Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Redirect Malware Problem


  • This topic is locked This topic is locked
17 replies to this topic

#1 UserTyler

UserTyler

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 25 May 2016 - 03:06 AM

Friends at Bleeping Computer,

 

I’m experiencing a very irritating problem on one of my company’s computers.  It actually appears to be the same problem as described in this forum post (http://www.bleepingcomputer.com/forums/t/590266/really-annoying-adware-issue/), although the topic starter never verified what his fix was.  To describe my problem specifically, my computer appears to have some kind of malware, virus, etc. that is causing tabs to automatically open in Chrome and Firefox (mostly Chrome, and I haven’t seen the problem yet in Internet Explorer) and redirect to various URLs.  So far, I have seen redirects to pages under the following domains:

 

promote.buy-targeted-traffic.com

2080.hit.buy-targeted.traffic.com

oziris.zerohorizon.net

orion.zerohorizon.net

thefitmom.org

call.api.bidmatic.com

 

I've run scans from Windows Defender, Avast and Malwarebytes, but none of them found a cause for this issue.  I’ve Googled this problem extensively, but all I seem to find are untrustworthy-looking websites that make inappropriate suggestions for a problem like this and push shady-looking malware removal software.  Because the forum post above is so similar to mine, I have followed the same instructions that were initially given to him.  I have attached two screenshots of the websites that pop up, and you will see below the two Farbar Recovery Scan Tool logs (FRST.txt and Addition.txt).

 

Another request in the referenced forum post was to try Incognito Mode.  I have done that, and I haven’t seen any redirects yet, but I’ve only had that window open for about 20 minutes, and they don’t always show up in that time.

 

I have also posted below the results of the Farbar’s MiniToolBox log (MTB.txt), and I have attached a zipped Summary.nfo file.

 

I followed the instructions in the referenced forum because that user’s problem appears to be identical to mine, as well as in the name of saving time.  If your recommendations don’t match the ones I followed, I’m happy to scrap them and go through your instructions.  I need to try to have this cleaned within the next couple of days, so I will pay close attention for replies to this post.

 

Thank you in advance for your help.

 

Tyler

 

 

