Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant IE pop-ups at start up?


  • This topic is locked This topic is locked
13 replies to this topic

#1 allenwalker

allenwalker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 25 August 2016 - 05:39 PM

Hello, 

 

I posted on "Am I Infected?" and was redirected here after completing their directions. Recently I've been getting weird IE pop-ups when I start up my computer. They always come in 3 windows with random ads that tell you to update your Flash or have flashing warning screens. 

 

Btw, I'm running Windows 8.1. Initially, I ran a system scan with BitDefender Total Security 2016 and restarted but that didn't fix it. I also ran a threat scan with Malwarebytes Anti-Malware but that didn't help either. Additionally, I ran JRT and used CCleaner to remove my temps with the cleaner option as suggested by someone who replied to my thread in "Am I Infected?" but none of it helped. I always restarted each time but the ads remained. I would really appreciate some help with my problem! 

 

Here is my FRST.txt log and the addition is attached. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Tammy (administrator) on PERSONAL-PC (25-08-2016 15:29:12)
Running from C:\Users\Tammy\Downloads
Loaded Profiles: Tammy (Available Profiles: Tammy)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LINE Corporation) C:\Users\Tammy\AppData\Local\LINE\bin\4.8.3.1130\LINE.exe
(Dropbox, Inc.) C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-10-09] (Motorola Solutions, Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2016-05-12] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [18785776 2014-04-30] (Entertainment Experience)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-06-28] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Dropbox Update] => C:\Users\Tammy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-10] (Dropbox, Inc.)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1450520 2016-06-28] (Bitdefender)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Spotify Web Helper] => C:\Users\Tammy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-24] (Spotify Ltd)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Spotify] => C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-24] (Spotify Ltd)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [LINE] => C:\Users\Tammy\AppData\Local\LINE\bin\LineLauncher.exe [610256 2016-08-24] (LINE Corporation)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mun.exe [2015-09-04] ()
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2894A535-18AA-4055-BCF2-8069641E6E3C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F440428D-3E3C-4BF0-961C-95B888EFCB6D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001 -> DefaultScope {1682E042-AE3C-4F8F-A48C-71D51E94D6B6} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-30] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-30] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.easylifeapp.com/
CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/",""
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-08-15]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Listhings) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aooobeadnfddkmlcfcmjhjldpbefmnjf [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (New XKit) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-10-28]
CHR Extension: (Momentum) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2016-02-06]
CHR Extension: (Material Simple Dark Grey) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2016-03-30]
CHR Extension: (Click&Clean App) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-08-15]
CHR Extension: (Unblock Youku) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-08-25]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (ST Math®) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahgfknfdplnpiiiiejiimkojdkjlfmdo [2015-08-13]
CHR Extension: (Student Resources In Context) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\anmifcdidknonmoobilmacdapoenccml [2016-02-11]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (PowerSearch) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgfenkapnckkimbcoehldnlmaeikbgej [2016-02-11]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-03]
CHR Extension: (gScholar) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhjifohoeoecgackaeooglaaeilckjkc [2016-02-17]
CHR Extension: (Opposing Viewpoints In Context) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ebipejegdmbclnhaoeflnniilcdbkpai [2016-02-11]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Gale eBooks (GVRL)) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hblgdjhpilgpeolphafiipidojmkdpam [2016-02-11]
CHR Extension: (Securly for Chromebooks) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iheobagjkfklnlikgihanlhcddjoihkg [2016-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (TypingClub) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-12]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-02-13]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (XKit) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-03-11]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-11]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-13]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-15]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-15]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-15]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-02-15]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-21]
CHR Extension: (Tab for a Cause) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gibkoahgjfhphbmeiphbcnhehbfdlcgo [2016-02-15]
CHR Extension: (AdBlock) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-20]
CHR Extension: (Star Se7en) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kembffdaaophkgdjpheebhhlaihpagjp [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-20]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-06]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-06]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2015-12-20]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-06]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (New XKit) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\inobiceghmpkaklcknpniboilbjmlald [2016-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-25]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [89072 2014-04-30] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-08-22] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-08-22] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-28] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [371472 2016-05-26] (Intel Corporation)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [299816 2016-06-28] (Bitdefender)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3520264 2016-05-03] (Intel Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 15:14 - 2016-08-25 15:14 - 00000786 _____ C:\bdlog.txt
2016-08-25 14:59 - 2016-08-25 15:29 - 00038350 _____ C:\Users\Tammy\Downloads\FRST.txt
2016-08-25 14:59 - 2016-08-25 15:29 - 00000000 ____D C:\FRST
2016-08-25 14:57 - 2016-08-25 14:57 - 02396160 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2016-08-25 14:48 - 2016-08-25 14:55 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-08-25 14:10 - 2016-08-25 14:10 - 00000136 _____ C:\Windows\ODBC.INI
2016-08-25 12:32 - 2016-08-25 12:32 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-25 12:32 - 2016-08-25 12:32 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-25 12:32 - 2016-08-25 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-25 12:32 - 2016-08-25 12:32 - 00000000 ____D C:\Program Files\CCleaner
2016-08-25 12:22 - 2016-08-25 12:22 - 00001865 _____ C:\Users\Tammy\Documents\JRT.txt
2016-08-25 12:22 - 2016-08-25 12:22 - 00001865 _____ C:\Users\Tammy\Desktop\JRT.txt
2016-08-24 19:20 - 2016-08-24 19:20 - 00001083 _____ C:\Users\Tammy\Desktop\Malwarebytes Anti-Malware Finished 160824 15-20.txt
2016-08-24 18:43 - 2016-08-24 18:30 - 00016773 _____ C:\Users\Tammy\Desktop\1472081012_1_02.xml
2016-08-24 16:13 - 2016-08-24 16:13 - 00002833 _____ C:\Users\Tammy\Downloads\577109C0TG.txt
2016-08-24 11:21 - 2016-08-24 11:21 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-23 09:52 - 2016-08-23 09:52 - 00003228 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 12:49 - 2016-08-22 12:49 - 00000000 ____D C:\Users\Tammy\Documents\Custom Office Templates
2016-08-21 13:00 - 2016-08-21 23:23 - 00000000 ____D C:\ProgramData\Origin
2016-08-21 12:40 - 2016-08-21 12:40 - 00001602 _____ C:\Users\Tammy\Desktop\The Sims 4.lnk
2016-08-21 12:21 - 2016-08-21 12:21 - 00000000 ____D C:\Users\Tammy\Documents\Electronic Arts
