Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast pop-up http://k9x6zxj8.com/appc & /emng Chrome Malware?


  • This topic is locked This topic is locked
5 replies to this topic

#1 justmeinflorida

justmeinflorida

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pasco County, FL
  • Local time:09:19 PM

Posted 16 August 2016 - 04:20 PM

Hi Guys,

 

I'm getting pop-ups from Avast on both my laptop and my desktop pc. It's happening almost every time I open a new tab.

 

Object

http://k9x6zxj8.com/appc & http://k9x6zxj8.com/emng

 

Infection

URL: Mal

 

Process

C:\Program Files (x86)\Goggle\Chrome\Application\chrome.exe

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Michelle (administrator) on ALPHA-7VNY322 (16-08-2016 16:50:34)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle & Alpha Console)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Alienware) C:\Program Files (x86)\AlphaUI\AlphaUIWindowsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1607.1991.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11607.1001.32.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Alienware\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14038776 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-09-25] (Alienware)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-08-11] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-11] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7269cb23-d3c8-4387-8f1e-eebaba56a043}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8dcef0d4-a402-481b-8753-ec630d50a5db}: [DhcpNameServer] 10.119.4.11 10.119.4.12 163.244.235.81
 
Internet Explorer:
==================
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc278
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-us
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKU\S-1-5-21-3669251615-1622248423-747821092-1001 -> DefaultScope {21AF9E48-7075-4B57-B7FB-375E008FD315} URL = 
SearchScopes: HKU\S-1-5-21-3669251615-1622248423-747821092-1001 -> {21AF9E48-7075-4B57-B7FB-375E008FD315} URL = 
 