===============================================

Farbar Recovery Scan Tool - FRST.txt

===============================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-05-2016 01
Ran by Laura (administrator) on LAURAWORK (25-05-2016 00:55:17)
Running from C:\Users\Laura\Desktop
Loaded Profiles: Laura & QBDataServiceUser26 (Available Profiles: Laura & QBDataServiceUser24 & QBDataServiceUser26)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBDBMgrN.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBW32.EXE
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-08-19] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\Run: [BingSvc] => C:\Users\Laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-08] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-23] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-04-08]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-04-08]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2016-04-08]
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-04-08]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-07-18]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{153BBC69-0AA9-4B71-A650-2D01BF2D74E7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5532254A-E604-4EE6-9B6C-06EC27E4FDDC}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
URLSearchHook: [S-1-5-21-2209021274-3015736152-1140316453-1007] ATTENTION => Default URLSearchHook is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-23] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-23] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\HelpAsyncPluggableProtocol.dll [2016-02-11] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\njb6eqlw.default
FF DefaultSearchEngine: Bing 
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2FDF&PC=SK2F&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\njb6eqlw.default\searchplugins\bingp.xml [2016-04-08]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => No File
CHR Profile: C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-14]
CHR Extension: (Google Search) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Bing) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-04-08]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-23]
CHR Extension: (Skype) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-23] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-05-11] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [508936 2016-05-11] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-02-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-08-19] (Intuit Inc.) [File not signed]
R3 QuickBooksDB26; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBDBMgrN.exe [127792 2016-02-11] (Intuit, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-23] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-25 00:55 - 2016-05-25 00:55 - 00032286 _____ C:\Users\Laura\Desktop\FRST.txt
2016-05-25 00:54 - 2016-05-25 00:55 - 00000000 ____D C:\FRST
2016-05-25 00:53 - 2016-05-25 00:53 - 02382848 _____ (Farbar) C:\Users\Laura\Desktop\FRST64.exe
2016-05-24 17:28 - 2016-05-24 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-24 01:09 - 2016-05-24 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-24 01:08 - 2016-05-24 01:08 - 06882192 _____ (Piriform Ltd) C:\Users\Laura\Downloads\ccsetup517.exe
2016-05-23 19:02 - 2016-05-23 19:02 - 00001088 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-23 19:02 - 2016-05-23 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-05-23 18:59 - 2016-05-25 00:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-23 18:59 - 2016-05-23 18:59 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-23 18:50 - 2016-05-23 18:50 - 00003892 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1464051006
2016-05-23 18:49 - 2016-05-23 18:49 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-05-23 18:48 - 2016-05-23 18:48 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-05-23 18:48 - 2016-05-23 18:48 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-05-23 18:48 - 2016-05-23 18:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2016-05-23 18:48 - 2016-05-23 18:48 - 00000000 ____D C:\Users\Laura\AppData\Roaming\AVAST Software
2016-05-23 18:48 - 2016-05-23 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-05-23 18:48 - 2016-05-23 18:48 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-23 18:47 - 2016-05-23 18:47 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-05-23 18:47 - 2016-05-23 18:47 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-05-23 18:47 - 2016-05-23 18:47 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-05-23 18:47 - 2016-05-23 18:47 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-05-23 18:47 - 2016-05-23 18:47 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-05-23 18:47 - 2016-05-23 18:47 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-05-23 18:47 - 2016-05-23 18:47 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-05-23 18:47 - 2016-05-23 18:47 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-05-23 18:47 - 2016-05-23 18:47 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-05-23 18:47 - 2016-05-23 18:47 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-05-23 18:46 - 2016-05-23 18:49 - 00000000 ____D C:\Program Files\AVAST Software
2016-05-23 18:45 - 2016-05-23 18:49 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-20 17:01 - 2016-05-20 17:01 - 00025497 _____ C:\Users\Laura\Downloads\Tax Information Request - 2015 (4).xlsx
2016-05-20 17:01 - 2016-05-20 17:01 - 00025497 _____ C:\Users\Laura\Downloads\Tax Information Request - 2015 (3).xlsx
2016-05-20 16:54 - 2016-05-20 16:54 - 00025497 _____ C:\Users\Laura\Downloads\Tax Information Request - 2015 (2).xlsx
2016-05-20 14:01 - 2016-05-20 14:01 - 06651141 _____ C:\Users\Laura\Downloads\Rankin Purchase Nafta Stock signed.pdf
