Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Credit Card info gets stolen minutes after I make an online purchase


  • This topic is locked This topic is locked
32 replies to this topic

#1 Nicolef888

Nicolef888

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 12 February 2017 - 03:34 PM

I have some sort of virus on my laptop that has spread to my desktop or vice versa.
 
About two weeks ago, I made an online purchase and minutes after I made the purchase, someone charged three separate charges (large amounts) to iTunes. At this point I didn't realize I had a virus...the number could have been stolen anywhere. I closed my card and had a new card sent.
 
Just incase, I installed the premium version of malwarebytes on my computer and AVAST. I ran both and found a number of infections. I removed all the infections. I received my new card and tonight I made another purchase on my other computer to see if the issue was fixed. Minutes after I made the purchase, my credit card was again charged three separate charged to ITunes. I have called my credit card company and canceled the card.
 
I ran the ESET Online Scanner
This is what the scan found
 
C:\Users\Nicole\Downloads\setup (1).exe.54x01ww.partial a variant of MSIL/Adware.PullUpdate.J.gen application
 
I ran Security Check
Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avast Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpyHunter 4    
 Java 8 Update 121  
 Java 8 Update 91  
 Java version 32-bit out of Date!
 Adobe Flash Player 24.0.0.194  
 Mozilla Firefox (47.0.2) 
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Oracle Java javapath AvastSvc.exe -?- 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 


I downloaded the Farber Recovery Scan Tool and got two logs. I will post them below
 