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3669251615-1622248423-747821092-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-09] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchcore.net/426
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406","hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN32611438319575117&UM=2","hxxp://search.conduit.com/?ctid=CT2998365&SearchSource=48&CUI=UN29013497362090373&UM=2","hxxp://search.conduit.com/?ctid=CT3287530&SearchSource=48&CUI=UN22487740541524617&UM=2","hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN37665290681786783&UM=2","hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-13]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-13]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Ebates Cash Back) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-08-01]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-11]
CHR Extension: (ZipArcade) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdhjmlocoglfmofdbbedcpflikfhilh [2016-08-11]
CHR Extension: (Avast SafePrice) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-16]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-13]
CHR Extension: (PicMonkey) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2016-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-14]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-07]
CHR Extension: (Google Mail Checker) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-05-13]
CHR Extension: (Yumprint) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboinfelnglhdhgchcmomigiddalpjka [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-13]
CHR HKU\S-1-5-21-3669251615-1622248423-747821092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [14568 2014-09-25] (Alienware)
S2 AlphaService; C:\Program Files (x86)\AlphaUI\AlphaService.exe [53120 2015-04-06] ()
R2 AlphaUIWindowsService; C:\Program Files (x86)\AlphaUI\AlphaUIWindowsService.exe [35200 2015-04-06] (Alienware)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-08-11] (AVAST Software)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [337408 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_9a1965; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_9a1965; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [803840 2016-07-16] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [141312 2016-07-16] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [614912 2016-07-16] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_9a1965; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_9a1965; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
R3 AlphaMouse; C:\Windows\System32\drivers\AlphaMouse.sys [20416 2014-08-13] (Alienware)
R1 AlphaXboxFilter; C:\Windows\System32\drivers\AlphaXboxFilter.sys [48056 2015-03-30] (Alienware)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-08-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-11] (AVAST Software)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-07-16] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel® Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [45920 2016-07-16] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2016-01-09] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-07-16] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-16 16:50 - 2016-08-16 16:51 - 00026541 _____ C:\Users\Michelle\Downloads\FRST.txt
2016-08-16 16:50 - 2016-08-16 16:50 - 00000000 ____D C:\FRST
2016-08-16 16:48 - 2016-08-16 16:49 - 02394624 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2016-08-12 07:16 - 2016-08-12 07:16 - 00000000 ___HD C:\OneDriveTemp
2016-08-12 07:12 - 2016-08-12 07:12 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-12 07:09 - 2016-08-12 07:10 - 00000000 ____D C:\Users\Michelle\AppData\Local\ConnectedDevicesPlatform
2016-08-12 07:09 - 2016-08-12 07:09 - 00000020 ___SH C:\Users\Michelle\ntuser.ini
2016-08-12 06:57 - 2016-08-12 04:02 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-12 06:53 - 2016-08-12 06:53 - 00000000 ____D C:\Windows.old
2016-08-12 06:52 - 2016-08-12 06:52 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-12 06:52 - 2016-08-12 06:52 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-12 06:52 - 2016-08-12 06:52 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-12 06:52 - 2016-08-12 06:52 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-12 06:52 - 2016-08-12 06:52 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-12 06:52 - 2016-08-12 06:52 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-12 06:52 - 2016-08-12 06:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-12 06:52 - 2016-08-12 06:52 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-12 06:50 - 2016-08-12 06:50 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-12 06:44 - 2016-08-12 06:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-12 06:44 - 2016-08-12 06:44 - 00000000 ____D C:\Program Files\MSBuild
2016-08-12 06:44 - 2016-08-12 06:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-12 06:44 - 2016-08-12 06:44 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-12 06:43 - 2016-05-25 18:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-12 06:43 - 2016-05-25 18:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-12 06:43 - 2016-05-25 18:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-12 06:43 - 2016-05-25 15:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-12 06:43 - 2016-05-25 15:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-12 06:43 - 2016-05-25 15:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-12 04:04 - 2016-08-12 04:04 - 00000000 ____D C:\Users\Alpha Console\AppData\Local\packages
2016-08-12 04:03 - 2016-08-12 04:03 - 00000000 ____D C:\ProgramData\USOShared
2016-08-12 04:02 - 2016-08-12 04:02 - 00000020 ___SH C:\Users\Alpha Console\ntuser.ini
2016-08-12 04:02 - 2016-08-12 04:02 - 00000000 ____D C:\Users\Alpha Console\AppData\Local\ConnectedDevicesPlatform
2016-08-12 04:01 - 2016-08-12 04:01 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-12 04:01 - 2016-08-12 04:01 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-12 04:01 - 2016-08-12 04:01 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-12 04:01 - 2016-08-12 04:01 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-12 04:01 - 2016-08-12 04:01 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-12 04:01 - 2016-08-12 04:01 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-12 04:01 - 2016-08-12 04:01 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-12 03:51 - 2016-08-12 04:01 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2016-08-12 03:51 - 2016-08-12 04:01 - 00011433 _____ C:\WINDOWS\diagerr.xml
2016-08-12 03:38 - 2016-08-12 12:40 - 00003580 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-08-12 03:38 - 2016-08-12 03:38 - 00003892 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-08-12 03:38 - 2016-08-12 03:38 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-12 03:38 - 2016-08-12 03:38 - 00003364 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466059234
2016-08-12 03:38 - 2016-08-12 03:38 - 00003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F2A67CD5-8242-4DBA-A7AD-B2D5B582DB63}
2016-08-12 03:38 - 2016-08-12 03:38 - 00003276 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2016-08-12 03:38 - 2016-08-12 03:38 - 00003222 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-12 03:38 - 2016-08-12 03:38 - 00003110 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-08-12 03:38 - 2016-08-12 03:38 - 00002992 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-08-12 03:38 - 2016-08-12 03:38 - 00002952 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-12 03:38 - 2016-08-12 03:38 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3669251615-1622248423-747821092-1001
2016-08-12 03:38 - 2016-08-12 03:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-12 03:38 - 2016-08-12 03:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-08-12 03:20 - 2016-08-12 03:20 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-12 03:20 - 2016-08-12 03:20 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-12 03:20 - 2016-08-12 03:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-12 03:14 - 2016-08-12 03:22 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-12 03:10 - 2016-08-12 07:12 - 00000000 ____D C:\Users\Michelle
2016-08-12 03:10 - 2016-08-12 04:02 - 00000000 ____D C:\Users\Alpha Console
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Michelle\My Documents
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Michelle\Documents\My Videos
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Michelle\Documents\My Pictures
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Michelle\Documents\My Music
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Alpha Console\My Documents