2016-05-20 10:48 - 2016-05-20 10:48 - 00126976 _____ C:\Users\Laura\Downloads\R9 Loreto Financials Statements Dec  2015 USA rev 1 (1).xls
2016-05-20 10:29 - 2016-05-20 10:29 - 00126464 _____ C:\Users\Laura\Downloads\R9 VASP Financials Statements Dec 2015 USA rev 1.xls
2016-05-20 10:28 - 2016-05-20 10:28 - 00126976 _____ C:\Users\Laura\Downloads\R9 Loreto Financials Statements Dec  2015 USA rev 1.xls
2016-05-20 10:22 - 2016-05-20 10:22 - 00025497 _____ C:\Users\Laura\Downloads\Tax Information Request - 2015 (1).xlsx
2016-05-20 10:01 - 2016-05-20 10:01 - 00011474 _____ C:\Users\Laura\Downloads\FBAR Bank Acc. information 2015.xlsx
2016-05-14 10:02 - 2016-05-11 14:08 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-14 10:02 - 2016-05-11 14:08 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 00:02 - 2016-04-22 14:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 00:02 - 2016-04-22 14:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 00:02 - 2016-04-22 14:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 00:02 - 2016-04-22 14:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 00:02 - 2016-04-22 14:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 00:02 - 2016-04-22 14:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 00:02 - 2016-04-22 13:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 00:02 - 2016-04-22 13:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 00:02 - 2016-04-22 13:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-11 00:02 - 2016-04-22 13:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 00:02 - 2016-04-22 13:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 00:02 - 2016-04-22 13:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-11 00:02 - 2016-04-22 13:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-11 00:02 - 2016-04-22 13:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-11 00:02 - 2016-04-22 13:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-11 00:02 - 2016-04-22 13:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-11 00:02 - 2016-04-22 12:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 00:02 - 2016-04-22 12:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-11 00:02 - 2016-04-22 12:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 00:02 - 2016-04-22 12:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-11 00:02 - 2016-04-22 12:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-11 00:02 - 2016-04-22 12:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-11 00:02 - 2016-04-22 12:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-11 00:02 - 2016-04-22 12:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-11 00:02 - 2016-04-22 12:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 00:02 - 2016-04-22 12:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-11 00:02 - 2016-04-22 12:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-11 00:02 - 2016-04-22 12:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 00:02 - 2016-04-22 12:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-11 00:02 - 2016-03-31 00:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 00:02 - 2016-03-30 21:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 00:01 - 2016-04-09 22:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 00:01 - 2016-04-09 22:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 00:01 - 2016-04-09 15:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 00:01 - 2016-04-09 15:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 00:01 - 2016-04-06 15:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-11 00:01 - 2016-04-06 15:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-11 00:01 - 2016-04-06 12:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-11 00:01 - 2016-04-06 12:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-11 00:01 - 2016-04-06 12:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-11 00:01 - 2016-04-06 11:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-11 00:01 - 2016-04-06 11:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-11 00:01 - 2016-04-06 10:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-11 00:01 - 2016-04-06 10:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 00:01 - 2016-04-06 10:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-11 00:01 - 2016-04-06 09:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 00:01 - 2016-03-28 19:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 00:00 - 2016-04-11 00:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-11 00:00 - 2016-04-10 01:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 00:00 - 2016-04-10 01:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 00:00 - 2016-04-09 23:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 00:00 - 2016-04-09 22:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 00:00 - 2016-04-09 17:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-11 00:00 - 2016-04-09 16:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 00:00 - 2016-03-15 19:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-11 00:00 - 2016-03-15 19:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-11 00:00 - 2016-03-14 10:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-11 00:00 - 2016-03-11 18:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 00:00 - 2016-03-11 18:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-11 00:00 - 2016-03-11 18:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-11 00:00 - 2016-03-10 11:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-11 00:00 - 2016-03-10 10:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-11 00:00 - 2016-03-10 10:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-11 00:00 - 2016-03-10 10:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-11 00:00 - 2016-03-10 10:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-11 00:00 - 2016-03-05 11:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 00:00 - 2016-03-05 11:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 00:00 - 2016-02-27 12:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 00:00 - 2016-02-27 11:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 00:00 - 2016-02-27 11:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 00:00 - 2016-02-27 10:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-06 05:01 - 2016-05-06 05:03 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-06 05:01 - 2016-05-06 05:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-01 11:07 - 2016-05-01 11:07 - 00026112 _____ C:\Users\Laura\Downloads\SUBSTANTIAL COMPLETION LIST.xls