FRST,txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Nicole (administrator) on NICOLE (12-02-2017 15:27:30)
Running from C:\Users\Nicole\Downloads
Loaded Profiles: UpdatusUser & Nicole (Available Profiles: UpdatusUser & Nicole)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-4140931100-2863433544-1839387480-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [Amazon Music] => C:\Users\Nicole\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\CmdShell.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HPNotify.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\ProtectService.exe: [Debugger] tasklist.exe
IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\SP.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SupHPNot.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\UpdateTask.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{58bbe962-72f8-450a-a2b4-7ff1ee074242}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {E52C28E7-20CB-49EC-A7C7-15BB32AF0461} URL = 
SearchScopes: HKU\.DEFAULT -> {E52C28E7-20CB-49EC-A7C7-15BB32AF0461} URL = 
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> {CC0A2877-4107-4790-88FC-83FBB0AEE930} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> {E52C28E7-20CB-49EC-A7C7-15BB32AF0461} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-31] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-08] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {d94f51b0-ba26-454b-bf8d-7c495c5e3db6} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-08] (Oracle Corporation)
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 [2017-02-11]
FF NewTab: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF Homepage: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> hxxps://search.yahoo.com/yhs/search
FF Extension: (Firefox Hotfix) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-11]
FF Extension: (iCloud Bookmarks) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\firefoxdav@icloud.com [2017-01-03]
FF Extension: (New Tab by Yahoo) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [not signed]
FF Extension: (Avast Passwords) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2017-02-08]
FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\searchplugins\yahoo-avast.xml [2017-02-08]
FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\searchplugins\yahoo-ysp.xml [2015-10-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-05-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4140931100-2863433544-1839387480-1002: @nsroblox.roblox.com/launcher -> C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4140931100-2863433544-1839387480-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4140931100-2863433544-1839387480-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.910.15) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U91) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll => No File
CHR Profile: C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
CHR Extension: (Yahoo Partner) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-12-11]
CHR Extension: (Google Drive) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-08]
CHR Extension: (Avast Passwords) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-13]
CHR Extension: (Skype) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Yahoo Partner) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S3 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-02-01] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-02-01] (Electronic Arts)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-12] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_39d8ca1ac617325e\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-12 15:27 - 2017-02-12 15:28 - 00033610 _____ C:\Users\Nicole\Downloads\FRST.txt
2017-02-12 15:26 - 2017-02-12 15:27 - 00000000 ____D C:\FRST
2017-02-12 15:25 - 2017-02-12 15:26 - 02421248 _____ (Farbar) C:\Users\Nicole\Downloads\FRST64.exe
2017-02-12 10:31 - 2017-02-12 15:13 - 00000000 ____D C:\Users\Nicole\New folder
2017-02-12 10:30 - 2017-02-12 10:30 - 00000000 ____D C:\Users\Nicole\Desktop Backup
2017-02-12 10:15 - 2017-02-12 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-02-12 10:15 - 2017-02-12 10:15 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-02-12 10:12 - 2017-02-12 10:13 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Nicole\Downloads\cbSetup.exe
2017-02-11 22:16 - 2017-02-12 14:16 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-11 22:15 - 2017-02-11 22:15 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-11 22:15 - 2017-02-11 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-11 22:12 - 2017-02-11 22:12 - 55566792 _____ (Malwarebytes ) C:\Users\Nicole\Downloads\mb3-setup-cb.NT-3.0.6.1469 (1).exe
2017-02-11 22:08 - 2017-02-11 22:08 - 00000000 ___HD C:\OneDriveTemp
2017-02-11 22:07 - 2017-02-11 22:07 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-11 21:50 - 2017-02-11 21:50 - 00852798 _____ C:\Users\Nicole\Downloads\SecurityCheck.exe
2017-02-11 08:29 - 2017-02-11 08:29 - 02659840 _____ C:\Users\Nicole\Downloads\SH-Alt-Install.exe
2017-02-11 08:20 - 2017-02-11 08:20 - 03516080 _____ C:\Users\Nicole\Downloads\SpyHunter-Installer (1).exe
2017-02-11 08:02 - 2017-02-11 16:30 - 00000342 _____ C:\Users\Nicole\Desktop\ESETScan.txt
2017-02-11 01:25 - 2017-02-11 01:25 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Nicole\Downloads\esetonlinescanner_enu.exe
2017-02-11 01:25 - 2017-02-11 01:25 - 00000000 ____D C:\Users\Nicole\AppData\Local\ESET
2017-02-09 07:38 - 2017-02-09 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 07:37 - 2016-12-29 07:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 07:35 - 2017-01-04 15:32 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-09 07:35 - 2017-01-04 15:32 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-09 07:35 - 2016-12-29 08:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 07:33 - 2017-02-09 07:34 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 10:26 - 2017-02-08 10:26 - 00001916 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-02-08 10:26 - 2017-02-08 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-02-08 10:26 - 2017-02-08 10:26 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-02-08 10:24 - 2017-02-08 10:24 - 00000000 ____D C:\Users\Nicole\AppData\Local\AVAST Software
2017-02-08 06:51 - 2017-02-08 06:51 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1486554695
2017-02-08 06:51 - 2017-02-08 06:51 - 00001090 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-08 06:51 - 2017-02-08 06:51 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-08 06:50 - 2017-02-08 06:50 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-08 06:49 - 2017-02-08 06:49 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\AVAST Software
2017-02-08 06:48 - 2017-02-10 06:48 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-08 06:48 - 2017-02-08 06:48 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-08 06:48 - 2017-02-08 06:48 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-08 06:48 - 2017-02-08 06:48 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-08 06:48 - 2017-02-08 06:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-08 06:48 - 2017-02-08 06:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-08 06:48 - 2017-02-08 06:47 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-08 06:47 - 2017-02-08 06:47 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-08 06:45 - 2017-02-08 08:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-08 06:45 - 2017-02-08 06:50 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-06 20:54 - 2017-02-06 20:54 - 55566792 _____ (Malwarebytes ) C:\Users\Nicole\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe
2017-02-06 20:30 - 2017-02-06 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-06 20:30 - 2017-02-06 20:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-06 20:30 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-06 20:29 - 2017-02-06 20:29 - 55566792 _____ (Malwarebytes ) C:\Users\Nicole\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-05 15:56 - 2017-02-05 15:56 - 00063384 _____ C:\Users\Nicole\Downloads\Untitleddocument (1).pdf
2017-02-01 13:42 - 2017-02-01 13:42 - 00032412 _____ C:\Users\Nicole\Downloads\Invoice 4444 Safran%2c J.pdf
2017-02-01 13:42 - 2017-02-01 13:42 - 00032403 _____ C:\Users\Nicole\Downloads\Invoice 4443 Safran%2c J.pdf
2017-01-29 14:02 - 2017-02-10 22:59 - 00014361 ____N C:\Users\Nicole\Documents\Bar Mitzvah Addresses.xlsx
2017-01-29 13:25 - 2017-01-29 13:25 - 00510734 _____ C:\Users\Nicole\Downloads\DJ list.pdf
2017-01-29 13:21 - 2017-01-29 13:21 - 00422594 _____ C:\Users\Nicole\Downloads\SafranBarMitzvah.pdf
2017-01-28 16:52 - 2017-01-28 16:52 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-28 16:52 - 2017-01-28 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-28 16:52 - 2017-01-28 16:52 - 00000000 ____D C:\Program Files\iTunes
2017-01-28 16:52 - 2017-01-28 16:52 - 00000000 ____D C:\Program Files\iPod
2017-01-28 16:49 - 2017-01-28 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-25 02:53 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 02:53 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-18 22:46 - 2017-01-18 22:46 - 00133956 _____ C:\Users\Nicole\Downloads\Inv_112264_from_Aqwa_Services_11244.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-12 15:22 - 2016-09-21 11:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-12 10:31 - 2016-09-21 11:22 - 00000000 ____D C:\Users\Nicole
2017-02-11 22:12 - 2015-09-25 08:26 - 01189212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-11 22:08 - 2016-03-24 18:21 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Skype
2017-02-11 22:08 - 2014-05-24 15:20 - 00000000 __RDO C:\Users\Nicole\SkyDrive
2017-02-11 22:07 - 2014-12-14 22:40 - 00000000 ___RD C:\Users\Nicole\iCloudDrive
2017-02-11 22:06 - 2016-09-21 11:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 22:06 - 2016-09-21 11:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-11 22:05 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-11 21:47 - 2015-01-02 13:33 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\HpUpdate
2017-02-11 16:43 - 2014-06-03 10:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\CrashDumps
2017-02-11 14:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 23:14 - 2015-08-17 11:17 - 00000000 ____D C:\Users\Nicole\AppData\Local\ElevatedDiagnostics
2017-02-10 12:05 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 17:51 - 2016-09-21 11:48 - 00003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432428255
2017-02-09 17:51 - 2015-05-23 19:43 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-09 07:38 - 2016-09-21 11:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 07:38 - 2016-09-21 11:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 07:38 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-09 07:38 - 2014-04-03 08:23 - 00000000 ____D C:\Temp
2017-02-09 07:35 - 2016-09-21 11:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 10:34 - 2016-02-13 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-08 10:24 - 2015-05-23 22:12 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-08 10:24 - 2015-05-23 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 10:24 - 2014-06-28 08:36 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-08 10:23 - 2015-05-23 22:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-08 10:23 - 2014-06-28 08:36 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-08 06:57 - 2016-03-24 18:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-08 06:57 - 2016-03-24 18:21 - 00000000 ____D C:\ProgramData\Skype
2017-02-08 06:45 - 2014-05-25 09:27 - 00000000 ____D C:\Users\Nicole\Documents\Pswds
2017-02-07 07:10 - 2016-12-06 11:17 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-07 07:10 - 2015-09-25 09:39 - 00002410 _____ C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-06 21:25 - 2015-09-26 08:54 - 00000000 ____D C:\ProgramData\TerasGames
2017-02-06 17:33 - 2015-08-09 12:25 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:33 - 2015-08-09 12:25 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 16:16 - 2016-05-16 15:16 - 00000000 ____D C:\Users\Nicole\AppData\Local\ComponentW
2017-02-01 17:50 - 2014-09-13 14:04 - 00000000 ____D C:\ProgramData\Origin
2017-02-01 17:49 - 2014-09-13 14:04 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-31 22:10 - 2014-05-25 12:03 - 00000000 ____D C:\Users\Nicole\Documents\Jon
2017-01-28 16:52 - 2014-05-25 09:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-25 13:55 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 13:18 - 2014-05-24 15:17 - 00000000 ____D C:\Users\Nicole\AppData\Local\Packages
2017-01-20 07:00 - 2015-12-04 08:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 16:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-13 14:56 - 2014-09-13 14:05 - 00000000 ____D C:\Users\Nicole\AppData\Local\Origin
 
==================== Files in the root of some directories =======
 
2015-01-02 13:33 - 2015-01-02 13:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-21 11:17 - 2016-09-21 11:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-03 08:17 - 2014-04-03 08:18 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-03 08:14 - 2014-04-03 08:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-03 08:15 - 2014-04-03 08:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-03 08:16 - 2014-04-03 08:17 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-03 08:14 - 2014-04-03 08:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
2016-12-23 00:22 - 2016-12-01 09:31 - 0050720 _____ (HP Inc.) C:\Users\Nicole\AppData\Local\Temp\ACLMInstaller.exe
2017-01-05 10:33 - 2017-01-05 10:34 - 107929672 _____ () C:\Users\Nicole\AppData\Local\Temp\HPInstaller.exe
2016-10-20 10:37 - 2016-10-20 10:37 - 0737856 _____ (Oracle Corporation) C:\Users\Nicole\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 11:37 - 2017-01-19 11:37 - 0739904 _____ (Oracle Corporation) C:\Users\Nicole\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-05 10:58 - 2017-01-05 10:58 - 5940584 _____ (Igor Pavlov) C:\Users\Nicole\AppData\Local\Temp\Package_en_ww.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-09 14:40
 
==================== End of FRST.txt ============================
 
Mod Edit:  Removed dupe content - Hamluis.