2016-08-21 12:09 - 2016-08-20 01:51 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2016-08-18 12:23 - 2016-08-24 19:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-18 12:23 - 2016-08-18 12:23 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-18 12:23 - 2016-08-18 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-18 12:23 - 2016-08-18 12:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-18 12:23 - 2016-08-18 12:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-18 12:23 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-18 12:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-18 12:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-18 08:37 - 2016-08-18 08:37 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-17 16:45 - 2016-08-17 21:32 - 00000000 ____D C:\Program Files (x86)\The Sims 4
2016-08-17 14:54 - 2016-08-17 14:54 - 00000000 ____D C:\Windows\LastGood
2016-08-17 14:54 - 2016-08-17 14:54 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-08-17 14:47 - 2016-08-25 15:26 - 00000000 __SHD C:\Users\Tammy\IntelGraphicsProfiles
2016-08-17 14:46 - 2016-08-17 14:46 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-17 14:41 - 2016-08-17 14:41 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2016-08-17 14:41 - 2016-08-17 14:41 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-08-17 14:34 - 2016-08-17 14:40 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-08-17 14:31 - 2016-08-17 14:31 - 00000000 ____D C:\ProgramData\IntelDLM
2016-08-17 14:20 - 2016-08-17 14:20 - 00000000 ____D C:\Users\Tammy\AppData\Local\Intel
2016-08-17 14:19 - 2016-08-17 14:22 - 00003038 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-08-17 14:19 - 2016-08-17 14:19 - 00001184 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2016-08-17 14:19 - 2016-08-17 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-08-17 14:19 - 2016-08-17 14:19 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-08-17 14:19 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-08-17 14:18 - 2016-08-17 14:18 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-08-15 13:33 - 2016-08-15 13:33 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-15 13:33 - 2016-08-15 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-15 13:32 - 2016-08-15 13:33 - 00000000 ____D C:\Program Files\iTunes
2016-08-15 13:32 - 2016-08-15 13:32 - 00000000 ____D C:\Program Files\iPod
2016-08-15 13:32 - 2016-08-15 13:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-05 12:57 - 2016-08-05 12:57 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-08-05 12:57 - 2016-08-05 12:57 - 00000000 ____D C:\Program Files\Dell Support Center
2016-08-02 10:45 - 2016-08-02 10:45 - 00001908 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-08-02 10:45 - 2016-08-02 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 15:30 - 2015-08-11 17:06 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Skype
2016-08-25 15:29 - 2016-05-06 16:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-25 15:27 - 2016-02-28 13:25 - 00000000 ____D C:\Users\Tammy\AppData\Local\Spotify
2016-08-25 15:26 - 2014-12-13 12:51 - 00000000 ___RD C:\Users\Tammy\OneDrive
2016-08-25 15:26 - 2014-12-13 11:00 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-25 15:18 - 2014-10-09 20:17 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-08-25 15:15 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-25 15:14 - 2014-12-13 12:50 - 00000000 ____D C:\Users\Tammy
2016-08-25 15:14 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-25 15:01 - 2014-12-13 11:00 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3264904998-1414079771-3962865522-1001
2016-08-25 15:01 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-08-25 14:59 - 2015-06-10 18:49 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001UA.job
2016-08-25 14:58 - 2015-12-20 01:19 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-08-25 14:54 - 2014-12-13 11:00 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-25 14:07 - 2016-02-28 13:24 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Spotify
2016-08-25 14:04 - 2014-12-13 12:56 - 00000000 ___RD C:\Users\Tammy\Dropbox
2016-08-25 13:24 - 2016-06-18 22:13 - 00000000 ____D C:\Users\Tammy\Downloads\Images
2016-08-25 13:18 - 2015-05-29 22:07 - 00040448 ___SH C:\Users\Tammy\Documents\Thumbs.db
2016-08-25 13:08 - 2015-03-01 01:31 - 00507436 _____ C:\Windows\system32\perfh011.dat
2016-08-25 13:08 - 2015-03-01 01:31 - 00136200 _____ C:\Windows\system32\perfc011.dat
2016-08-25 13:08 - 2015-03-01 01:16 - 00810032 _____ C:\Windows\system32\perfh00A.dat
2016-08-25 13:08 - 2015-03-01 01:16 - 00166882 _____ C:\Windows\system32\perfc00A.dat
2016-08-25 13:08 - 2014-03-18 02:53 - 02467762 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 13:08 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 12:44 - 2015-03-14 14:35 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\uTorrent
2016-08-25 12:44 - 2014-12-13 13:39 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\DAEMON Tools Pro
2016-08-25 12:32 - 2015-02-14 22:04 - 03141120 ___SH C:\Users\Tammy\Downloads\Thumbs.db
2016-08-25 12:16 - 2014-12-13 11:00 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA7D737F-6B0F-4B35-91FF-701D9C25995C}
2016-08-25 12:10 - 2015-02-01 04:29 - 00000000 ____D C:\Users\Tammy\AppData\Local\Adobe
2016-08-24 19:59 - 2015-06-10 18:49 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001Core.job
2016-08-24 14:11 - 2014-12-13 12:50 - 00000000 ____D C:\Users\Tammy\AppData\Local\Packages
2016-08-24 11:21 - 2014-12-13 12:54 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Dropbox
2016-08-23 22:52 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2016-08-23 09:52 - 2016-04-24 02:04 - 00002343 _____ C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-08-23 09:52 - 2015-01-29 19:23 - 00003178 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3264904998-1414079771-3962865522-1001
2016-08-23 00:30 - 2015-11-10 01:35 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\RenPy
2016-08-22 11:56 - 2015-12-20 01:33 - 01603264 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-08-22 11:56 - 2015-12-20 01:33 - 00850464 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-08-21 12:09 - 2014-10-09 20:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-21 00:34 - 2016-06-19 02:08 - 00000000 ____D C:\Users\Tammy\AppData\LocalLow\uTorrent
2016-08-18 00:56 - 2015-07-12 23:21 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\vlc
2016-08-17 14:57 - 2014-12-22 17:59 - 00000000 ____D C:\ProgramData\softthinks
2016-08-17 14:54 - 2014-10-09 20:10 - 00000000 ____D C:\ProgramData\Intel
2016-08-17 14:54 - 2014-10-09 20:10 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-17 14:53 - 2014-10-09 20:10 - 00000000 ____D C:\Program Files\Intel
2016-08-17 14:47 - 2014-10-09 20:17 - 00016240 _____ C:\Windows\system32\results.xml
2016-08-17 14:47 - 2014-10-09 20:10 - 00000000 ____D C:\Intel
2016-08-17 14:41 - 2014-10-09 20:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-17 13:55 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-17 13:54 - 2015-01-29 19:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-15 13:32 - 2015-03-31 22:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-14 13:13 - 2015-07-26 00:22 - 00000000 ____D C:\Users\Tammy\Documents\College
2016-08-14 13:12 - 2015-03-28 20:51 - 00000000 ____D C:\Users\Tammy\Downloads\BG
2016-08-11 14:33 - 2015-03-26 02:11 - 00000000 ____D C:\Users\Tammy\Documents\Tammy
2016-08-11 14:27 - 2015-11-10 21:17 - 00000000 ____D C:\Users\Tammy\Documents\Important
2016-08-11 14:11 - 2015-06-08 00:09 - 00000000 ____D C:\Users\Tammy\Downloads\Books
2016-08-11 01:21 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-11 01:21 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-08 11:55 - 2014-12-13 11:01 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 11:55 - 2014-12-13 11:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 18:32 - 2016-06-27 14:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-07 18:32 - 2015-08-11 17:05 - 00000000 ____D C:\ProgramData\Skype
2016-08-05 12:57 - 2014-10-09 20:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-08-02 10:46 - 2015-07-27 17:36 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-02 10:45 - 2015-07-27 17:36 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-07-31 22:36 - 2015-06-08 00:21 - 00020212 _____ C:\Users\Tammy\Desktop\Reading List.xlsx
2016-07-31 18:49 - 2014-12-13 11:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-31 18:49 - 2014-12-13 11:00 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-03-24 23:27 - 2015-11-29 15:09 - 0001456 _____ () C:\Users\Tammy\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-12 19:52 - 2015-10-12 19:52 - 0007605 _____ () C:\Users\Tammy\AppData\Local\Resmon.ResmonCfg
2014-10-09 20:01 - 2014-10-09 20:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\vlc-2.2.4-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-21 11:49
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 28 August 2016 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this app via the Control Panel > Programs > Programs and Features.
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR HomePage: Default -> hxxp://search.easylifeapp.com/
CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/",""
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
AlternateDataStreams: C:\Windows\SysWOW64\vp6vfw.dll:BDU [0]
AlternateDataStreams: C:\Users\Tammy\Downloads\FRST64.exe:BDU [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.