2016-04-29 12:54 - 2016-04-29 12:54 - 00652759 _____ C:\Users\Laura\Downloads\2015 FINCEN FORM 114.pdf
2016-04-29 12:50 - 2016-04-29 12:50 - 00025497 _____ C:\Users\Laura\Downloads\Tax Information Request - 2015.xlsx
2016-04-29 12:27 - 2016-04-29 12:27 - 00170837 _____ C:\Users\Laura\Downloads\Pettis_Notice of Perm Orders Hearing.pdf
2016-04-29 11:58 - 2016-04-29 11:58 - 00064764 _____ C:\Users\Laura\Downloads\Wells Fargo Wire Transfer Confirmation (4).pdf
2016-04-26 08:58 - 2016-05-24 16:38 - 00002345 _____ C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-25 00:45 - 2014-09-24 01:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-25 00:45 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-25 00:33 - 2013-06-28 17:07 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-25 00:04 - 2013-07-09 11:29 - 00000000 ____D C:\ProgramData\LogMeIn
2016-05-25 00:03 - 2015-08-07 14:03 - 00000939 _____ C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {25476369-804D-49BC-BB26-39AA579F34EB}.job
2016-05-25 00:03 - 2015-08-07 14:03 - 00000753 _____ C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {25476369-804D-49BC-BB26-39AA579F34EB}.job
2016-05-24 23:16 - 2016-04-08 10:12 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Skype
2016-05-24 23:08 - 2014-10-22 19:49 - 00000000 __RDO C:\Users\Laura\OneDrive
2016-05-24 23:07 - 2013-07-08 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-24 23:05 - 2016-02-05 16:17 - 00000408 _____ C:\Users\Laura\AppData\Roaming\sp_data.sys
2016-05-24 23:05 - 2013-06-28 17:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-24 19:49 - 2015-05-01 15:30 - 00000000 ____D C:\Users\Laura\AppData\Local\ClassicShell
2016-05-24 19:12 - 2015-01-24 09:43 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{00020465-E4E6-4BFB-9E32-45F4FF1DDC70}
2016-05-24 16:49 - 2013-06-20 13:04 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2209021274-3015736152-1140316453-1001
2016-05-24 16:38 - 2014-10-22 20:18 - 00003182 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2209021274-3015736152-1140316453-1001
2016-05-24 16:32 - 2016-02-05 12:41 - 00001006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-05-24 16:31 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-24 16:30 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-24 01:10 - 2016-02-19 15:47 - 00000000 ____D C:\Registry Backups
2016-05-23 23:05 - 2015-05-01 12:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-23 19:02 - 2016-04-08 10:12 - 00000000 ____D C:\ProgramData\Skype
2016-05-23 19:01 - 2016-04-08 10:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-23 18:31 - 2015-05-01 15:30 - 00000000 ____D C:\ProgramData\ClassicShell
2016-05-20 18:59 - 2016-02-19 15:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 17:08 - 2014-07-17 16:07 - 00000000 ____D C:\Users\Laura\QuickBook Company Files
2016-05-20 16:45 - 2015-08-07 14:23 - 00000000 ____D C:\Users\Laura\Desktop\Scans
2016-05-20 14:04 - 2015-05-01 13:23 - 00000000 ____D C:\Users\Laura\AppData\Local\CutePDF Writer
2016-05-20 09:57 - 2013-07-08 14:49 - 05308928 ___SH C:\Users\Laura\Desktop\Thumbs.db
2016-05-14 10:51 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 10:01 - 2013-08-22 08:44 - 00489512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-14 09:56 - 2014-12-24 15:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-14 09:56 - 2014-09-24 00:53 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 17:34 - 2013-06-28 17:07 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 17:34 - 2013-06-28 17:07 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 03:20 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 16:52 - 2016-02-05 12:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-05-11 16:51 - 2016-02-05 12:41 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2016-05-11 16:51 - 2016-02-05 12:41 - 00107008 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2016-05-11 04:00 - 2013-08-08 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 03:55 - 2013-06-22 04:07 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 23:59 - 2016-04-12 16:56 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 23:59 - 2016-04-12 16:56 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-10 23:59 - 2016-04-12 16:56 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-10 23:59 - 2016-04-12 16:56 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 23:59 - 2016-04-12 16:56 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-10 23:59 - 2016-04-12 16:56 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-10 23:59 - 2016-04-12 16:56 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-05-10 20:54 - 2015-05-15 11:36 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 18:28 - 2013-06-28 17:07 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 18:28 - 2013-06-28 17:07 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 04:10 - 2014-10-22 20:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-06 04:10 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-29 23:07 - 2013-07-18 13:09 - 00002250 ____H C:\Users\Laura\Documents\Default.rdp
2016-04-29 03:24 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 03:24 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-25 16:51 - 2013-07-09 11:29 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
 