Apologies! It looks like I posted FRST,txt twice
 
Here is the second scan
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Nicole (12-02-2017 15:28:56)
Running from C:\Users\Nicole\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-21 16:55:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4140931100-2863433544-1839387480-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4140931100-2863433544-1839387480-503 - Limited - Disabled)
Guest (S-1-5-21-4140931100-2863433544-1839387480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4140931100-2863433544-1839387480-1004 - Limited - Enabled)
Nicole (S-1-5-21-4140931100-2863433544-1839387480-1002 - Administrator - Enabled) => C:\Users\Nicole
UpdatusUser (S-1-5-21-4140931100-2863433544-1839387480-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 7640 series Basic Device Software (HKLM\...\{28EA5D14-078A-4C03-BD78-82B29092978F}) (Version: 40.5.1092.16309 - HP Inc.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Kidspiration 3 (HKLM-x32\...\Kidspiration 3) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{9F69129E-000B-467D-BA8B-5FA08A6CDA32}) (Version: 40.5.1092.16309 - HP Inc.)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.2.0 - Electronic Arts)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
ROBLOX Player for Nicole (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.5.56688 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0506CB20-74EB-4CB7-8D85-90DA2FAFB269} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {16063ECE-84CB-45CC-B255-688EDECFA8A5} - System32\Tasks\HP AR Program Upload - 0a3d3355a23d43908a6e58cc3044bd9d03e7d8f82b514165abd8dcfb6e179568 => C:\Program Files\HP\HP ENVY 7640 series\bin\HPRewards.exe 
Task: {20402262-74FC-44D5-90A4-531ABD31C0CD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {286FA166-D35F-425D-A406-43C46DBF1EAA} - System32\Tasks\SafeZone scheduled Autoupdate 1486554695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)
Task: {2E7A3B17-F8B7-4EF4-BCF9-A1F5D03B6264} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {30A778DC-FBCF-417E-B257-F6F31F87CE6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-11] (Google Inc.)
Task: {30E901F2-B933-4531-BA00-1B1329425293} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {3AF18E6B-067B-4501-A771-640AA68EA3C7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {3CCB4D0C-901F-4DA9-B958-36F0EA792B19} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CEBAFE6-8CD0-46C2-B754-D0C19383459B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {41570EC3-1FDC-4810-AAC5-DE6C91724F20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-11] (Google Inc.)
Task: {4766E4BC-7AE2-46E8-B1FA-0914C061F74A} - System32\Tasks\HP AR Program Upload - df14b34af03045fa9d135d5956c1018c4807fa18cb4144eb9ae55ba93ed76346 => C:\Program Files\HP\HP ENVY 7640 series\bin\HPRewards.exe 
Task: {4AE1EA1E-9E71-4426-965F-2A47BAFEB495} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5120AEE3-5CB0-4A8A-8D68-97A5C6268D5D} - System32\Tasks\Opera scheduled Autoupdate 1432428255 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
Task: {590C6D80-61BF-491A-8FEA-3E1DB9311444} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nicole_safran@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {5B42593A-9177-4BD8-915A-A95EA3301B90} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {5DDBBE12-EB01-4D41-86FA-DFC319D56250} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {64E46594-EBED-472F-BB18-A971DE8E39AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67775BC9-76AC-4CCC-8E4D-D4BC6819BED9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {67DF42C4-5D12-4161-A120-BBB94B558B20} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {689AC400-EE3E-400F-B810-90C6E0CDB22E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6CBB89B7-CF6A-4E08-A512-38268E34F9E3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6F989FD8-46C5-4488-8E42-AF733B43D1BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {713EB4F9-9BAA-467B-8277-531F60A710BA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Nicole\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {73BEF626-ABE2-4563-A74A-D1239D2609F4} - \WPD\SqmUpload_S-1-5-21-4140931100-2863433544-1839387480-1002 -> No File <==== ATTENTION
Task: {7842E189-1613-4DE2-806A-77B0D3FBDC93} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {7B362572-EC52-43F6-843C-0014C05BAFC8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {84638FA2-25B8-475B-8875-EBED78831AF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {8CAE44EE-072B-4952-8B4D-6D5CFF16426D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8D3199A8-627A-4EFB-96C0-5C99AD64A96A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D6F2ED0-37BD-43D1-A213-56FDF6350D48} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {A0061CB3-4D23-41DD-842B-41BB990612E3} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {A1FA60E8-F4CC-489D-A392-C1FA402ED1D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {BD5FFDA7-BECA-4396-950D-7DB507E7156B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BE73F5E1-5248-4A0B-8EFC-9D855EB31C5F} - System32\Tasks\HP AR Program Upload - 2c037df594904af4828546f888ba8afa0d8065e493114f7382679c15b18ba6d1 => C:\Program Files\HP\HP ENVY 7640 series\bin\HPRewards.exe 
Task: {D0A3DC8F-1C36-4F67-B5D8-86AA861739CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {D1A3EB71-36F0-4D7E-852D-2AB04BE939CD} - System32\Tasks\PocketCloudUpdater => C:\Program 
Task: {D54766D7-4882-4A60-914F-2B2A68321914} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DD3642ED-9084-43DA-BF6A-156672605D49} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [2016-11-04] (HP Inc.)
Task: {E7CB3132-4996-404B-B999-B77C9C63E696} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {F1222F42-5B99-4A20-9048-4D10A8CC9547} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-08] (AVAST Software)
Task: {F490C114-7526-4493-95C1-CD25791A7008} - \gameo_update -> No File <==== ATTENTION
Task: {F74B012F-A250-4BD6-A294-FD34AA802BBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC3ADD7E-B2DF-4BCB-AA82-1B367A568FB5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FEE27FA6-00DF-48CD-B1D9-3E2EA4A3E66D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNicole.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:20 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-21 11:18 - 2016-12-29 07:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-13 20:20 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-21 15:09 - 2016-09-21 15:09 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 16:24 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-06 21:36 - 2017-02-06 21:36 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 21:36 - 2017-02-06 21:36 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 21:36 - 2017-02-06 21:36 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:36 - 2017-02-06 21:36 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-06 20:30 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-11 22:15 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-11 22:15 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-10 16:24 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 16:24 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-09 17:33 - 2017-02-01 17:49 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-12-11 16:40 - 2014-12-11 16:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-02-08 06:46 - 2017-02-08 06:46 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-08 06:47 - 2017-02-08 06:47 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-08 06:46 - 2017-02-08 06:46 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-08 06:46 - 2017-02-08 06:46 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-04-03 08:14 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-02-09 17:51 - 2017-02-06 02:41 - 39820376 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_browser.dll
2017-02-09 17:51 - 2017-02-06 02:41 - 45837912 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_child.dll
2017-02-09 17:50 - 2017-02-09 17:50 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libglesv2.dll
2017-02-09 17:50 - 2017-02-09 17:50 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libegl.dll
2014-04-03 08:05 - 2013-09-04 10:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\minecraft.net -> www.minecraft.net
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dscn2705.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\StartupApproved\Run: => "Amazon Music"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C9E2EE32-8BAD-4F6A-B69D-63E6E4271842}] => C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe