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Alpha Console\Documents\My Videos
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Alpha Console\Documents\My Pictures
2016-08-12 03:10 - 2016-08-12 03:10 - 00000000 _SHDL C:\Users\Alpha Console\Documents\My Music
2016-08-12 03:04 - 2016-08-12 03:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-08-12 03:04 - 2016-08-12 03:04 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-12 03:04 - 2016-08-12 03:04 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-12 03:04 - 2016-08-12 03:04 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-12 03:04 - 2016-08-12 03:04 - 00000000 ____D C:\Program Files\Realtek
2016-08-12 03:03 - 2016-08-12 03:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-12 03:03 - 2016-08-12 03:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-12 03:03 - 2016-08-12 03:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-12 03:03 - 2016-08-12 03:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-08-12 03:03 - 2016-02-23 16:28 - 06368824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-12 03:03 - 2016-02-23 16:28 - 06154909 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-12 03:03 - 2016-02-23 16:28 - 02993720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-12 03:03 - 2016-02-23 16:28 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-12 03:03 - 2016-02-23 16:28 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-12 03:03 - 2016-02-23 16:28 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-12 03:03 - 2016-02-23 16:28 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-12 03:03 - 2016-02-23 16:28 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-12 03:03 - 2016-02-23 16:28 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-12 03:02 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-12 02:59 - 2016-08-16 16:17 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-12 02:59 - 2016-08-12 03:23 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-12 02:59 - 2016-08-12 02:59 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-11 13:21 - 2016-08-11 13:21 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-11 13:20 - 2016-08-11 13:20 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-11 13:15 - 2016-08-11 13:15 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-11 13:15 - 2016-08-11 13:15 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-11 13:14 - 2016-08-11 13:14 - 00987728 _____ (Google Inc.) C:\Users\Michelle\Downloads\ChromeSetup.exe
2016-08-03 14:23 - 2016-08-03 14:23 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-16 16:37 - 2015-11-02 12:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-16 13:02 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-16 01:07 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 01:07 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-13 03:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-12 13:03 - 2015-05-13 12:19 - 00000000 ____D C:\Users\Michelle\AppData\Local\Packages
2016-08-12 07:16 - 2015-10-06 22:55 - 00002419 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-12 07:16 - 2015-05-13 12:24 - 00000000 ___RD C:\Users\Michelle\OneDrive
2016-08-12 07:13 - 2015-11-02 12:03 - 00000000 ___RD C:\Users\Michelle\Google Drive
2016-08-12 07:09 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 06:57 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-12 06:53 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-12 06:53 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-12 06:53 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-12 06:53 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-12 04:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 04:04 - 2015-05-13 14:55 - 00000000 ____D C:\Users\Alpha Console\AppData\Roaming\XBMC
2016-08-12 04:03 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-12 04:03 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-12 03:50 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-12 03:50 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-12 03:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-12 03:38 - 2015-10-06 19:53 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-12 03:37 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-12 03:29 - 2015-10-06 19:50 - 00902208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-12 03:28 - 2014-10-31 21:37 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2016-08-12 03:28 - 2014-10-31 21:27 - 00900574 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-12 03:22 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-12 03:22 - 2016-02-25 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
2016-08-12 03:22 - 2015-12-30 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Villagers and Heroes
2016-08-12 03:22 - 2015-12-30 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-12 03:22 - 2015-12-17 18:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-08-12 03:22 - 2015-12-17 18:54 - 00000000 ____D C:\WINDOWS\en
2016-08-12 03:22 - 2015-11-02 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-12 03:22 - 2015-11-02 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-12 03:22 - 2015-10-30 13:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-08-12 03:22 - 2015-10-17 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-08-12 03:22 - 2015-10-12 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
2016-08-12 03:22 - 2015-09-27 08:34 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-08-12 03:22 - 2015-09-27 08:34 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-08-12 03:22 - 2015-09-27 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-12 03:22 - 2015-09-05 11:52 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive
2016-08-12 03:22 - 2015-05-15 13:01 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-12 03:22 - 2015-05-13 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-12 03:22 - 2014-10-31 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-12 03:22 - 2014-10-31 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2016-08-12 03:22 - 2014-10-31 21:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-12 03:20 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-12 03:20 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-12 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-12 03:18 - 2015-05-15 13:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-12 03:18 - 2014-10-31 21:30 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-08-12 03:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-12 03:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-12 03:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-12 03:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-12 03:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-12 03:15 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-12 03:09 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-12 03:05 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-12 03:05 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-12 03:05 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 03:03 - 2014-10-31 21:39 - 00000000 ____D C:\Temp
2016-08-12 02:18 - 2016-07-16 11:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-12 01:41 - 2015-05-13 12:49 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-11 21:41 - 2015-05-13 12:49 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-11 13:28 - 2016-06-16 02:40 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-11 13:22 - 2015-09-27 08:26 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147093612050005
2016-08-11 13:22 - 2015-09-27 08:26 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-08-11 13:21 - 2015-09-27 08:26 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-11 13:21 - 2015-09-27 08:26 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147093612015604
2016-08-11 13:21 - 2015-09-27 08:26 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-11 13:21 - 2015-09-27 08:26 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-11 13:21 - 2015-09-27 08:26 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-11 13:21 - 2015-09-27 08:26 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-11 13:21 - 2015-09-27 08:26 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-11 13:20 - 2016-06-14 21:55 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-11 13:20 - 2015-09-27 08:26 - 00968536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-11 13:15 - 2015-05-13 12:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-11 12:44 - 2016-03-04 09:15 - 00000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2016-08-10 16:36 - 2015-05-15 13:01 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-21 22:02 - 2014-10-31 21:36 - 00000000 ____D C:\ProgramData\PCDr
 
