Desktop\pics use soon
2016-03-28 00:29 - 2016-03-28 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-28 00:29 - 2016-03-28 00:29 - 00000000 ____D C:\Program Files\iTunes
2016-03-28 00:29 - 2016-03-28 00:29 - 00000000 ____D C:\Program Files\iPod
2016-03-28 00:29 - 2016-03-28 00:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-28 00:25 - 2016-03-28 00:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-28 00:25 - 2016-03-28 00:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-25 16:54 - 2016-03-25 16:54 - 00004022 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-03-25 16:54 - 2016-03-25 16:54 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-03-25 16:54 - 2016-03-25 16:54 - 00003332 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-03-25 16:54 - 2016-03-25 16:54 - 00003212 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-03-25 16:54 - 2016-03-25 16:54 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-03-25 16:54 - 2016-03-25 16:54 - 00000000 ____D C:\Program Files\Dell Support Center
2016-03-25 14:11 - 2016-04-11 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-25 14:11 - 2016-03-25 14:11 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-25 14:10 - 2016-03-25 14:11 - 00242128 _____ C:\Users\Anne\Downloads\Firefox Setup Stub 45.0.1.exe
2016-03-20 16:45 - 2016-03-20 16:46 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Maxthon3
2016-03-20 16:45 - 2016-03-20 16:45 - 00003576 _____ C:\WINDOWS\System32\Tasks\Maxthon Update
2016-03-20 16:45 - 2016-03-20 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2016-03-20 16:45 - 2016-03-20 16:45 - 00000000 ____D C:\Program Files (x86)\Maxthon
2016-03-18 21:40 - 2016-04-13 14:18 - 00000000 ____D C:\Users\Anne\Desktop\TEMP
2016-03-18 05:22 - 2016-03-08 02:00 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-18 05:22 - 2016-03-08 02:00 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-18 05:21 - 2016-03-18 05:21 - 00410896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-17 22:58 - 2016-02-20 10:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-17 22:58 - 2016-02-20 10:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-17 22:58 - 2016-02-20 10:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-17 22:58 - 2016-02-20 10:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-17 22:58 - 2016-02-20 10:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-17 22:58 - 2016-02-20 10:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-17 22:58 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-17 22:58 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-17 22:58 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-17 22:58 - 2016-02-08 15:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-17 22:58 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-17 22:58 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-17 22:58 - 2016-02-08 15:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-17 22:58 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-17 22:58 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-17 22:58 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-17 22:58 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-17 22:58 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-17 22:58 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-17 22:58 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-17 22:58 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-17 22:58 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-17 22:58 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-17 22:58 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-17 22:58 - 2016-02-08 13:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-17 22:58 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-17 22:58 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-17 22:58 - 2016-02-08 12:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-17 22:58 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-17 22:58 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-17 22:58 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-17 22:58 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-17 22:58 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-17 22:58 - 2016-02-08 12:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-17 22:58 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-17 22:58 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-17 22:58 - 2016-02-05 14:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-17 22:58 - 2016-01-06 13:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-03-17 22:58 - 2015-12-30 16:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-17 22:57 - 2016-02-12 14:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-17 22:57 - 2016-02-12 10:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-17 22:57 - 2016-02-12 09:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-17 22:57 - 2016-02-12 09:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-17 22:57 - 2016-02-12 09:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-17 22:57 - 2016-02-12 09:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-17 22:57 - 2016-02-12 09:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-17 22:57 - 2016-02-12 09:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-17 22:57 - 2016-02-12 09:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-17 22:57 - 2016-02-12 09:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-17 22:57 - 2016-02-12 09:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-17 22:57 - 2016-02-12 09:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-17 22:57 - 2016-02-06 13:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-17 22:57 - 2016-02-05 09:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-17 22:57 - 2016-02-05 09:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-17 22:57 - 2016-02-05 09:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-17 22:57 - 2016-02-05 09:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-17 22:57 - 2016-02-03 15:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-17 22:57 - 2016-02-03 15:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-17 22:57 - 2016-02-03 10:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-17 22:57 - 2016-02-03 10:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-17 22:57 - 2016-02-03 10:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-17 22:57 - 2016-01-24 13:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-03-17 22:57 - 2016-01-24 13:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-17 22:57 - 2016-01-24 13:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-03-17 22:57 - 2016-01-24 06:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-03-17 22:57 - 2016-01-24 06:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-03-17 22:57 - 2016-01-08 20:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-03-17 22:57 - 2016-01-06 18:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-03-17 22:57 - 2016-01-06 18:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-17 22:57 - 2016-01-06 11:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-17 22:57 - 2016-01-05 10:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-17 22:57 - 2015-12-20 09:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-17 22:57 - 2015-12-20 09:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-17 22:57 - 2015-11-19 09:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-17 22:57 - 2015-11-19 09:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-03-17 22:56 - 2016-02-11 09:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-17 22:56 - 2016-02-11 09:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-03-17 22:56 - 2016-02-11 09:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-17 22:56 - 2016-02-11 09:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-03-17 22:56 - 2016-02-05 14:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-17 22:56 - 2016-02-05 14:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-17 22:56 - 2016-02-05 10:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-17 22:56 - 2016-02-05 10:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-17 22:56 - 2016-02-04 13:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-17 22:56 - 2016-02-04 13:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-17 22:56 - 2016-02-04 12:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-17 22:56 - 2016-02-04 12:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-17 22:56 - 2016-01-10 11:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-17 22:56 - 2016-01-10 11:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-17 22:56 - 2016-01-08 20:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-03-17 22:56 - 2016-01-08 20:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-03-17 22:56 - 2015-12-30 15:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-03-17 22:56 - 2015-12-20 09:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-17 22:54 - 2016-02-06 11:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-17 22:54 - 2016-02-06 11:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-17 22:54 - 2016-02-04 13:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-17 22:54 - 2016-02-04 12:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-17 22:54 - 2016-02-04 12:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-17 22:54 - 2016-01-31 14:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-17 22:53 - 2016-01-15 11:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-17 22:53 - 2016-01-15 11:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 10:05 - 2016-01-02 18:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-14 10:03 - 2015-05-31 19:26 - 00000000 ____D C:\Users\Anne\AppData\LocalLow\Temp
2016-04-14 09:55 - 2015-05-25 23:36 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1818071923-735345186-3340230363-1002
2016-04-14 09:49 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-14 09:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-14 02:12 - 2015-05-26 23:02 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1818071923-735345186-3340230363-1002UA.job
2016-04-13 23:48 - 2016-01-01 17:45 - 00000000 ____D C:\Users\Anne\Desktop\PICS TO USE
2016-04-13 22:37 - 2016-01-04 19:11 - 00000000 ___HD C:\Users\Anne\Desktop\.picasaoriginals
2016-04-13 21:12 - 2015-05-26 23:02 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1818071923-735345186-3340230363-1002Core.job
2016-04-13 19:50 - 2014-03-18 04:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 19:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-13 19:48 - 2016-02-10 20:21 - 00000000 ____D C:\Users\Anne\Desktop\MISC PICS
2016-04-13 13:55 - 2016-02-06 14:04 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-13 13:54 - 2015-05-22 23:33 - 00000000 ___DO C:\Users\Anne\OneDrive
2016-04-13 02:13 - 2015-05-25 23:04 - 00000000 ____D C:\Users\Anne
2016-04-12 21:44 - 2015-05-22 23:24 - 00000000 ___RD C:\Users\Anne\Dropbox
2016-04-12 10:35 - 2016-01-20 23:18 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-11 20:32 - 2015-06-03 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-11 18:13 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-11 18:12 - 2015-05-30 16:22 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-04-11 18:12 - 2015-05-30 16:22 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-04-11 18:05 - 2014-09-21 16:57 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-11 18:04 - 2014-09-21 16:56 - 02223687 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-04-11 18:02 - 2015-06-25 22:53 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-11 18:02 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-08 17:15 - 2015-05-26 22:22 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Dropbox
2016-04-08 10:05 - 2016-01-02 18:28 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-31 05:34 - 2015-05-26 23:02 - 00000000 ____D C:\Users\Anne\AppData\Local\Dropbox
2016-03-31 05:00 - 2015-08-22 22:53 - 00000000 ____D C:\Users\Anne\Desktop\ANCESTRY
2016-03-28 00:29 - 2015-06-25 00:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-28 00:25 - 2015-06-25 00:07 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-26 22:27 - 2015-06-26 19:18 - 00000000 ____D C:\Users\Anne\Desktop\COMPUTER STUFF
2016-03-25 16:54 - 2014-09-21 16:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-25 16:53 - 2015-06-25 22:57 - 00000000 ____D C:\ProgramData\PCDr
2016-03-23 19:34 - 2015-05-28 18:13 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-03-21 18:57 - 2016-01-20 23:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-20 05:44 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-19 22:55 - 2015-05-30 19:30 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-18 06:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-18 05:17 - 2015-05-30 16:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-18 05:10 - 2015-05-30 14:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-18 05:06 - 2015-05-30 14:01 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-17 22:58 - 2015-06-16 13:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-17 21:29 - 2014-09-21 16:28 - 00000000 ____D C:\Users\Administrator
2016-03-17 21:28 - 2016-03-09 04:29 - 00000000 ____D C:\Users\Anne\Desktop\st lukes pymts
2016-03-17 21:28 - 2015-05-30 16:22 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-03-17 21:28 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media
2016-03-17 21:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-17 21:28 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-17 21:17 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration

==================== Files in the root of some directories =======

2014-09-21 16:19 - 2014-09-21 16:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-21 16:44 - 2014-09-21 16:45 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-21 16:40 - 2014-09-21 16:41 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-21 16:41 - 2014-09-21 16:42 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-21 16:43 - 2014-09-21 16:44 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-21 16:39 - 2014-09-21 16:40 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-12 13:05

==================== End of FRST.txt =====================================================


Edited by JayJax, 17 April 2016 - 11:04 AM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 AM

Posted 18 April 2016 - 08:39 AM

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

2.

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 18 April 2016 - 11:24 AM

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

 

2.

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

 

 

FOR SOME REASON I cannot download the Adware Cleaner Program - it never starts downloading not sure why?

 

 

NEVERMIND - I went to the authori's site and was able to download the Adware Cleaner


Edited by JayJax, 18 April 2016 - 11:27 AM.


#6 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 18 April 2016 - 11:45 AM

I got a pop-up notice after running the Adware Cleaner that no malicious programs were found nonetheless I went ahead and followed your directions and the computer was restarted and here is the report after restart:

 

# AdwCleaner v5.112 - Logfile created 18/04/2016 at 11:37:04
# Updated 17/04/2016 by Xplode
# Database : 2016-04-17.1 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Anne - MYDELL
# Running from : C:\Users\Anne\Desktop\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [679 bytes] - [18/04/2016 11:37:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1553 bytes] - [18/08/2015 16:36:40]
C:\AdwCleaner\AdwCleaner[S2].txt - [637 bytes] - [25/12/2015 20:44:51]
C:\AdwCleaner\AdwCleaner[S3].txt - [637 bytes] - [20/01/2016 22:46:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [968 bytes] ##########



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 AM

Posted 18 April 2016 - 11:51 AM

The emsisoft log?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 18 April 2016 - 11:59 AM

The emsisoft log?

 

I am currently running the EMSISOFT and will post results shortly thanks.



#9 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 18 April 2016 - 12:09 PM

Here is the EMSISOFT LOG:

 

Emsisoft Emergency Kit - Version 11.0
Last update: 04/18/2016 11:56:15 AM
User account: MYDELL\Anne

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    04/18/2016 11:56:40 AM
Value: HKEY_USERS\S-1-5-21-1818071923-735345186-3340230363-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1818071923-735345186-3340230363-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    76061
Found    2

Scan end:    04/18/2016 12:07:26 PM
Scan time:    0:10:46

Value: HKEY_USERS\S-1-5-21-1818071923-735345186-3340230363-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1818071923-735345186-3340230363-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     Setting.DisableTaskMgr (A)

Quarantined    2



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 AM

Posted 18 April 2016 - 12:19 PM

1.

Download 51a46ae42d560-malwarebytes_anti_malware. MalwareBytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.


  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.


  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 18 April 2016 - 02:48 PM

1.

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.


  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.


  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.

 

It appears the MalwareBytes has finished running but somehow I can't find the log - is there anyway to get it back or do I need to scan again?   

 

I decided to repeat the scan and its now underway.

 

 

I ran the scan again and it never says anything about a log or the results - It says again SCAN NOW.

 

 

I access the Application Log and check mark the Scan Log but there is no choice to view only DELETE or DELETE ALL.

 

So I cannot paste the report because I cannot view it.


Edited by JayJax, 18 April 2016 - 04:37 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 AM

Posted 18 April 2016 - 04:29 PM

 

  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 18 April 2016 - 06:42 PM

 

 

  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file

 

I did restart as you specified but when I pull up the application log under history and checkmark the log of today's date I have two options presented: DELETE or DELETE ALL - there is no "view"?



#14 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:11:28 AM

Posted 18 April 2016 - 08:15 PM

I was able to find the file - there is no button/tab it is the little icon next to the list that enables the view and at the bottom there is an export key so I'm pretty sure this is what  you have asked me to post.

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 04/18/2016 11:39 AM, SYSTEM, MYDELL, Protection, IsLicensed, 13,
Protection, 04/18/2016 11:39 AM, SYSTEM, MYDELL, Protection, Malware Protection, Stopping,
Protection, 04/18/2016 11:39 AM, SYSTEM, MYDELL, Protection, Malware Protection, Stopped,
Update, 04/18/2016 2:06 PM, SYSTEM, MYDELL, Manual, Rootkit Database, 2016.2.8.1, 2016.4.17.1,
Update, 04/18/2016 2:06 PM, SYSTEM, MYDELL, Manual, Remediation Database, 2016.2.12.1, 2016.4.12.1,
Update, 04/18/2016 2:06 PM, SYSTEM, MYDELL, Manual, Domain Database, 2016.2.16.8, 2016.4.18.6,
Update, 04/18/2016 2:06 PM, SYSTEM, MYDELL, Manual, Malware Database, 2016.2.16.6, 2016.4.18.5,
Update, 04/18/2016 2:06 PM, SYSTEM, MYDELL, Manual, IP Database, 2016.2.8.1, 2016.4.7.1,
Scan, 04/18/2016 2:33 PM, SYSTEM, MYDELL, Manual, Start:04/18/2016 2:06 PM, Duration:27 min 11 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Scan, 04/18/2016 3:19 PM, SYSTEM, MYDELL, Manual, Start:04/18/2016 2:48 PM, Duration:30 min 10 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 AM

Posted 20 April 2016 - 06:35 AM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users