Please post the log and let me know if the problem persists.

#3 allenwalker

allenwalker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 29 August 2016 - 03:58 PM

I have followed all the instructions you've given me but the ads still appear for some reason. 

 

Here is the Fixlog.txt. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Tammy (28-08-2016 13:09:39) Run:1
Running from C:\Users\Tammy\Downloads
Loaded Profiles: Tammy (Available Profiles: Tammy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR HomePage: Default -> hxxp://search.easylifeapp.com/
CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/",""
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
AlternateDataStreams: C:\Windows\SysWOW64\vp6vfw.dll:BDU [0]
AlternateDataStreams: C:\Users\Tammy\Downloads\FRST64.exe:BDU [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem" => key removed successfully
ibtsiva => service removed successfully
OATool => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Unable to stop service.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
C:\Windows\SysWOW64\vp6vfw.dll => ":BDU" ADS removed successfully.
"C:\Users\Tammy\Downloads\FRST64.exe" => ":BDU" ADS not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 118922125 B
Java, Flash, Steam htmlcache => 73658186 B
Windows/system/drivers => 59514815 B
Edge => 0 B
Chrome => 1226818907 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 334160 B
systemprofile32 => 93563 B
LocalService => 160684 B
NetworkService => 8332 B
Tammy => 428634886 B
 
RecycleBin => 4104665394 B
EmptyTemp: => 5.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:12:37 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 30 August 2016 - 08:23 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#5 allenwalker

allenwalker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 04 September 2016 - 11:05 PM

Sorry for the late reply. I turned off my AV program ran the Zeok tool as suggested but when I restarted the computer, the ads still popped up. 

 

Here is the zeok-results.log

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Tammy on Sun 09/04/2016 at 20:34:14.20.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Tammy\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
9/4/2016 8:37:38 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\Common Files\AV deleted successfully
C:\Users\Tammy\AppData\Roaming\baidu deleted successfully
C:\Users\Tammy\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Tammy\AppData\Roaming\QuickScan deleted successfully
C:\Users\Tammy\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Tammy\AppData\Local\EmieSiteList deleted successfully
C:\Users\Tammy\AppData\Local\EmieUserList deleted successfully
C:\Users\Tammy\AppData\Local\Skype deleted successfully
C:\Users\Tammy\AppData\Local\softthinks deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\{05EE3202-A879-4F9D-895C-AC535855E0A9} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [12/16/2015 08:29 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [12/16/2015 08:29 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
 
Listhings - Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aooobeadnfddkmlcfcmjhjldpbefmnjf
New XKit - Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald
Momentum - Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca
Wunderlist - Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh
Material Simple Dark Grey - Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm
Unblock Youku - Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk
Chrome Media Router - Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
ST Math® - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahgfknfdplnpiiiiejiimkojdkjlfmdo
Student Resources In Context - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\anmifcdidknonmoobilmacdapoenccml
PowerSearch - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgfenkapnckkimbcoehldnlmaeikbgej
Bitdefender Wallet - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem
gScholar - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhjifohoeoecgackaeooglaaeilckjkc
Opposing Viewpoints In Context - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ebipejegdmbclnhaoeflnniilcdbkpai
Gale eBooks (GVRL) - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hblgdjhpilgpeolphafiipidojmkdpam
Securly - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iheobagjkfklnlikgihanlhcddjoihkg
TypingClub - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah
Chrome Media Router - Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Bitdefender Wallet - Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem
XKit - Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd
Chrome Media Router - Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Bitdefender Wallet - Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem
Tab for a Cause - Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gibkoahgjfhphbmeiphbcnhehbfdlcgo
Star Se7en - Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kembffdaaophkgdjpheebhhlaihpagjp
Chrome Media Router - Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
New XKit - Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\inobiceghmpkaklcknpniboilbjmlald
Chrome Media Router - Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_yy5izxryywquy29t.g00.slickdeals.net_0.localstorage deleted successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_yy5izxryywquy29t.g00.slickdeals.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{1682E042-AE3C-4F8F-A48C-71D51E94D6B6}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1682E042-AE3C-4F8F-A48C-71D51E94D6B6}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Reset Google Chrome ======================
 
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Secure Preferences was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data was reset successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tammy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tammy\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tammy\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Tammy\AppData\Local\Microsoft\Windows\INetCache\IE\X105J8IP will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=73 folders=47 238505939 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tammy\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Tammy\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Tammy\AppData\Local\Microsoft\Windows\INetCache\IE\X105J8IP" not found
 
==== EOF on Sun 09/04/2016 at 20:52:29.99 ======================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 05 September 2016 - 07:55 AM

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 11 September 2016 - 07:31 AM

Are you still with me?

#8 allenwalker

allenwalker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 13 September 2016 - 01:56 PM

Sorry for the wait. I have been really busy. I reset my router but unfortunately the pop ups haven't left... :( Was really hoping this would be it. I even did it twice in case I did something wrong... 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 14 September 2016 - 08:05 AM

Please run the Farbar tool and post fresh FRST and Addition.txt logs for my review.