FirewallRules: [{1DBAC5DE-5FC4-4A9B-9997-4F51109E7BBC}] => C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe
FirewallRules: [{A1571D1E-B95E-4CCB-B16E-AA1C24B40B7D}] => C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe
FirewallRules: [{6C13F9EB-148E-4DD2-BB5B-E099542FFBCC}] => C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe
FirewallRules: [{6F7DE06E-51A6-4EB8-93E1-16F11E5DC77E}] => C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe
FirewallRules: [{B20F1C93-603F-42FB-B5B7-E60728812749}] => C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe
FirewallRules: [{87A0B09E-DB75-411B-B8A8-09C4B1E526F1}] => C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe
FirewallRules: [{D2EDCB2D-9C68-4647-8144-5AC80BDE773B}] => C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe
FirewallRules: [{666B712D-A636-4777-8497-FFE26F7144A4}] => C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe
FirewallRules: [{CE966D48-39D9-48BA-9FCE-FC7675398A89}] => C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe
FirewallRules: [{36B52848-E137-4C60-90DD-158EF96FDA0D}] => C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe
FirewallRules: [{F61A8397-48FA-4D2F-BCDF-FBC21BD27177}] => C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{006027B9-CF7A-43F5-AB54-6D4056FA653D}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [TCP Query User{15BCAAC7-2470-4F10-8C66-B54E4C26D1D0}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [{3EEB65D7-6D27-46EB-B94B-99BB7D96BF12}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0274BC16-CB5F-438D-B05D-AD35D88E4E91}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5715B86C-AAEE-4760-9475-58A8E7C370C7}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6833766D-A05B-40E7-B9C1-E09A9975D2F3}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{11FEC060-59B1-4D45-B436-09FE14BD1AB6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{1FAD82FD-3F96-47D8-ACE2-4E450A2E87CB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B1383F90-964A-4189-8CDD-E1519312A7D0}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{9AD165F2-8525-471E-B335-BDE134ED7B43}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DB3F3A67-6BC0-4E0F-B5C6-1D0506C89391}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0E67443F-0B7C-4082-A827-3938DCF3344A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59902E6D-C712-439D-9DCC-A3B7D3CE8B82}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA755CA2-9FEB-43A4-B2BE-18FA130D01F5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{833C999D-C5B9-4660-B453-667DBE8F5D57}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25E1D067-ADF5-499A-8FEC-2A4086D5B1A0}] => C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe
FirewallRules: [{F1565977-0E67-481C-8C52-86EABBA9057D}] => C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe
FirewallRules: [{8CBC89D8-D868-4608-98BE-C45549D28D71}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{A88E89CF-1D77-4BFB-B99E-7586D713A909}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{4CC7CA1E-20F5-4A9B-AFE9-2A9A5EBE2B12}] => C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe
FirewallRules: [{ACD01B8B-1D0A-45AC-BC7A-F224A67148E2}] => C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe
FirewallRules: [{C03FCAFF-C968-4ED2-9E5D-BAA2C6915B5D}] => C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe
FirewallRules: [{774F7471-3528-4CC1-9A71-D35D215A6B1C}] => C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe
FirewallRules: [{0D376375-1ECE-4888-A60E-445925996D84}] => C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe
FirewallRules: [{78FB0B53-6FF2-4629-B2EE-CB65F3EDB0ED}] => C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe
FirewallRules: [{A27369D1-9CBB-45FF-9A91-83CC56E5B0D4}] => C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{8218D920-27D2-4BE0-8FCA-CD866E251B36}] => C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{048BC606-0CE7-42E7-9F75-69E511EBBE4B}] => C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe
FirewallRules: [{BFC36868-E94B-44EC-B45B-B32C824F11D6}] => C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe
FirewallRules: [{11B6C4C9-29EF-4FE3-90C9-94E3925DA128}] => C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe
FirewallRules: [{C2D5B36D-4524-4B33-AB24-66DF95938424}] => C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe
FirewallRules: [{CFCA4045-B9F3-4295-8C3E-7E05D31D720A}] => C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe
FirewallRules: [{B5A22821-B3EA-4D0D-B64C-2EC2379078D9}] => C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe
FirewallRules: [{6229CFB4-39CC-414E-9A86-28AAEA8A7A06}] => C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe
FirewallRules: [{B2552578-F950-4401-8214-207165AC7BCA}] => C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe
FirewallRules: [{820E724C-4A65-4BBC-9DD5-80713EEF7675}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09EBFC89-6A8F-4A77-89B8-29F1CF61A710}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2FE1C34F-945D-4130-84C1-1150019053CB}] => C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{64BDB53C-23EF-48E0-B8CE-5306CC384FE7}] => C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{65922415-7EAE-45B3-AF43-A38DCCAD408A}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{70205518-373A-4C1B-B07D-CB24700648BA}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4F4452F9-5B86-424D-957F-8146E71A1FC0}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CA8B54A3-DF86-424E-827A-59374D077361}] => LPort=1900
FirewallRules: [{8FAE0D20-D848-436C-BCD8-AC618E574086}] => LPort=2869
FirewallRules: [{B7E26BDE-8C3A-41A9-9038-536F6C2C88B4}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E7A32E7F-B697-4926-A35D-5B227EED2996}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{3FE2F5A5-BE0C-4ED2-8E9B-7A8FB4F85243}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7DFD58EC-3461-492B-984D-E0E4444D9271}] => C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{76718924-EB21-4CA5-9E44-02FF83106743}] => C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{B63652A9-3AE5-491E-9A82-81EEA54209D6}] => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{83AB6D23-A4F3-4769-B296-110A7C313C68}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B9EAA890-271C-466C-B8FE-5FBD81BC8773}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B8DAEAA2-716A-4079-9F51-F87D5C63A4C7}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{F8F23DA2-4EAE-4F4C-8D4D-37837600258A}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{1FA10436-05C2-4882-BA80-78D1F70F4CD0}] => C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe
FirewallRules: [{1B0AF808-7608-4043-BC6C-944E8C103802}] => C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe
FirewallRules: [{1D896C62-AF4D-4D79-84B7-24AF4C6B2E23}] => C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe
FirewallRules: [{EE94AB87-A763-4988-8F21-A3E6EACEA234}] => C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{D33C3D49-EC5C-407E-9FE0-0D3C4323854F}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E576BFF9-E76C-4978-85A4-FC4C162EBCCC}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A2F80616-4F4D-4B53-8E82-D354F4EEA09C}] => C:\Users\Nicole\AppData\Local\Temp\7zS7F41\HPDiagnosticCoreUI.exe
FirewallRules: [{6FE506FC-4F80-4721-BD88-A0B2AF713A8E}] => C:\Users\Nicole\AppData\Local\Temp\7zS7F41\HPDiagnosticCoreUI.exe
FirewallRules: [{0EA40053-8D22-4FF6-B55E-A46D798305ED}] => C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{45E2F7E6-6441-4262-84D2-F7D2FB5A836E}] => C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{D7AC4632-81CC-442E-BB59-086CA9A0BAAF}] => C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{772D5E60-4375-42DB-8643-353AF8F3DFD6}] => C:\Program Files\HP\HP ENVY 7640 series\bin\FaxPrinterUtility.exe
FirewallRules: [{C2FE4C75-D653-4C93-B4A1-E6A1EC0A1BE0}] => C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{CBCFD149-E06E-4811-9EB2-DCF06B72278D}] => LPort=5357
FirewallRules: [{25EB28B8-29A2-4DDB-AB86-2418583E6501}] => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0D5D5384-5596-48D3-B3A4-654A78286978}] => C:\Users\Nicole\AppData\Local\Temp\7zS1D40\HPDiagnosticCoreUI.exe
FirewallRules: [{F5755DF8-D56E-4FE4-A91B-F8ECDBFAF1BE}] => C:\Users\Nicole\AppData\Local\Temp\7zS1D40\HPDiagnosticCoreUI.exe
FirewallRules: [{E8B34D8F-72CF-469F-9432-23DFFA6A37A7}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{641566FE-604B-4D6D-BA60-6FAF6ABB91A2}] => C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
FirewallRules: [{EF72EF39-EF3F-4ACB-96F7-94CED16FF96D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EEFE82DE-8A23-4094-93DC-CD1320B51A5D}] => C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
 