==================== Files in the root of some directories =======
 
2015-10-13 08:40 - 2015-10-13 08:40 - 0000017 _____ () C:\Users\Michelle\AppData\Local\resmon.resmoncfg
2016-08-12 03:04 - 2016-08-12 03:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-12 02:59
 
==================== End of FRST.txt ============================

Attached Files


Edited by justmeinflorida, 16 August 2016 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 18 August 2016 - 09:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc278
CHR HomePage: Default -> hxxp://www.searchcore.net/426
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406","hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN32611438319575117&UM=2","hxxp://search.conduit.com/?ctid=CT2998365&SearchSource=48&CUI=UN29013497362090373&UM=2","hxxp://search.conduit.com/?ctid=CT3287530&SearchSource=48&CUI=UN22487740541524617&UM=2","hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN37665290681786783&UM=2","hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR Extension: (Ebates Cash Back) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-08-01]
CHR Extension: (ZipArcade) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdhjmlocoglfmofdbbedcpflikfhilh [2016-08-11]
CHR Extension: (Avast SafePrice) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-16]
CHR Extension: (Avast Online Security) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKU\S-1-5-21-3669251615-1622248423-747821092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdhjmlocoglfmofdbbedcpflikfhilh
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {0DD8A54A-F3E9-4F51-ABD2-2FB8B07A4F93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3378ECA9-A2D7-4FFF-A34B-F416ACCC100C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {556A67B0-3611-4529-B66B-C5C7C6DBF32D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5FC759C6-4393-4F5E-B475-EDAEE64BD4C7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {69826736-03FE-4645-87B2-C25C35F1B9C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8457B8B3-290B-4D4F-BC50-61445F6EC68E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93979F97-3300-4031-BDA1-11749D5C8229} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9EEED1DC-9DD6-44DA-A7B9-7840DA5F39E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D24BE8BC-93AF-4CB6-BF4B-A1F3E7EA432D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DD9CF212-0882-4C7E-9034-F51B19C73D52} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCC53DB9-6B67-4FCE-B655-24B2DCA92B17} - \WPD\SqmUpload_S-1-5-21-3669251615-1622248423-747821092-1001 -> No File <==== ATTENTION
Task: {FED21702-5EFD-4EAD-ABDA-9C55FA44370D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)