#10 allenwalker

allenwalker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 14 September 2016 - 05:40 PM

Here are the FRST and Addition.txt logs in the corresponding order. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by Tammy (administrator) on PERSONAL-PC (14-09-2016 15:30:12)
Running from C:\Users\Tammy\Downloads
Loaded Profiles: Tammy (Available Profiles: Tammy)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\TrueColor\DriverConsoleApp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(LINE Corporation) C:\Users\Tammy\AppData\Local\LINE\bin\4.9.0.1147\LINE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Dropbox, Inc.) C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-10-09] (Motorola Solutions, Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2016-05-12] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [18785776 2014-04-30] (Entertainment Experience)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-06-28] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Dropbox Update] => C:\Users\Tammy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-10] (Dropbox, Inc.)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1450520 2016-06-28] (Bitdefender)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Spotify Web Helper] => C:\Users\Tammy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-06] (Spotify Ltd)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Spotify] => C:\Users\Tammy\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-06] (Spotify Ltd)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [LINE] => C:\Users\Tammy\AppData\Local\LINE\bin\LineLauncher.exe [610256 2016-09-08] (LINE Corporation)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mun.exe [2015-09-04] ()
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2894A535-18AA-4055-BCF2-8069641E6E3C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F440428D-3E3C-4BF0-961C-95B888EFCB6D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-28] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-09-04]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-04]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-04]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-04]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-04]
CHR Extension: (AdBlock) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-04]
CHR Extension: (New XKit) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2016-09-04]
CHR Extension: (Momentum) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-04]
CHR Extension: (Material Simple Dark Grey) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2016-09-04]
CHR Extension: (Unblock Youku) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-09-08]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (ST Math®) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahgfknfdplnpiiiiejiimkojdkjlfmdo [2015-08-13]
CHR Extension: (Student Resources In Context) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\anmifcdidknonmoobilmacdapoenccml [2016-02-11]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (PowerSearch) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgfenkapnckkimbcoehldnlmaeikbgej [2016-02-11]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-03]
CHR Extension: (gScholar) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhjifohoeoecgackaeooglaaeilckjkc [2016-02-17]
CHR Extension: (Opposing Viewpoints In Context) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ebipejegdmbclnhaoeflnniilcdbkpai [2016-02-11]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Gale eBooks (GVRL)) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hblgdjhpilgpeolphafiipidojmkdpam [2016-02-11]
CHR Extension: (Securly for Chromebooks) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iheobagjkfklnlikgihanlhcddjoihkg [2016-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (TypingClub) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-27]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-02-13]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (XKit) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-03-11]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-11]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-27]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-15]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-15]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-15]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-02-15]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-21]
CHR Extension: (Tab for a Cause) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gibkoahgjfhphbmeiphbcnhehbfdlcgo [2016-02-15]
CHR Extension: (What's your name?) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-27]
CHR Extension: (Star Se7en) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kembffdaaophkgdjpheebhhlaihpagjp [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-20]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-04]
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-04]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-04]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-04]
CHR Extension: (Google Sheets) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-04]
CHR Extension: (Google Docs Offline) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-05]
CHR Extension: (AdBlock) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-12]
CHR Extension: (New XKit) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\inobiceghmpkaklcknpniboilbjmlald [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-04]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [89072 2014-04-30] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-08-22] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-08-22] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-28] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [371472 2016-05-26] (Intel Corporation)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [299816 2016-06-28] (Bitdefender)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3520264 2016-05-03] (Intel Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-14 15:28 - 2016-09-14 15:28 - 00000000 ____D C:\Users\Tammy\Downloads\FRST-OlderVersion
2016-09-07 21:35 - 2016-09-07 21:46 - 290989158 _____ C:\Users\Tammy\Downloads\The Anteaters Guide to Writing and Rhetoric - 5th edition.pdf
2016-09-06 20:10 - 2016-09-06 20:11 - 03225089 _____ C:\Users\Tammy\Documents\Untitled.mp4
2016-09-06 19:39 - 2016-09-06 19:39 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Publish Providers
2016-09-04 20:55 - 2016-09-04 20:55 - 00012706 _____ C:\Users\Tammy\Documents\zoek-results.txt
2016-09-04 20:49 - 2016-09-04 20:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-09-04 20:33 - 2016-09-04 20:48 - 00000000 ____D C:\zoek_backup
2016-09-04 20:30 - 2016-09-04 20:30 - 01309184 _____ C:\Users\Tammy\Desktop\zoek.exe
2016-09-02 14:28 - 2016-09-02 14:28 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-01 00:03 - 2016-09-13 12:58 - 00000000 ____D C:\Users\Tammy\Desktop\Drawings
2016-08-28 21:17 - 2016-08-28 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-28 21:17 - 2016-08-28 21:16 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-28 21:16 - 2016-08-28 21:16 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-28 13:13 - 2016-08-28 13:13 - 00026214 _____ C:\ProgramData\1472415175.bdinstall.bin
2016-08-28 13:09 - 2016-08-28 13:12 - 00003022 _____ C:\Users\Tammy\Downloads\Fixlog.txt
2016-08-25 16:24 - 2016-08-25 16:24 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-08-25 15:30 - 2016-08-25 15:31 - 00050642 _____ C:\Users\Tammy\Downloads\Addition.txt
2016-08-25 15:14 - 2016-09-04 20:50 - 00003143 _____ C:\bdlog.txt
2016-08-25 14:59 - 2016-09-14 15:30 - 00037354 _____ C:\Users\Tammy\Downloads\FRST.txt
2016-08-25 14:59 - 2016-09-14 15:29 - 00000000 ____D C:\FRST
2016-08-25 14:57 - 2016-09-14 15:28 - 02398720 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2016-08-25 14:48 - 2016-08-25 14:55 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-08-25 14:10 - 2016-08-25 14:10 - 00000136 _____ C:\Windows\ODBC.INI
2016-08-25 12:32 - 2016-08-25 12:32 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-25 12:32 - 2016-08-25 12:32 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-25 12:32 - 2016-08-25 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-25 12:32 - 2016-08-25 12:32 - 00000000 ____D C:\Program Files\CCleaner
2016-08-25 12:22 - 2016-08-25 12:22 - 00001865 _____ C:\Users\Tammy\Downloads\JRT.txt
2016-08-25 12:18 - 2016-08-25 12:18 - 01610560 _____ (Malwarebytes) C:\Users\Tammy\Downloads\JRT.exe
2016-08-24 19:20 - 2016-08-24 19:20 - 00001083 _____ C:\Users\Tammy\Downloads\Malwarebytes Anti-Malware Finished 160824 15-20.txt
2016-08-24 18:43 - 2016-08-24 18:30 - 00016773 _____ C:\Users\Tammy\Downloads\1472081012_1_02.xml
2016-08-24 16:13 - 2016-08-24 16:13 - 00002833 _____ C:\Users\Tammy\Downloads\577109C0TG.txt
2016-08-23 09:52 - 2016-08-23 09:52 - 00003228 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 12:49 - 2016-08-22 12:49 - 00000000 ____D C:\Users\Tammy\Documents\Custom Office Templates
2016-08-21 13:00 - 2016-08-21 23:23 - 00000000 ____D C:\ProgramData\Origin