==================== Restore Points =========================
 
01-02-2017 14:25:47 Scheduled Checkpoint
09-02-2017 07:29:12 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/12/2017 10:31:30 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3e88110a-d744-4bfa-bc9a-238552ee4839}
 
Error: (02/11/2017 10:05:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:35:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:35:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:35:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:19:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:19:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:19:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:03:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2017 08:02:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICOLE)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/11/2017 11:15:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:05:16 PM) (Source: DCOM) (EventID: 10010) (User: NICOLE)
Description: The server CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca did not register with DCOM within the required timeout.
 
Error: (02/11/2017 10:05:15 PM) (Source: DCOM) (EventID: 10010) (User: NICOLE)
Description: The server {DD000CBD-67A6-423F-9132-1A2D0F76EAD5} did not register with DCOM within the required timeout.
 
Error: (02/11/2017 10:05:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:04:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:04:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:04:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-11 16:57:37.771
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:37.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:37.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.897
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.852
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.805
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:20.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\System32\WindowsActionDialog.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:20.025
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\System32\WindowsActionDialog.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:20.008
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\System32\WindowsActionDialog.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 56%
Total physical RAM: 8143.23 MB
Available physical RAM: 3541.36 MB
Total Virtual: 17359.23 MB
Available Virtual: 11175.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.09 GB) (Free:586.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F565C3AD)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


Link to original post https://www.bleepingcomputer.com/forums/t/639639/credit-card-info-gets-stolen-minutes-after-i-make-an-online-purchase/
 


Edited by hamluis, 12 February 2017 - 04:09 PM.
Merged posts - Hamluis.


BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:32 PM

Posted 13 February 2017 - 01:32 AM

Hi Nicolef888,

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
 

Just incase, I installed the premium version of malwarebytes on my computer and AVAST. I ran both and found a number of infections. I removed all the infections.

Please, post the Malwarebytes' Anti-Malware log for my perusal. Run the software. Navigate to History > Application Log > Click on Scan Log on the log that matches the time you scanned to disinfect your PC > Export as .txt file. Copy and Paste the contents of the file.

While we are working with your situation, I implore you to cease your financial and other internet activity that require login or fiscal credentials. That being said, please, change your login credentials from a clean computer and enable 2FA wherever possible. If you are signed into your browsers e.g. Signed into Google Chrome--please, sign out until I declare you green.

Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 13 February 2017 - 05:51 PM

Thanks so much for your help :)

 

Here is the latest Malwarebytes log

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/13/17
Scan Time: 2:02 AM
Logfile: Malware1.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1248
License: Premium
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469868
Time Elapsed: 13 min, 56 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
I'm not sure what 2FA is. Would you mind explaining? Thanks again


#4 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 13 February 2017 - 08:23 PM

I have had an interesting development...I made a purchase on my iPhone and I immediately got the fraudulent iTunes charge. My computers and both Windows 10 and my iPhone is Apple. The only common denominators between all three is my iTunes account. I'm about to uninstall iTunes on both my computers.

 

I have made two Paypal purchases on my computers and my bank information has stayed safe. This is the most bizarre thing. Any ideas? Could it be a virus on all three? I want to cry!



#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:32 PM

Posted 13 February 2017 - 09:04 PM

I'm not sure what 2FA is. Would you mind explaining? Thanks again

Two-factor Authentication (2FA) is an extra layer of security. Peruse this. Basically you will need to provide a code along with your username and password to complete the authetication. The code is random and usually sent to your phone. In this way, attacker won't be able to access even if they have your username and password.

I have had an interesting development...I made a purchase on my iPhone and I immediately got the fraudulent iTunes charge. My computers and both Windows 10 and my iPhone is Apple. The only common denominators between all three is my iTunes account. I'm about to uninstall iTunes on both my computers.

Let's do this and at this point do not use it. Make sure to change all your login credentials from a clean PC.

I want to cry!

Let's see if I can put a smile on your face.