==================== Files in the root of some directories =======
 
2013-07-29 09:31 - 2013-07-29 09:32 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-16 13:31 - 2015-10-16 13:31 - 0054382 _____ () C:\Users\Laura\AppData\Roaming\QBFileDrTool.log
2016-02-05 16:17 - 2016-05-24 23:05 - 0000408 _____ () C:\Users\Laura\AppData\Roaming\sp_data.sys
2013-12-26 14:09 - 2013-12-26 14:33 - 0000581 _____ () C:\Users\Laura\AppData\Local\cookies.ini
2014-03-02 09:19 - 2016-02-05 17:14 - 0001094 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-11-23 09:07 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-23 09:07 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-23 09:07 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\Laura\AppData\Local\Temp\BingSvc.exe
C:\Users\Laura\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Laura\AppData\Local\Temp\BSvcUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-24 16:49
 
==================== End of FRST.txt ============================

 

===============================================

Farbar Recovery Scan Tool - Addition.txt

===============================================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Laura (2016-05-25 00:55:50)
Running from C:\Users\Laura\Desktop
Windows 8.1 (Update) (X64) (2014-10-23 01:46:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2209021274-3015736152-1140316453-500 - Administrator - Disabled)
Guest (S-1-5-21-2209021274-3015736152-1140316453-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2209021274-3015736152-1140316453-1006 - Limited - Enabled)
Laura (S-1-5-21-2209021274-3015736152-1140316453-1001 - Administrator - Enabled) => C:\Users\Laura
QBDataServiceUser24 (S-1-5-21-2209021274-3015736152-1140316453-1004 - Limited - Enabled) => C:\Users\QBDataServiceUser24
QBDataServiceUser26 (S-1-5-21-2209021274-3015736152-1140316453-1007 - Limited - Enabled) => C:\Users\QBDataServiceUser26
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{5662F323-3D9C-4100-B60C-BC71B47DD0A1}) (Version: 3.10.0041 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FileExplorer-PHXLB (HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\citrix-5e6fbb92@@MHC65:FileExplorer-PHXLB) (Version: 1.0 - Delivered by Citrix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
LogMeIn (HKLM-x32\...\{921037F5-CCA7-4FC5-83AF-42CC0AF14316}) (Version: 4.1.6524 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
QuickBooks (x32 Version: 26.0.4005.2607 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 16.0 (HKLM-x32\...\{2C50460D-1179-4819-A531-880469859DF0}) (Version: 26.0.4005.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickBooks2013EGB-PHXLB (HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\citrix-5e6fbb92@@MHC65:QuickBooks2013EGB-PHXLB) (Version: 1.0 - Delivered by Citrix)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.31 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Zwinky Internet Explorer Homepage and New Tab (HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\ZwinkyTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2209021274-3015736152-1140316453-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2209021274-3015736152-1140316453-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04596D64-E3B8-4F33-BA99-2ADFB8EEDA1D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-23] (Adobe Systems Incorporated)
Task: {07C67367-8F18-4491-8F00-FBD6791FF899} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {08712D3B-2844-4B1C-B01A-DA45693C0202} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-23] (AVAST Software)
Task: {169F7EBE-DA17-4E56-B800-C2D8ACC890B9} - System32\Tasks\{58DDF4C6-1A3E-4834-B77E-979E3838732A} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {1D7157C9-1C4E-42FA-BD1D-02712D948467} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {3BB2608F-A586-4B14-A5FF-91755734B893} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-05-23] (AVAST Software)
Task: {44BC669A-6489-47FB-9B11-2E5E371EC277} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {5C76A847-8842-4536-804C-562890132807} - System32\Tasks\EPSON WF-3640 Series Invitation {25476369-804D-49BC-BB26-39AA579F34EB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {637D9C6B-FED2-4532-946C-99A2F0246D4C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {66E959FD-4E75-449E-BFE8-8E04BD16F7CD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2209021274-3015736152-1140316453-1001 => C:\Users\Laura\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-24] (Microsoft Corporation)
Task: {6F1E8524-99CB-4BE2-A564-6FD527F331C1} - System32\Tasks\{07ADD326-D868-4BBA-80A1-6191B4AC08B2} => pcalua.exe -a "C:\Program Files (x86)\TeamViewer\uninstall.exe"
Task: {7BBB364A-5090-46C5-9ED0-0E7D16397581} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {7C0F5A5A-3038-49AA-963A-FA0C7BCD8ABD} - System32\Tasks\SafeZone scheduled Autoupdate 1464051006 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {86E9CD72-1C1C-4036-B2B7-9E606D89220B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {8AED20F5-E99A-498F-ADB2-2F1D7FF9AE21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {940C2BFC-3C12-4951-BE83-04152A53BF5C} - System32\Tasks\EPSON WF-3640 Series Update {25476369-804D-49BC-BB26-39AA579F34EB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {98D321B4-2DEB-440A-B9F2-E4E4DD75C17A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {AD32E271-8999-488C-95D9-FD69C632529C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {D3069031-C924-4716-8D13-C5DAF6E55D75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {F3156D49-BAEE-42B4-82B8-71ECCABD7D2F} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {FC6C0B2C-543D-4B56-81EA-FD08ED819DA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {25476369-804D-49BC-BB26-39AA579F34EB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {25476369-804D-49BC-BB26-39AA579F34EB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{25476369-804D-49BC-BB26-39AA579F34EB} /F:UpdateWORKGROUP\LAURAWORK$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-01 13:21 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 20:01 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 06:11 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-07-03 04:35 - 2015-07-03 04:35 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-05-23 18:47 - 2016-05-23 18:47 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-23 18:47 - 2016-05-23 18:47 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-24 13:34 - 2016-05-24 13:34 - 02977888 _____ () C:\Program Files\AVAST Software\Avast\defs\16052404\algo.dll
2016-05-23 18:47 - 2016-05-23 18:47 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-23 18:47 - 2016-05-23 18:47 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2014-10-22 19:25 - 2014-10-22 19:25 - 00755712 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2014-10-22 19:25 - 2014-10-22 19:25 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-10-22 19:25 - 2014-10-22 19:25 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-10-22 19:25 - 2014-10-22 19:25 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-10-22 19:25 - 2014-10-22 19:25 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2012-12-25 14:44 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00687896 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\BackupLib.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00031512 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBCompressor.dll