2016-08-21 12:40 - 2016-08-21 12:40 - 00001602 _____ C:\Users\Tammy\Desktop\The Sims 4.lnk
2016-08-21 12:21 - 2016-08-21 12:21 - 00000000 ____D C:\Users\Tammy\Documents\Electronic Arts
2016-08-21 12:09 - 2016-08-20 01:51 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2016-08-18 12:23 - 2016-08-24 19:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-18 12:23 - 2016-08-18 12:23 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-18 12:23 - 2016-08-18 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-18 12:23 - 2016-08-18 12:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-18 12:23 - 2016-08-18 12:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-18 12:23 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-18 12:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-18 12:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-18 08:37 - 2016-08-18 08:37 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-17 16:45 - 2016-08-17 21:32 - 00000000 ____D C:\Program Files (x86)\The Sims 4
2016-08-17 14:54 - 2016-08-17 14:54 - 00000000 ____D C:\Windows\LastGood
2016-08-17 14:54 - 2016-08-17 14:54 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-08-17 14:47 - 2016-09-14 13:36 - 00000000 __SHD C:\Users\Tammy\IntelGraphicsProfiles
2016-08-17 14:46 - 2016-08-17 14:46 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-17 14:41 - 2016-08-17 14:41 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2016-08-17 14:41 - 2016-08-17 14:41 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-08-17 14:34 - 2016-08-17 14:40 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-08-17 14:31 - 2016-08-17 14:31 - 00000000 ____D C:\ProgramData\IntelDLM
2016-08-17 14:20 - 2016-08-17 14:20 - 00000000 ____D C:\Users\Tammy\AppData\Local\Intel
2016-08-17 14:19 - 2016-08-17 14:22 - 00003038 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-08-17 14:19 - 2016-08-17 14:19 - 00001184 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2016-08-17 14:19 - 2016-08-17 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-08-17 14:19 - 2016-08-17 14:19 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-08-17 14:19 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-08-17 14:18 - 2016-08-17 14:18 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-08-15 13:33 - 2016-08-15 13:33 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-15 13:33 - 2016-08-15 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-15 13:32 - 2016-08-15 13:33 - 00000000 ____D C:\Program Files\iTunes
2016-08-15 13:32 - 2016-08-15 13:32 - 00000000 ____D C:\Program Files\iPod
2016-08-15 13:32 - 2016-08-15 13:32 - 00000000 ____D C:\Program Files (x86)\iTunes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-14 15:23 - 2015-08-11 17:06 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Skype
2016-09-14 15:17 - 2015-12-20 01:19 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-09-14 14:59 - 2015-06-10 18:49 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001UA.job
2016-09-14 14:54 - 2014-12-13 11:00 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-14 13:43 - 2016-02-28 13:24 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Spotify
2016-09-14 13:41 - 2014-12-13 12:56 - 00000000 ___RD C:\Users\Tammy\Dropbox
2016-09-14 13:40 - 2016-02-28 13:25 - 00000000 ____D C:\Users\Tammy\AppData\Local\Spotify
2016-09-14 13:40 - 2014-12-13 12:51 - 00000000 ____D C:\Users\Tammy\OneDrive
2016-09-14 13:37 - 2016-05-06 16:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-14 13:37 - 2015-02-01 04:29 - 00000000 ____D C:\Users\Tammy\AppData\Local\Adobe
2016-09-14 13:37 - 2014-12-13 11:00 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-14 02:08 - 2014-12-13 11:00 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3264904998-1414079771-3962865522-1001
2016-09-14 01:36 - 2015-07-26 00:22 - 00000000 ____D C:\Users\Tammy\Documents\College
2016-09-14 01:28 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-14 01:28 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-13 19:59 - 2015-06-10 18:49 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001Core.job
2016-09-13 11:55 - 2014-12-13 11:01 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-13 11:55 - 2014-12-13 11:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-12 23:59 - 2016-06-18 22:13 - 00000000 ____D C:\Users\Tammy\Downloads\Files
2016-09-12 23:37 - 2015-07-27 17:36 - 00000000 ____D C:\ProgramData\Garmin
2016-09-12 23:37 - 2015-07-27 17:36 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-09-10 01:53 - 2015-06-08 00:21 - 00020244 _____ C:\Users\Tammy\Desktop\Reading List.xlsx
2016-09-08 01:04 - 2014-12-13 12:50 - 00000000 ____D C:\Users\Tammy\AppData\Local\Packages
2016-09-07 00:18 - 2015-06-08 00:09 - 00000000 ____D C:\Users\Tammy\Downloads\Books
2016-09-06 23:54 - 2015-07-12 23:21 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\vlc
2016-09-06 23:52 - 2015-02-14 22:04 - 03557888 ___SH C:\Users\Tammy\Downloads\Thumbs.db
2016-09-06 13:27 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2016-09-04 21:01 - 2014-10-09 20:17 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-09-04 20:51 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-04 20:51 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-09-04 09:35 - 2015-03-24 23:27 - 00001456 _____ C:\Users\Tammy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-02 14:28 - 2014-12-13 12:54 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\Dropbox
2016-08-30 19:27 - 2015-03-04 04:50 - 04553216 ___SH C:\Users\Tammy\Desktop\Thumbs.db
2016-08-28 21:17 - 2015-12-27 01:10 - 00000000 ____D C:\Users\Tammy\.oracle_jre_usage
2016-08-28 20:58 - 2015-12-27 01:07 - 00000000 ____D C:\Program Files\Java
2016-08-28 17:38 - 2015-12-27 01:09 - 00000000 ____D C:\ProgramData\Oracle
2016-08-28 13:11 - 2015-12-20 01:34 - 00000000 ____D C:\ProgramData\BDLogging
2016-08-26 23:20 - 2015-01-29 19:23 - 00003186 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3264904998-1414079771-3962865522-1001
2016-08-25 15:14 - 2014-12-13 12:50 - 00000000 ____D C:\Users\Tammy
2016-08-25 15:14 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-25 13:18 - 2015-05-29 22:07 - 00040448 ___SH C:\Users\Tammy\Documents\Thumbs.db
2016-08-25 13:08 - 2015-03-01 01:31 - 00507436 _____ C:\Windows\system32\perfh011.dat
2016-08-25 13:08 - 2015-03-01 01:31 - 00136200 _____ C:\Windows\system32\perfc011.dat
2016-08-25 13:08 - 2015-03-01 01:16 - 00810032 _____ C:\Windows\system32\perfh00A.dat
2016-08-25 13:08 - 2015-03-01 01:16 - 00166882 _____ C:\Windows\system32\perfc00A.dat
2016-08-25 13:08 - 2014-03-18 02:53 - 02467762 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 12:44 - 2014-12-13 13:39 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\DAEMON Tools Pro
2016-08-25 12:16 - 2014-12-13 11:00 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA7D737F-6B0F-4B35-91FF-701D9C25995C}
2016-08-23 22:52 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2016-08-23 09:52 - 2016-04-24 02:04 - 00002343 _____ C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-08-23 00:30 - 2015-11-10 01:35 - 00000000 ____D C:\Users\Tammy\AppData\Roaming\RenPy
2016-08-22 11:56 - 2015-12-20 01:33 - 01603264 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-08-22 11:56 - 2015-12-20 01:33 - 00850464 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-08-21 00:34 - 2016-06-19 02:08 - 00000000 ____D C:\Users\Tammy\AppData\LocalLow\uTorrent
2016-08-17 14:57 - 2014-12-22 17:59 - 00000000 ____D C:\ProgramData\softthinks
2016-08-17 14:54 - 2014-10-09 20:10 - 00000000 ____D C:\ProgramData\Intel
2016-08-17 14:54 - 2014-10-09 20:10 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-17 14:53 - 2014-10-09 20:10 - 00000000 ____D C:\Program Files\Intel
2016-08-17 14:47 - 2014-10-09 20:17 - 00016240 _____ C:\Windows\system32\results.xml
2016-08-17 14:47 - 2014-10-09 20:10 - 00000000 ____D C:\Intel
2016-08-17 14:41 - 2014-10-09 20:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-17 13:55 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-17 13:54 - 2015-01-29 19:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-15 13:32 - 2015-03-31 22:25 - 00000000 ____D C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2015-03-24 23:27 - 2016-09-04 09:35 - 0001456 _____ () C:\Users\Tammy\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-12 19:52 - 2015-10-12 19:52 - 0007605 _____ () C:\Users\Tammy\AppData\Local\Resmon.ResmonCfg
2016-08-28 13:13 - 2016-08-28 13:13 - 0026214 _____ () C:\ProgramData\1472415175.bdinstall.bin
2014-10-09 20:01 - 2014-10-09 20:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-10 02:07
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by Tammy (14-09-2016 15:31:06)
Running from C:\Users\Tammy\Downloads
Windows 8.1 (Update) (X64) (2014-12-13 19:50:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3264904998-1414079771-3962865522-500 - Administrator - Disabled)
Guest (S-1-5-21-3264904998-1414079771-3962865522-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3264904998-1414079771-3962865522-1003 - Limited - Enabled)