 

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#6 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 13 February 2017 - 10:28 PM

Thank you for the info on 2FA! Apple offers it so I activated it on my iPhone

 

Running RogueKiller right now...I won't fix anything. I'll close the program and copy and paste the report



#7 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:32 PM

Posted 13 February 2017 - 10:31 PM

Yes, let's see what's lurking in your system first.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#8 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 13 February 2017 - 11:53 PM

It saved the log as a .json file. I exported it as a .txt file and this is what I got. Let me know if you need additional info. It found a lot! I did not remove or fix anything.

 

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Nicole [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/13/2017 22:23:11 (Duration : 01:17:08)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 47 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{fef5b27c-df71-0156-030a-d5d374a4df13} -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\GoldenGate -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\InstalledBrowserExtensions -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\WebApp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\GoldenGate -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\InstalledBrowserExtensions -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\WebApp -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Windows\CurrentVersion\Run | Amazon Music : "C:\Users\Nicole\AppData\Local\Amazon Music\Amazon Music Helper.exe" [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Windows\CurrentVersion\Run | Amazon Music : "C:\Users\Nicole\AppData\Local\Amazon Music\Amazon Music Helper.exe" [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9E2EE32-8BAD-4F6A-B69D-63E6E4271842} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1DBAC5DE-5FC4-4A9B-9997-4F51109E7BBC} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A1571D1E-B95E-4CCB-B16E-AA1C24B40B7D} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6C13F9EB-148E-4DD2-BB5B-E099542FFBCC} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6F7DE06E-51A6-4EB8-93E1-16F11E5DC77E} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B20F1C93-603F-42FB-B5B7-E60728812749} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87A0B09E-DB75-411B-B8A8-09C4B1E526F1} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D2EDCB2D-9C68-4647-8144-5AC80BDE773B} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {666B712D-A636-4777-8497-FFE26F7144A4} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CE966D48-39D9-48BA-9FCE-FC7675398A89} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {36B52848-E137-4C60-90DD-158EF96FDA0D} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F61A8397-48FA-4D2F-BCDF-FBC21BD27177} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {25E1D067-ADF5-499A-8FEC-2A4086D5B1A0} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F1565977-0E67-481C-8C52-86EABBA9057D} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4CC7CA1E-20F5-4A9B-AFE9-2A9A5EBE2B12} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ACD01B8B-1D0A-45AC-BC7A-F224A67148E2} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C03FCAFF-C968-4ED2-9E5D-BAA2C6915B5D} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {774F7471-3528-4CC1-9A71-D35D215A6B1C} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D376375-1ECE-4888-A60E-445925996D84} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {78FB0B53-6FF2-4629-B2EE-CB65F3EDB0ED} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {048BC606-0CE7-42E7-9F75-69E511EBBE4B} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BFC36868-E94B-44EC-B45B-B32C824F11D6} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {11B6C4C9-29EF-4FE3-90C9-94E3925DA128} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C2D5B36D-4524-4B33-AB24-66DF95938424} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CFCA4045-B9F3-4295-8C3E-7E05D31D720A} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B5A22821-B3EA-4D0D-B64C-2EC2379078D9} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6229CFB4-39CC-414E-9A86-28AAEA8A7A06} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B2552578-F950-4401-8214-207165AC7BCA} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FA10436-05C2-4882-BA80-78D1F70F4CD0} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1B0AF808-7608-4043-BC6C-944E8C103802} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1D896C62-AF4D-4D79-84B7-24AF4C6B2E23} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE94AB87-A763-4988-8F21-A3E6EACEA234} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 7 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\TerasGames -> Found
[Adw.IntManager|Tr.Gen0][Folder] C:\Users\Nicole\AppData\Local\intmanager -> Found
[PUP.Gen1][Folder] C:\Users\Nicole\AppData\Local\SlimWare Utilities Inc -> Found
[PUP.Gen1][Folder] C:\Users\Nicole\AppData\Local\YSearchUtil -> Found
[PUP.Gen1][Folder] C:\ProgramData\TerasGames -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\ReactorTurbo -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen2][Firefox:Addon] bqs7laeg.default-1431903642839 : New Tab by Yahoo [jid1-G80Ec8LLEbK5fQ@jetpack] -> Found
[PUM.SearchEngine][Firefox:Config] bqs7laeg.default-1431903642839 : user_pref("browser.search.selectedEngine", "Yahoo! (Avast)"); -> Found
[PUM.SearchEngine][Firefox:Config] bqs7laeg.default-1431903642839 : user_pref("browser.search.defaultenginename", "Yahoo! (Avast)"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] e05fd051ec7383d150309533cd78742b
[BSP] ff57482de49876ea86ba8929a5fa03a0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 490 MB
4 - Basic data partition | Offset (sectors): 2373632 | Size: 943193 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1934032896 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1934954496 | Size: 9066 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


#9 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:32 PM

Posted 14 February 2017 - 01:26 AM

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool again (Vista or later users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", this time click the Delete button.
  • When the Status box shows "Deleting Finished", click the "Report" button to show the log.
  • Copy and paste the report that opens into your next reply.
    • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_DEL_mmddyyyy_hhmmss.log
    • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_DEL_mmddyyyy_hhmmss.log
 
Give me a fresh FRST scan log afterward, please.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#10 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 14 February 2017 - 08:21 AM

Only a select few were selected to be deleted/cleaned. Should I have manually selected them all or just stay with the default?

 

Here is the new report

 