2016-02-11 17:25 - 2016-02-11 17:25 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\libcef.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00655640 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\FtuEngine.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00084248 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBProActiveCore.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00099096 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBMAPILibrary.dll
2016-02-11 17:26 - 2016-02-11 17:26 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\boost_regex-vc120-mt-1_55.dll
2016-02-11 17:27 - 2016-02-11 17:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\zlib1.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00245528 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\boost_serialization-vc120-mt-1_55.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 01234712 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\FeaturesBridge.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00482072 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\RatsHelper.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00067864 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\mbpopup.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00144664 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbar.dll
2012-06-14 22:11 - 2012-06-14 22:11 - 00325968 _____ () C:\ProgramData\Microsoft\Windows\WER\lua5.1.dll
2016-05-23 18:47 - 2016-05-23 18:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-12 17:33 - 2016-05-11 05:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 17:33 - 2016-05-11 05:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-02-23 05:25 - 2016-02-23 05:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AgentMonitor"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FD338593-ECA7-4AB5-B608-4678F6E7C44D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{C0924ECC-F764-43B8-97F4-B895C0B6FBFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C53BD13-D552-4EF3-BBF3-F230887AF5BA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6A0CD6B3-6665-460B-A765-AC9FE4FBFCA2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{B0B5AB7F-8DCD-40E1-8A4E-2298B94F5C41}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{FA446DBC-0252-413E-AE2B-766929AA399A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{0E2E9AC1-A87C-479D-9747-5C4E021A5034}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{090670C1-8F8F-4974-9DBF-4E5C25DD4FBB}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{47DF513D-97BD-4882-BB0D-0CCF6F145985}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [UDP Query User{53467246-97D3-4AE7-9367-5A1B723B7AEE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{A5B4C778-EC87-4CCD-BB12-225EC12B7B55}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3B53E79E-B730-42F1-86D8-CFD033592689}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{F7397A52-5872-47C9-83C2-BD98685440B0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{57C70EA2-2904-4612-B0E8-009EE361A663}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{87F4B93F-DF02-42E7-BD6A-41DD7D4A27DE}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{3B5820E9-051A-40E9-9968-7645558AF54C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6A0078CA-DADB-4804-9BD1-2A8E8450863D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{42D6F57F-CA87-4F85-85CF-07E2E7190667}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8D5DEC00-6703-4008-82B8-D8223154FB05}] => (Allow) LPort=1900
FirewallRules: [{ECEC068A-28F7-4E64-ADD0-DD22DB3FFBEF}] => (Allow) LPort=2869
FirewallRules: [{DC69334D-7DE3-4CEF-8538-B683C24FFADD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A47D730F-2118-4341-AB50-B52862ADA2D4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{58B1F867-AC14-4681-BBA7-8F89D20760D3}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{50B75990-CF5B-4340-ADB3-A0C4889170C8}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{54511789-4012-4ED3-8118-E2C86A19AB15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8F2E2E72-C3F9-4B59-B794-1BFA364FBF2A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0906C75D-2834-42DA-9AEF-BC9E44048EA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D0EBB758-248D-4D07-98F3-667E3DB8BCB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{01D14509-D463-47C3-BBDD-B56411DAD442}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbdbmgrn.exe
FirewallRules: [{6DDA802F-C5B7-4042-B206-6A3D2FEA92C9}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbdbmgrn.exe
FirewallRules: [{31BCBF21-C644-4E2C-8F6F-16B922540BF3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbw32.exe
FirewallRules: [{EC77E300-3A63-4990-A8B2-4C378A23056D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbw32.exe
FirewallRules: [{2C76E1D8-0069-4049-AE64-DACCD95BAE53}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\dbmanagerexe.exe
FirewallRules: [{939C1B26-707F-461D-864A-692CF617334C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\dbmanagerexe.exe
FirewallRules: [{FCBF7BC3-CFAA-4E22-88E3-282096767ABE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\filemanagement.exe
FirewallRules: [{B217BE5C-412A-48D7-B23A-6275930A07B5}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\filemanagement.exe
FirewallRules: [{9983B020-D043-4181-BFF3-37D966BEC090}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{FD825CBE-F53F-4693-B27C-3651702B521A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{037A4823-297D-4B93-961F-A971C4C26B3D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{55E31CA4-F554-40F3-8677-9083769C9245}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{FC4422E9-BDED-49F2-9F5B-A0222E1F11A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4CB30DFB-55EB-4AE4-B485-09019D77A266}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F126A169-CE90-4A5A-80BA-9FA8E75824B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{617A9D7A-AB16-42B8-A4EA-C58442C696DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC84C009-4466-4B0A-A0EB-22E2D1DD7B2D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4A9EED36-0C37-4664-B086-FBA1BF552EAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DAA92455-5090-4E3C-8465-603F5727E660}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0D103A1A-3445-45A6-94DF-7CEFF11DEE1A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{F23864B1-4B2E-49F4-94AA-8DBE109AA6BB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0E8D016E-98EE-4EB2-9D4E-98261CD6C566}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DAEE2C5A-F2F9-4C28-95DA-302975E4FEDC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{90583B37-77D3-43BE-BC5C-C19B3503A5D7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B6D9D3D8-BDAE-49AD-98AE-01E349DC8EF0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F697A2F5-613E-4CE0-98D6-607639F30AD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-05-2016 20:38:37 Windows Update
11-05-2016 03:53:06 Windows Update
14-05-2016 09:55:15 Windows Update
23-05-2016 05:19:56 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Wireless-N 2230
Description: Intel® Centrino® Wireless-N 2230
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNe64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/24/2016 12:26:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (05/24/2016 12:26:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (05/24/2016 12:26:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (05/24/2016 12:26:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1
 