Tammy (S-1-5-21-3264904998-1414079771-3962865522-1001 - Administrator - Enabled) => C:\Users\Tammy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{C87ADBDA-EF36-4A53-B05C-DBCD98D3A2CA}) (Version: 1.4.2000.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.113 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{12415e07-c869-4438-9d99-b55261706671}) (Version: 19.1.0 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LINE (HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\LINE) (Version: 4.9.0.1147 - LINE Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapleStory (HKLM\...\Steam App 216150) (Version:  - Nexon)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
teenSMARTv4 (HKLM-x32\...\teenSMARTv4 4.1.00.11) (Version: 4.1.00.11 - ADEPT Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.20.60.1020 - Electronic Arts Inc.)
Topaz Clean 3 (64-bit) (HKLM\...\{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}) (Version: 3.0.1 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}) (Version: 3.0.1 - Topaz Labs)
True Color (HKLM-x32\...\{f8476c72-fe9e-4c04-a537-40a60257e57d}) (Version: 2.0.0.1 - Entertainment Experience)
True Color (Version: 2.0.0.1 - Entertainment Experience LLC) Hidden
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3264904998-1414079771-3962865522-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0ED3DB9D-0DC6-4FC6-89FB-31B8DA36B47C} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {11A98839-199E-469F-A83D-B5B6C9699476} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1D3C8573-2CFC-4FF2-AE6E-44B4726DE6E9} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {2716AF99-3FC3-4058-AE49-CA678BAB3F30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {2D39982F-CCDC-4CEF-A221-AFA51B939F0D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {323EA94C-764C-4372-AF6C-32574F656D9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3699666F-C9EA-4B67-8B8B-7ACAAC881676} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {486AC718-8611-4264-97C0-D9A77355C2F2} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
Task: {5729C6AA-2E2F-4C33-8397-CCFFD2E5CFF2} - System32\Tasks\{2F34F084-B679-487B-8CCE-27335EA1B5DE} => Chrome.exe hxxp://ui.skype.com/ui/0/7.7.0.103/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {5AF702CD-350B-4A4A-95C8-958C9CB711AA} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {6B1C9202-61D9-4819-AFBA-B81DF7A7E494} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {6DF6C1D5-5D28-495A-8126-7A753F61D00C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {6F71B2C6-4F7C-4EA3-A8C9-41A8396931A0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {73C28494-48C3-4117-B22A-5F39BC24F811} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {76864DEB-8DAD-4843-BBA9-B55717E3E19C} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {891F8E32-EE19-4A91-83B5-CFF98987686F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-16] (Synaptics Incorporated)
Task: {AF31FEA7-9C58-4583-B9BC-4625C049BFD2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001UA => C:\Users\Tammy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {B166898C-560A-416F-9913-8297CB050EC1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001Core => C:\Users\Tammy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {BBF56D8D-62D9-4BB2-9176-7493EBD658E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C42513A3-B613-4983-A8AA-C3B8313619B7} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3264904998-1414079771-3962865522-1001 => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-23] (Microsoft Corporation)
Task: {DB91D421-4BA1-42B9-9B0F-4417EAC5F88F} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {DDC817E8-99D4-40A7-AE62-2CA3DDF4D2DB} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {E36A4B19-38CB-4204-834B-508794A22ADF} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {FAFB87E6-CA9C-4938-94FF-71CFEBD1E148} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001Core.job => C:\Users\Tammy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3264904998-1414079771-3962865522-1001UA.job => C:\Users\Tammy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ojcflmmmcfpacggndoaaflkmcoblhnbh\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\School - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\College - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Sally - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-20 01:33 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-09 21:29 - 2016-05-09 21:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_008\ashttpbr.mdl
2016-05-09 21:29 - 2016-05-09 21:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_008\ashttpdsp.mdl
2016-05-09 21:29 - 2016-05-09 21:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_008\ashttpph.mdl
2016-05-09 21:29 - 2016-05-09 21:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_008\ashttprbl.mdl
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-29 19:09 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-06-08 18:04 - 2016-06-08 18:04 - 00256152 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\analyzer.dll
2014-04-30 06:20 - 2014-04-30 06:20 - 00089072 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2013-08-22 11:40 - 2013-08-22 11:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 11:40 - 2013-08-22 11:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 11:40 - 2013-08-22 11:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2013-12-24 13:02 - 2013-12-24 13:02 - 00466944 _____ () C:\Windows\system32\DPPPlugin.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-07-26 10:56 - 2016-05-24 09:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-09 20:19 - 2014-03-12 12:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-10-09 20:19 - 2014-03-12 12:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-10-01 05:32 - 2016-05-12 22:12 - 00382072 _____ () C:\Windows\system32\igfxTray.exe
2015-03-07 23:54 - 2014-08-19 12:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-04-30 06:20 - 2014-04-30 06:20 - 00016368 _____ () C:\Program Files\TrueColor\DriverConsoleApp.exe
2016-01-20 09:09 - 2015-09-04 10:46 - 00015872 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mun.exe
2014-12-19 16:57 - 2014-12-19 16:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-10-09 20:10 - 2013-12-18 10:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-28 13:25 - 2016-09-06 21:55 - 51272304 _____ () C:\Users\Tammy\AppData\Roaming\Spotify\libcef.dll
2016-05-06 16:02 - 2016-08-08 16:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-05-06 16:02 - 2015-07-01 15:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-05-06 16:02 - 2016-08-23 12:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-05-06 16:02 - 2015-07-01 15:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-05-06 16:02 - 2015-07-01 15:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-05-06 16:02 - 2016-01-27 00:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-05-06 16:02 - 2016-01-27 00:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-05-06 16:02 - 2016-01-27 00:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-05-06 16:02 - 2016-01-27 00:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-05-06 16:02 - 2016-01-27 00:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-05-06 16:02 - 2016-08-23 12:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-06 16:02 - 2016-07-04 15:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-09-08 00:14 - 2016-09-08 00:14 - 04041680 _____ () C:\Users\Tammy\AppData\Local\LINE\bin\4.9.0.1147\ampkit_windows.dll
2016-09-08 00:14 - 2016-09-08 00:14 - 00123344 _____ () C:\Users\Tammy\AppData\Local\LINE\bin\4.9.0.1147\PlayerHelper.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2016-09-02 14:28 - 2016-08-05 20:21 - 00035792 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-09-02 14:28 - 2016-08-05 20:21 - 00145864 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-09-02 14:28 - 2016-08-05 20:22 - 00019408 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-09-02 14:28 - 2016-08-05 20:21 - 00116688 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-09-02 14:28 - 2016-08-05 20:21 - 00100296 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-09-02 14:28 - 2016-08-05 20:21 - 00018888 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\select.