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Nicole [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/14/2017 06:48:52 (Duration : 01:01:59)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 47 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{fef5b27c-df71-0156-030a-d5d374a4df13} -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\GoldenGate -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\InstalledBrowserExtensions -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\WebApp -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\GoldenGate -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\InstalledBrowserExtensions -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\WebApp -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Not selected
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Windows\CurrentVersion\Run | Amazon Music : "C:\Users\Nicole\AppData\Local\Amazon Music\Amazon Music Helper.exe" [7] -> Not selected
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Windows\CurrentVersion\Run | Amazon Music : "C:\Users\Nicole\AppData\Local\Amazon Music\Amazon Music Helper.exe" [7] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9E2EE32-8BAD-4F6A-B69D-63E6E4271842} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1DBAC5DE-5FC4-4A9B-9997-4F51109E7BBC} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A1571D1E-B95E-4CCB-B16E-AA1C24B40B7D} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6C13F9EB-148E-4DD2-BB5B-E099542FFBCC} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6F7DE06E-51A6-4EB8-93E1-16F11E5DC77E} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B20F1C93-603F-42FB-B5B7-E60728812749} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87A0B09E-DB75-411B-B8A8-09C4B1E526F1} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D2EDCB2D-9C68-4647-8144-5AC80BDE773B} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {666B712D-A636-4777-8497-FFE26F7144A4} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CE966D48-39D9-48BA-9FCE-FC7675398A89} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {36B52848-E137-4C60-90DD-158EF96FDA0D} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F61A8397-48FA-4D2F-BCDF-FBC21BD27177} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {25E1D067-ADF5-499A-8FEC-2A4086D5B1A0} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F1565977-0E67-481C-8C52-86EABBA9057D} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4CC7CA1E-20F5-4A9B-AFE9-2A9A5EBE2B12} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ACD01B8B-1D0A-45AC-BC7A-F224A67148E2} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C03FCAFF-C968-4ED2-9E5D-BAA2C6915B5D} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {774F7471-3528-4CC1-9A71-D35D215A6B1C} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D376375-1ECE-4888-A60E-445925996D84} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {78FB0B53-6FF2-4629-B2EE-CB65F3EDB0ED} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {048BC606-0CE7-42E7-9F75-69E511EBBE4B} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BFC36868-E94B-44EC-B45B-B32C824F11D6} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {11B6C4C9-29EF-4FE3-90C9-94E3925DA128} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C2D5B36D-4524-4B33-AB24-66DF95938424} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CFCA4045-B9F3-4295-8C3E-7E05D31D720A} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B5A22821-B3EA-4D0D-B64C-2EC2379078D9} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6229CFB4-39CC-414E-9A86-28AAEA8A7A06} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B2552578-F950-4401-8214-207165AC7BCA} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FA10436-05C2-4882-BA80-78D1F70F4CD0} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1B0AF808-7608-4043-BC6C-944E8C103802} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1D896C62-AF4D-4D79-84B7-24AF4C6B2E23} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE94AB87-A763-4988-8F21-A3E6EACEA234} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 7 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\TerasGames -> Deleted
[PUP.Gen1][File] C:\ProgramData\TerasGames\TerasGames.ico -> Deleted
[PUP.Gen1][File] C:\ProgramData\TerasGames\uninstall.exe.config -> Deleted
[Adw.IntManager|Tr.Gen0][Folder] C:\Users\Nicole\AppData\Local\intmanager -> Deleted
[PUP.Gen1][Folder] C:\Users\Nicole\AppData\Local\SlimWare Utilities Inc -> Deleted
[PUP.Gen1][File] C:\Users\Nicole\AppData\Local\SlimWare Utilities Inc\Installers\SD-130769014472170044.log -> Deleted
[PUP.Gen1][Folder] C:\Users\Nicole\AppData\Local\SlimWare Utilities Inc\Installers -> Deleted
[PUP.Gen1][Folder] C:\Users\Nicole\AppData\Local\YSearchUtil -> Deleted
[PUP.Gen1][Folder] C:\Users\Nicole\AppData\Local\YSearchUtil\CrashLogs -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\TerasGames -> ERROR [3]
[PUP.Gen1][Folder] C:\Program Files (x86)\ReactorTurbo -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{74405C11-F1CD-E846-83A2-03AAAFFFDE3F}\unset.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{74405C11-F1CD-E846-83A2-03AAAFFFDE3F}\YSearchSetTool.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{74405C11-F1CD-E846-83A2-03AAAFFFDE3F}\YSearchUtil.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{74405C11-F1CD-E846-83A2-03AAAFFFDE3F}\YSearchUtilSVC.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset\{74405C11-F1CD-E846-83A2-03AAAFFFDE3F} -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E61365B2-CB26-5F4F-9711-C46333494BE9}\unset.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E61365B2-CB26-5F4F-9711-C46333494BE9}\YSearchSetTool.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E61365B2-CB26-5F4F-9711-C46333494BE9}\YSearchUtil.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E61365B2-CB26-5F4F-9711-C46333494BE9}\YSearchUtilSVC.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset\{E61365B2-CB26-5F4F-9711-C46333494BE9} -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen2][Firefox:Addon] bqs7laeg.default-1431903642839 : New Tab by Yahoo [jid1-G80Ec8LLEbK5fQ@jetpack] -> Not selected
[PUM.SearchEngine][Firefox:Config] bqs7laeg.default-1431903642839 : user_pref("browser.search.selectedEngine", "Yahoo! (Avast)"); -> Not selected
[PUM.SearchEngine][Firefox:Config] bqs7laeg.default-1431903642839 : user_pref("browser.search.defaultenginename", "Yahoo! (Avast)"); -> Not selected
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] e05fd051ec7383d150309533cd78742b
[BSP] ff57482de49876ea86ba8929a5fa03a0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 490 MB
4 - Basic data partition | Offset (sectors): 2373632 | Size: 943193 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1934032896 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1934954496 | Size: 9066 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


#11 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:32 PM

Posted 14 February 2017 - 08:41 AM

Only a select few were selected to be deleted/cleaned. Should I have manually selected them all or just stay with the default?

All would have been better but do not worry, we will address them in due course. Please, give me a fresh FRST scan log. Just re-run FRST64.exe and click on Scan. Post the log when done.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#12 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 14 February 2017 - 02:39 PM