Error: (05/24/2016 12:26:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (05/24/2016 12:26:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (05/24/2016 12:26:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (05/24/2016 12:26:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1
 
Error: (05/24/2016 12:24:18 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (05/24/2016 12:24:18 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAURAWORK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (05/24/2016 04:00:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (05/23/2016 07:07:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (05/23/2016 06:53:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (05/06/2016 11:33:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
%%1
 
Error: (04/15/2016 12:26:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Remote Access Connection Manager service terminated with the following service-specific error: 
%%2147943860
 
Error: (04/08/2016 12:32:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (04/08/2016 12:32:33 PM) (Source: DCOM) (EventID: 10010) (User: LAURAWORK)
Description: {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA}
 
Error: (03/09/2016 08:54:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - March 2016 (KB890830).
 
Error: (03/04/2016 04:17:33 PM) (Source: DCOM) (EventID: 10010) (User: LAURAWORK)
Description: {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA}
 
Error: (02/19/2016 03:35:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-05-23 18:48:59.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-23 18:48:58.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 14:02:52.894
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 14:02:52.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 16:52:46.625
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 16:52:46.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-29 12:55:46.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-29 12:55:46.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-13 20:58:28.574
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-13 20:58:28.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8077.7 MB
Available physical RAM: 5211.15 MB
Total Virtual: 9357.7 MB
Available Virtual: 5608.15 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:676.89 GB) (Free:606.15 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 01A8A7C0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

===============================================

Farbar MiniToolBox - MTB.txt

===============================================

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Laura (administrator) on 25-05-2016 at 01:10:50
Running from "C:\Users\Laura\Desktop"
Microsoft Windows 8.1  (X64)
Model: Q400A Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)
Intel® Centrino® Wireless-N 2230 = Wi-Fi (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : LauraWork
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.co.comcast.net.
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 60-6C-66-4B-ED-57
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : hsd1.co.comcast.net.
   Description . . . . . . . . . . . : Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 74-D0-2B-01-E1-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::405d:4bf5:8be5:cd50%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.152(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 24, 2016 11:06:07 PM
   Lease Expires . . . . . . . . . . : Wednesday, May 25, 2016 11:06:07 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 259313707
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-6B-C6-F0-74-D0-2B-01-E1-5C
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 13:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:103b:2216:b3e6:faab(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::103b:2216:b3e6:faab%8(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-6B-C6-F0-74-D0-2B-01-E1-5C
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.co.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.co.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2607:f8b0:400f:803::200e
 216.58.217.46
 
 
Pinging google.com [216.58.217.46] with 32 bytes of data:
Reply from 216.58.217.46: bytes=32 time=10ms TTL=56
Reply from 216.58.217.46: bytes=32 time=11ms TTL=56
 
Ping statistics for 216.58.217.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 11ms, Average = 10ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=39ms TTL=52
Reply from 206.190.36.45: bytes=32 time=40ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 40ms, Average = 39ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...60 6c 66 4b ed 57 ......Bluetooth Device (Personal Area Network)
  4...74 d0 2b 01 e1 5c ......Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.152     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.152    276
    192.168.0.152  255.255.255.255         On-link     192.168.0.152    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.152    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.152    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.152    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6abd:103b:2216:b3e6:faab/128
                                    On-link
  4    276 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::103b:2216:b3e6:faab/128
                                    On-link
  4    276 fe80::405d:4bf5:8be5:cd50/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
  4    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
**** End of log ****
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 PM

Posted 25 May 2016 - 08:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this process in bold via the Control Panel > Programs > Programs and Features applet.
Zwinky Internet Explorer Homepage and New Tab (HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\ZwinkyTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\Run: [BingSvc] => C:\Users\Laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-08] (© 2015 Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-2209021274-3015736152-1140316453-1007] ATTENTION => Default URLSearchHook is missing
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\njb6eqlw.default\searchplugins\bingp.xml [2016-04-08]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => No File
CHR Extension: (Bing) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-04-08]
CHR Extension: (Avast Online Security) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-23]
S4 LMIRfsClientNP; no ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\Laura\AppData\Local\Microsoft\BingSvc
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
C:\Users\Laura\AppData\Local\Temp\BingSvc.exe
C:\Users\Laura\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Laura\AppData\Local\Temp\BSvcUpdater.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Please post the logs and let me know what problem persists.

#3 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 25 May 2016 - 02:29 PM

Nasdaq,

 

Thank you for your reply.  I have followed all of your instructions, but the problem persists.  After performing the clean and restarting the computer, I opened Chrome, and it wasn't 30 seconds before another website loaded (this one is in the http://app2update.softadsupgrade.online/ domain).  Below is the AdwCleaner log after I cleaned the items it found:

 

# AdwCleaner v5.118 - Logfile created 25/05/2016 at 13:15:50
# Updated 23/05/2016 by Xplode
# Database : 2016-05-25.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Laura - LAURAWORK
# Running from : C:\Users\Laura\Desktop\adwcleaner_5.118.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Laura\AppData\Roaming\download Manager

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zwinky.dl.myway.com

***** [ Web browsers ] *****

[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com
[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1771 bytes] - [25/05/2016 13:15:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [1774 bytes] - [25/05/2016 13:10:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1847 bytes] - [25/05/2016 13:14:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1990 bytes] ##########

 

Do you know of any other actions I can take to get rid of this problem?

 

Tyler



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 PM

Posted 26 May 2016 - 06:35 AM

Please post the Fixlog.txt and the AdwCleaner logs for my review.

Did you also reset Chrome as I have suggested?