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00019760 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-09-02 14:28 - 2016-08-05 20:21 - 00694224 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00020816 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-09-02 14:28 - 2016-08-05 20:22 - 00123856 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 01682760 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00020808 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00105928 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00021312 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00052024 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00038696 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-09-02 14:28 - 2016-08-05 20:19 - 00392144 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-09-02 14:28 - 2016-08-05 20:24 - 00020936 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00024528 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00116176 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00381752 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00124880 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00025424 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00024016 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00175560 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00030160 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00043472 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00048592 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00057808 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00024016 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00246592 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00026456 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-02 14:28 - 2016-08-05 20:25 - 00028616 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-09-02 14:28 - 2016-08-05 20:21 - 00144848 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-09-02 14:28 - 2016-08-05 20:22 - 00241104 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00020800 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00019776 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00020800 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00020280 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00023376 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-09-02 14:28 - 2016-08-05 20:25 - 00350152 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00022352 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00024392 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-09-02 14:28 - 2016-08-05 20:18 - 00036296 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\librsync.dll
2016-09-02 14:28 - 2016-08-30 14:38 - 00084280 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-09-02 14:28 - 2016-08-30 14:38 - 01826096 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-09-02 14:28 - 2016-08-05 20:22 - 00083912 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\sip.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 03928880 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 01972528 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00531248 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00133424 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00224056 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00207672 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00020288 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-09-02 14:28 - 2016-08-05 20:24 - 00060880 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00024904 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00546096 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00357680 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00042808 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-09-02 14:28 - 2016-08-30 14:38 - 00168760 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-22 17:42 - 2016-02-22 17:42 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2016-02-28 13:25 - 2016-09-06 21:55 - 01765488 _____ () C:\Users\Tammy\AppData\Roaming\Spotify\libglesv2.dll
2016-02-28 13:25 - 2016-09-06 21:55 - 00088176 _____ () C:\Users\Tammy\AppData\Roaming\Spotify\libegl.dll
2016-05-06 16:02 - 2016-08-04 13:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2016-09-13 11:55 - 2016-09-12 14:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.113\libglesv2.dll
2016-09-13 11:55 - 2016-09-12 14:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.113\libegl.dll
2016-02-22 17:43 - 2016-02-22 17:43 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Tammy\Desktop\zoek.exe:BDU [0]
AlternateDataStreams: C:\Users\Tammy\Downloads\JRT.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50259954.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50259954.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-09-14 14:35 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3264904998-1414079771-3962865522-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A5CF5862-C032-46DF-B829-32621C5F77BF}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{C49C34CD-6C8D-4F16-AD82-E8E1C478CF16}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{901EA935-887C-4666-AE7A-F6C3F9C95091}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{83A85D12-D4EA-41F6-A5C5-8DDDEA6EF145}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{12BF5709-8D04-416D-82E4-9A06FDD9657B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{77726D62-DB04-477C-BAD4-48524413B92E}] => (Allow) C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{88DEFA8D-AB18-4D2A-8055-A8194327A268}] => (Allow) C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5F2C2E54-5280-4D31-88F6-BBFDF1927A80}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{47F75F2F-C7D0-487D-A365-C82AE904D956}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{46813C57-BB4A-476E-8E9A-E0B484C2BFD5}] => (Allow) C:\Users\Tammy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{350AA769-CD1E-4180-9D37-E8C93E4AE66B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9F1388D2-BD58-4F5A-85EC-0DF944AE5413}] => (Allow) LPort=2869
FirewallRules: [{0FC3C977-B317-4E98-87E5-491780884189}] => (Allow) LPort=1900
FirewallRules: [{EAAFB643-B5D9-4308-9558-8BF799F060FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F01270D-3EAD-41D9-9145-B9F5A073076C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28EB693D-6155-47A9-A5FA-894C9B64CAAC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38E68D09-44D5-4878-A4F8-6B5311108CBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{547E7692-6584-4000-A272-80DE9E235C5D}C:\users\tammy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tammy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3B487D40-78B3-4D83-870A-8D422A026799}C:\users\tammy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tammy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CE01D779-3780-4F0A-8D82-BC148335AE80}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe
FirewallRules: [{B0B1524C-11F9-46FC-823D-A50060E6B56D}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe
FirewallRules: [TCP Query User{BB9FB946-B938-4EFE-88AA-F68376F94F3A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{59132D6C-19D0-4978-9BFC-DED3612640A2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2975DD4E-3DDD-43F0-A719-C33B0D7AF075}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E5A98EB5-2763-4029-BE1B-5E240E964C6C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3916F186-9D57-4760-B955-587277EFEFF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E7FFED1F-3F3B-4847-8C57-5BD062BC7E71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D021CB80-2868-42B6-846E-45FC36FFA57D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C69D878A-0DB2-403D-8968-58DB8F65DF4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1DCEC64E-7091-4C4F-9F78-8DCE9014F26A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4598C0B4-03FE-44B3-BD48-586E57AFE031}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E1D47C4-5101-4936-9E18-5C653B95CEB1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E1E3C639-E717-42FF-A04E-44DBE17A0032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{CD6076FD-F27D-40AB-803E-E75C788C25E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{A489D2E6-D124-4A9C-9A82-1A4A7AD19E74}] => (Allow) C:\Users\Tammy\AppData\Local\LINE\bin\4.7.0.1027\LINE.exe
FirewallRules: [{3AAF8228-42C9-4EBF-9D4D-95A1596424FF}] => (Allow) C:\Users\Tammy\AppData\Local\LINE\bin\4.7.0.1027\LINE.exe
FirewallRules: [{0BB4E918-5882-4902-ADF2-F9F473EA8F75}] => (Allow) C:\Users\Tammy\AppData\Local\LINE\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{178ECC10-C3D4-4C61-A96D-F9A4F28DD2CC}] => (Allow) C:\Users\Tammy\AppData\Local\LINE\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{F2303017-53B3-4E53-A4E2-04A464484766}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2D8EF0CD-DE95-446C-9ADD-C896A7C842C5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C4FB1A95-DDBB-4104-90B9-800CA630A82F}] => (Allow) C:\Users\Tammy\Downloads\Programs\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{DABA731F-7675-4889-A24E-447E94BFB504}] => (Allow) C:\Users\Tammy\Downloads\Programs\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{DE70839E-E803-4BBD-A037-E6E6E547117C}] => (Allow) C:\Users\Tammy\Downloads\Programs\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{3A9229D6-DDDD-4D48-802E-73C46814E600}] => (Allow) C:\Users\Tammy\Downloads\Programs\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{A0120C69-15E7-43EF-92E0-A368FFBC54DA}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{61CA877B-06B8-48E7-B38C-9F080486F823}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{82F9A462-907D-4F3F-B96B-48E988641553}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{E117E3E6-2665-4DB8-865D-3F5A9FFDB9B0}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{7EDE542D-E908-4BF2-84E2-6D0FB523778F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-09-2016 20:36:51 zoek.exe restore point
12-09-2016 12:14:25 Garmin Express
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2016 03:29:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 12.9.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a90
 