please post the logs and let me know what problems persists.

#3 justmeinflorida

justmeinflorida
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pasco County, FL
  • Local time:09:19 PM

Posted 18 August 2016 - 01:45 PM

Thank you so much for the prompt assistance nasdaq, I really appreciate it. Here you go...

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Michelle (18-08-2016 14:19:45) Run:1
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle & Alpha Console)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc278
CHR HomePage: Default -> hxxp://www.searchcore.net/426
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406","hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN32611438319575117&UM=2","hxxp://search.conduit.com/?ctid=CT2998365&SearchSource=48&CUI=UN29013497362090373&UM=2","hxxp://search.conduit.com/?ctid=CT3287530&SearchSource=48&CUI=UN22487740541524617&UM=2","hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN37665290681786783&UM=2","hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR Extension: (Ebates Cash Back) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-08-01]
CHR Extension: (ZipArcade) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdhjmlocoglfmofdbbedcpflikfhilh [2016-08-11]
CHR Extension: (Avast SafePrice) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-16]
CHR Extension: (Avast Online Security) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKU\S-1-5-21-3669251615-1622248423-747821092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdhjmlocoglfmofdbbedcpflikfhilh
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {0DD8A54A-F3E9-4F51-ABD2-2FB8B07A4F93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3378ECA9-A2D7-4FFF-A34B-F416ACCC100C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {556A67B0-3611-4529-B66B-C5C7C6DBF32D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5FC759C6-4393-4F5E-B475-EDAEE64BD4C7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {69826736-03FE-4645-87B2-C25C35F1B9C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8457B8B3-290B-4D4F-BC50-61445F6EC68E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93979F97-3300-4031-BDA1-11749D5C8229} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9EEED1DC-9DD6-44DA-A7B9-7840DA5F39E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D24BE8BC-93AF-4CB6-BF4B-A1F3E7EA432D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DD9CF212-0882-4C7E-9034-F51B19C73D52} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCC53DB9-6B67-4FCE-B655-24B2DCA92B17} - \WPD\SqmUpload_S-1-5-21-3669251615-1622248423-747821092-1001 -> No File <==== ATTENTION
Task: {FED21702-5EFD-4EAD-ABDA-9C55FA44370D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => key removed successfully
HKU\S-1-5-21-3669251615-1622248423-747821092-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi => moved successfully
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdhjmlocoglfmofdbbedcpflikfhilh => moved successfully
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKU\S-1-5-21-3669251615-1622248423-747821092-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
ibtsiva => service removed successfully
"C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi" => not found.
"C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdhjmlocoglfmofdbbedcpflikfhilh" => not found.
"C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DD8A54A-F3E9-4F51-ABD2-2FB8B07A4F93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DD8A54A-F3E9-4F51-ABD2-2FB8B07A4F93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3378ECA9-A2D7-4FFF-A34B-F416ACCC100C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3378ECA9-A2D7-4FFF-A34B-F416ACCC100C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{556A67B0-3611-4529-B66B-C5C7C6DBF32D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{556A67B0-3611-4529-B66B-C5C7C6DBF32D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FC759C6-4393-4F5E-B475-EDAEE64BD4C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC759C6-4393-4F5E-B475-EDAEE64BD4C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69826736-03FE-4645-87B2-C25C35F1B9C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69826736-03FE-4645-87B2-C25C35F1B9C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8457B8B3-290B-4D4F-BC50-61445F6EC68E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8457B8B3-290B-4D4F-BC50-61445F6EC68E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93979F97-3300-4031-BDA1-11749D5C8229}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93979F97-3300-4031-BDA1-11749D5C8229}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EEED1DC-9DD6-44DA-A7B9-7840DA5F39E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EEED1DC-9DD6-44DA-A7B9-7840DA5F39E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D24BE8BC-93AF-4CB6-BF4B-A1F3E7EA432D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24BE8BC-93AF-4CB6-BF4B-A1F3E7EA432D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD9CF212-0882-4C7E-9034-F51B19C73D52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9CF212-0882-4C7E-9034-F51B19C73D52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCC53DB9-6B67-4FCE-B655-24B2DCA92B17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC53DB9-6B67-4FCE-B655-24B2DCA92B17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3669251615-1622248423-747821092-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FED21702-5EFD-4EAD-ABDA-9C55FA44370D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FED21702-5EFD-4EAD-ABDA-9C55FA44370D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23360935 B
Java, Flash, Steam htmlcache => 354420709 B
Windows/system/drivers => 587568 B
Edge => 25127386 B
Chrome => 861870110 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 78762 B
NetworkService => 2546 B
Michelle => 88669116 B
Alpha Console => 46513 B
 