#5 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 May 2016 - 12:35 PM

Nasdaq,

 

The AdwCleaner logs are in my previous post, and below is the Fixlog.txt.  Also, I did reset Chrome when you suggested it and nothing appears to have fixed the problem yet.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Laura (2016-05-25 12:56:56) Run:1
Running from C:\Users\Laura\Desktop
Loaded Profiles: Laura & QBDataServiceUser26 (Available Profiles: Laura & QBDataServiceUser24 & QBDataServiceUser26)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\...\Run: [BingSvc] => C:\Users\Laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-08] (© 2015 Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-2209021274-3015736152-1140316453-1007] ATTENTION => Default URLSearchHook is missing
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
FF SearchPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\njb6eqlw.default\searchplugins\bingp.xml [2016-04-08]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => No File
CHR Extension: (Bing) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-04-08]
CHR Extension: (Avast Online Security) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-23]
S4 LMIRfsClientNP; no ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\Laura\AppData\Local\Microsoft\BingSvc
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
C:\Users\Laura\AppData\Local\Temp\BingSvc.exe
C:\Users\Laura\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Laura\AppData\Local\Temp\BSvcUpdater.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKU\S-1-5-21-2209021274-3015736152-1140316453-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\njb6eqlw.default\searchplugins\bingp.xml => moved successfully
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => not found.
C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => not found.
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd => moved successfully
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
LMIRfsClientNP => service removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\Laura\AppData\Local\Microsoft\BingSvc => moved successfully
"C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => not found.
"C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
C:\Users\Laura\AppData\Local\Temp\BingSvc.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\BSvcProcessor.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\BSvcUpdater.exe => moved successfully
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
EmptyTemp: => 3.4 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-05-25 12:59:51)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 12:59:52 ====



#6 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 May 2016 - 01:22 PM

I'm not sure whether this will be helpful, but I want to add that a website just popped up in Internet Explorer, so I have now seen them in all three browsers installed on the computer (Chrome, IE and Firefox).



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 PM

Posted 26 May 2016 - 01:34 PM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#8 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 May 2016 - 02:12 PM

I'm running the scan now and will post the report contents as soon as it's complete.



#9 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 May 2016 - 02:32 PM

Below you will see the report from RogueKiler.  In the results, there were no entries in red (just two gray entries), so I haven't done anything to those yet,

 

RogueKiller V12.3.0.0 [May 22 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Laura [Administrator]
Started from : C:\Users\Laura\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/26/2016 13:24:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2209021274-3015736152-1140316453-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2209021274-3015736152-1140316453-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541075A9E680 +++++
--- User ---
[MBR] 74dec987ca56517407a93f7235236403
[BSP] 387e503a3a0716500845246d3caf6514 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 616448 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2459648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2721792 | Size: 693135 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1422262272 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1423183872 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK



#10 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 27 May 2016 - 01:39 AM

Nasdaq,
 
A pop-up appeared today in Internet Explorer that looks interesting.  I don't know whether this is helpful, but you'll see in the image below that IE has thrown a warning about the website the browser was trying to access, and the title of the page is, "Chrome Error 03213210x508."  I Googled that error and the only websites that contain this number are the same types of suspicious websites that I found when I started looking for a solution to my problem.  It's almost as though the malware infected all of my machine's browsers, but it was targeting Chrome.
 
I'm not sure what to make of this yet, but I thought I'd pass it along to you in case you find it helpful.

 

VYwsKA5.jpg
 
Tyler



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 PM

Posted 27 May 2016 - 06:57 AM

This is a scam do not call the telephone number listed.
Read about this issue.
https://blog.malwarebytes.org/tech-support-scams/
===



Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page. (In your case this may not be recommended.)
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Keep me posted.

#12 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 27 May 2016 - 02:57 PM

Nasdaq,

 

I didn't do anything with the warnings that were in the screenshot.  I just posted it in case there's something in it that we can learn about this problem.

 

I exported Chrome's bookmarks, uninstalled Chrome, rebooted, reinstalled Chrome and imported the bookmarks.  I haven't seen any pop-ups in the last couple of minutes, but I'll keep you posted.

 

Tyler



#13 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 27 May 2016 - 04:11 PM

I'm seeing pop-ups again.  Do you have any other ideas?  This is really frustrating!

 

Tyler



#14 UserTyler

UserTyler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 27 May 2016 - 07:37 PM

Nsasdaq,

 

I've been continuing to work on this, and Rkill found two interesting processes that it terminated:

 

C:\Windows\SysWOW64\ACEngSvr.exe (PID: 6248) [WD-HEUR]

C:\ProgramData\Microsoft\Windows\WER\wermgr.exe (PID: 6492) [AU-HEUR]

 

ACEngSvr.exe is a motherboard utility from ASUS (the manufacturer of this machine), and wermgr.exe is a Windows file that is responsible for error reporting.

 

I don't think ACEngSvr.exe is a problem, so I've ignored that for now.  I've seen a number of references to problems related to wermgr.exe (including in the post I referenced in my initial post).  It seems the legitimate Windows Error Reporting application is located in the C:\Windows\System32 folder.  I removed all of the files that are in the C:\ProgramData\Microsoft\Windows\WER\ folder (I actually zipped the files up and moved them to another location, in case they're legitimate and I need to put them back), rebooted, and I haven't seen any pop-ups over the last 30 minutes or so.

 

I'll let it run for a few hours and check back in to let you know whether it seems the problem has been solved.

 

Tyler



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 PM

Posted 28 May 2016 - 07:32 AM

Thanks.

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users