Start Time: 01d20ed759e912cf
 
Termination Time: 4294967295
 
Application Path: C:\Users\Tammy\Downloads\FRST64.exe
 
Report Id: a64a30a6-7aca-11e6-82a6-34de1a27eeac
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/14/2016 02:17:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17406
 
Error: (09/14/2016 02:17:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17406
 
Error: (09/14/2016 02:17:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2016 02:17:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3094
 
Error: (09/14/2016 02:17:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3094
 
Error: (09/14/2016 02:17:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2016 02:17:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2062
 
Error: (09/14/2016 02:17:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2062
 
Error: (09/14/2016 02:17:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/14/2016 01:45:17 PM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {14286318-B6CF-49A1-81FC-D74AD94902F9} did not register with DCOM within the required timeout.
 
Error: (09/14/2016 03:11:16 AM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (09/13/2016 04:19:52 PM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {14286318-B6CF-49A1-81FC-D74AD94902F9} did not register with DCOM within the required timeout.
 
Error: (09/13/2016 04:17:35 PM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (09/13/2016 11:45:56 AM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (09/13/2016 11:31:58 AM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (09/12/2016 11:37:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Garmin Device Interaction Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/12/2016 12:16:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Garmin Device Interaction Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/10/2016 12:11:07 PM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {14286318-B6CF-49A1-81FC-D74AD94902F9} did not register with DCOM within the required timeout.
 
Error: (09/10/2016 02:34:22 AM) (Source: DCOM) (EventID: 10010) (User: PERSONAL-PC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 8072.96 MB
Available physical RAM: 4496.93 MB
Total Virtual: 9352.96 MB
Available Virtual: 4243.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.64 GB) (Free:725.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 815EC631)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 15 September 2016 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mun.exe [2015-09-04] ()
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-04]
CHR Extension: (Unblock Youku) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-04]
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
ShortcutWithArgument: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ojcflmmmcfpacggndoaaflkmcoblhnbh\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
AlternateDataStreams: C:\Users\Tammy\Desktop\zoek.exe:BDU [0]
AlternateDataStreams: C:\Users\Tammy\Downloads\JRT.exe:BDU [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

There could be some remnant items.
====


Please scan your computer with ESET Online Scanner.
  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

Is the problem persisting?

#12 allenwalker

allenwalker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 15 September 2016 - 06:48 PM

Hello! I think it's been fixed. I ran the FRST program with fix and then restarted. The ads didn't pop-up. But I also ran ESET as you suggested. However, during the scan it glitched... or something. It just stopped working and then when I clicked on it, Windows had alerted me that it was no longer working and shut it down. There were 3 infected items but I could not get the list of threats from it. I ran the scan for a second time and no threats appeared but there were some items in quarantine. After that, I restarted my computer and the ads didn't show up. I wanted to check if it was really gone so I restarted another time and nothing. So, I guess they're gone? 

 

Here is the fixlog.txt. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-09-2016
Ran by Tammy (15-09-2016 11:52:48) Run:2
Running from C:\Users\Tammy\Downloads
Loaded Profiles: Tammy (Available Profiles: Tammy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mun.exe [2015-09-04] ()
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-04]
CHR Extension: (Unblock Youku) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-04]
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
ShortcutWithArgument: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ojcflmmmcfpacggndoaaflkmcoblhnbh\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
AlternateDataStreams: C:\Users\Tammy\Desktop\zoek.exe:BDU [0]
AlternateDataStreams: C:\Users\Tammy\Downloads\JRT.exe:BDU [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mun.exe => moved successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk => moved successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Unable to stop service.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
"C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk" => not found.
"C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ojcflmmmcfpacggndoaaflkmcoblhnbh\Wunderlist for Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wunderlist for Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Tammy\Desktop\zoek.exe => ":BDU" ADS removed successfully.
C:\Users\Tammy\Downloads\JRT.exe => ":BDU" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47345757 B
Java, Flash, Steam htmlcache => 27367879 B
Windows/system/drivers => 53262657 B
Edge => 0 B
Chrome => 1545277168 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3290 B
NetworkService => 0 B
Tammy => 60900986 B
 
RecycleBin => 2111919 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:55:31 ====

Edited by allenwalker, 15 September 2016 - 06:49 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 16 September 2016 - 08:07 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#14 allenwalker

allenwalker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 16 September 2016 - 01:15 PM

Yes, thank you so much for helping me nasdaq! ^_^ I really appreciate your patience and the guidance you've given me. And thank you for the link too. Hope you have a good day! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users