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:22:34 ====


#4 justmeinflorida

justmeinflorida
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pasco County, FL
  • Local time:09:19 PM

Posted 18 August 2016 - 02:22 PM

A few things to note...AdwCleaner never produced an automatic log file, instead my computer restarted. Upon reopening I noticed an additional login profile. (me), Alpha Console and another Alpha Console, there used to be just one. I don't know what caused the other one to show up out of nowhere. Also when AdwCleaner finished it's scan it said it found 13 threats (which you'll see below) however the box (on the bottom) was blank. It said in the bar above "Waiting for action. Please uncheck elements you want to keep." But alas there was nothing to uncheck. I did click "clear" just to be on the safe side and I'm glad I did. As of right now everything seems to be back to normal. The pop ups on this desktop pc have stopped. Have time to help me with the same popups on the laptop also?

 

 # AdwCleaner v6.000 - Logfile created 18/08/2016 at 14:46:41

# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-18.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Michelle - ALPHA-7VNY322
# Running from : C:\Users\Michelle\Downloads\adwcleaner_6.000.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry element found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web data] - r
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web data] - isearch.avg.com
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web data] - websearch.ask.com
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web data] - www.yahoo.com
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.searchnu.com/406
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN32611438319575117&UM=2
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://search.conduit.com/?ctid=CT2998365&SearchSource=48&CUI=UN29013497362090373&UM=2
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://search.conduit.com/?ctid=CT3287530&SearchSource=48&CUI=UN22487740541524617&UM=2
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN37665290681786783&UM=2
Chrome pref Found:  [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.searchcore.net/426
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2917 Bytes] - [18/08/2016 14:38:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [2838 Bytes] - [18/08/2016 14:46:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2911 Bytes] ##########

Edited by justmeinflorida, 18 August 2016 - 02:45 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 19 August 2016 - 07:17 AM


If all is well with tnis computer read h

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


For the other computer you must start a new topic.
Before you do Download and run the AdwCleaner tool on it.

Download and run the Farbar tool also.

Create a new topic and paste the logs.

Then post the URL of the new topic in you next reply.
I will expedite the matter.

#6 justmeinflorida

justmeinflorida
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pasco County, FL
  • Local time:09:19 PM

Posted 19 August 2016 - 12:47 PM

Thanks for all the help nasdaq, it's much appreciated. Here's the link for the laptop, I've started the process you suggested above already.http://www.bleepingcomputer.com/forums/t/624064/avast-pop-up-httpk9x6zxj8comappc-part-2-laptop/


Edited by justmeinflorida, 19 August 2016 - 12:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users