Here are the fresh logs from the FRST scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by Nicole (administrator) on NICOLE (14-02-2017 14:27:33)
Running from C:\Users\Nicole\Downloads
Loaded Profiles: UpdatusUser & Nicole (Available Profiles: UpdatusUser & Nicole)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple, Inc.) C:\Config.Msi\9f105fd.rbf
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-4140931100-2863433544-1839387480-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [Amazon Music] => C:\Users\Nicole\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\CmdShell.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HPNotify.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\ProtectService.exe: [Debugger] tasklist.exe
IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\SP.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SupHPNot.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\UpdateTask.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{58bbe962-72f8-450a-a2b4-7ff1ee074242}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {E52C28E7-20CB-49EC-A7C7-15BB32AF0461} URL = 
SearchScopes: HKU\.DEFAULT -> {E52C28E7-20CB-49EC-A7C7-15BB32AF0461} URL = 
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> {CC0A2877-4107-4790-88FC-83FBB0AEE930} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002 -> {E52C28E7-20CB-49EC-A7C7-15BB32AF0461} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-31] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-08] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {d94f51b0-ba26-454b-bf8d-7c495c5e3db6} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-08] (Oracle Corporation)
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 [2017-02-11]
FF NewTab: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> Yahoo! (Avast)
FF Homepage: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839 -> hxxps://search.yahoo.com/yhs/search
FF Extension: (Firefox Hotfix) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-11]
FF Extension: (iCloud Bookmarks) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\firefoxdav@icloud.com [2017-01-03]
FF Extension: (New Tab by Yahoo) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [not signed]
FF Extension: (Avast Passwords) - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2017-02-08]
FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\searchplugins\yahoo-avast.xml [2017-02-08]
FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bqs7laeg.default-1431903642839\searchplugins\yahoo-ysp.xml [2015-10-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-05-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4140931100-2863433544-1839387480-1002: @nsroblox.roblox.com/launcher -> C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4140931100-2863433544-1839387480-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4140931100-2863433544-1839387480-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.910.15) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U91) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll => No File
CHR Profile: C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
CHR Extension: (Yahoo Partner) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-12-11]
CHR Extension: (Google Drive) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-08]
CHR Extension: (Avast Passwords) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-13]
CHR Extension: (Skype) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Yahoo Partner) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S3 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-02-01] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-02-01] (Electronic Arts)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-14] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_39d8ca1ac617325e\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-14 14:27 - 2017-02-14 14:27 - 00000000 ____D C:\Users\Nicole\Downloads\FRST-OlderVersion
2017-02-14 08:08 - 2017-02-14 08:08 - 00034978 _____ C:\Users\Nicole\Documents\RK14.txt
2017-02-13 23:48 - 2017-02-13 23:48 - 00031032 _____ C:\Users\Nicole\Downloads\RK.txt
2017-02-13 22:23 - 2017-02-14 06:48 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-13 22:22 - 2017-02-13 22:22 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-13 22:22 - 2017-02-13 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-13 22:22 - 2017-02-13 22:22 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-13 22:21 - 2017-02-14 06:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-13 22:21 - 2017-02-13 22:21 - 34801784 _____ (Adlice Software ) C:\Users\Nicole\Downloads\setup.exe
2017-02-13 17:48 - 2017-02-13 17:48 - 00001079 _____ C:\Users\Nicole\Documents\Malware1.txt
2017-02-13 17:32 - 2017-02-13 17:32 - 00031783 _____ C:\Users\Nicole\Downloads\WWIandPost-WarAmericaVocablists.pdf
2017-02-12 15:28 - 2017-02-12 15:31 - 00053071 _____ C:\Users\Nicole\Downloads\Addition.txt
2017-02-12 15:27 - 2017-02-14 14:27 - 00032300 _____ C:\Users\Nicole\Downloads\FRST.txt
2017-02-12 15:26 - 2017-02-14 14:27 - 00000000 ____D C:\FRST
2017-02-12 15:25 - 2017-02-14 14:27 - 02422272 _____ (Farbar) C:\Users\Nicole\Downloads\FRST64.exe
2017-02-12 10:31 - 2017-02-14 11:18 - 00000000 ____D C:\Users\Nicole\New folder
2017-02-12 10:30 - 2017-02-12 10:30 - 00000000 ____D C:\Users\Nicole\Desktop Backup
2017-02-12 10:15 - 2017-02-12 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-02-12 10:15 - 2017-02-12 10:15 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-02-12 10:12 - 2017-02-12 10:13 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Nicole\Downloads\cbSetup.exe
2017-02-11 22:16 - 2017-02-14 14:16 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-11 22:16 - 2017-02-11 22:16 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-11 22:15 - 2017-02-11 22:15 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-11 22:15 - 2017-02-11 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-11 22:12 - 2017-02-11 22:12 - 55566792 _____ (Malwarebytes ) C:\Users\Nicole\Downloads\mb3-setup-cb.NT-3.0.6.1469 (1).exe
2017-02-11 22:08 - 2017-02-11 22:08 - 00000000 ___HD C:\OneDriveTemp
2017-02-11 22:07 - 2017-02-11 22:07 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-11 21:50 - 2017-02-11 21:50 - 00852798 _____ C:\Users\Nicole\Downloads\SecurityCheck.exe
2017-02-11 08:29 - 2017-02-11 08:29 - 02659840 _____ C:\Users\Nicole\Downloads\SH-Alt-Install.exe
2017-02-11 08:20 - 2017-02-11 08:20 - 03516080 _____ C:\Users\Nicole\Downloads\SpyHunter-Installer (1).exe
2017-02-11 08:02 - 2017-02-11 16:30 - 00000342 _____ C:\Users\Nicole\Desktop\ESETScan.txt
2017-02-11 01:25 - 2017-02-11 01:25 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Nicole\Downloads\esetonlinescanner_enu.exe
2017-02-11 01:25 - 2017-02-11 01:25 - 00000000 ____D C:\Users\Nicole\AppData\Local\ESET
2017-02-09 07:38 - 2017-02-09 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 07:37 - 2016-12-29 07:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 07:35 - 2017-01-04 15:32 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-09 07:35 - 2017-01-04 15:32 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-09 07:35 - 2016-12-29 08:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 07:33 - 2017-02-09 07:34 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 10:26 - 2017-02-08 10:26 - 00001916 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-02-08 10:26 - 2017-02-08 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-02-08 10:26 - 2017-02-08 10:26 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-02-08 10:24 - 2017-02-08 10:24 - 00000000 ____D C:\Users\Nicole\AppData\Local\AVAST Software
2017-02-08 06:51 - 2017-02-08 06:51 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1486554695
2017-02-08 06:51 - 2017-02-08 06:51 - 00001090 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-08 06:51 - 2017-02-08 06:51 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-08 06:50 - 2017-02-08 06:50 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-08 06:49 - 2017-02-08 06:49 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\AVAST Software
2017-02-08 06:48 - 2017-02-10 06:48 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-08 06:48 - 2017-02-08 06:48 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-08 06:48 - 2017-02-08 06:48 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-08 06:48 - 2017-02-08 06:48 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-08 06:48 - 2017-02-08 06:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-08 06:48 - 2017-02-08 06:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-08 06:48 - 2017-02-08 06:47 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-08 06:48 - 2017-02-08 06:47 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-08 06:48 - 2017-02-08 06:46 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-08 06:47 - 2017-02-08 06:47 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-08 06:45 - 2017-02-08 08:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-08 06:45 - 2017-02-08 06:50 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-06 20:54 - 2017-02-06 20:54 - 55566792 _____ (Malwarebytes ) C:\Users\Nicole\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe
2017-02-06 20:30 - 2017-02-06 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-06 20:30 - 2017-02-06 20:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-06 20:30 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-06 20:29 - 2017-02-06 20:29 - 55566792 _____ (Malwarebytes ) C:\Users\Nicole\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-05 15:56 - 2017-02-05 15:56 - 00063384 _____ C:\Users\Nicole\Downloads\Untitleddocument (1).pdf
2017-02-01 13:42 - 2017-02-01 13:42 - 00032412 _____ C:\Users\Nicole\Downloads\Invoice 4444 Safran%2c J.pdf
2017-02-01 13:42 - 2017-02-01 13:42 - 00032403 _____ C:\Users\Nicole\Downloads\Invoice 4443 Safran%2c J.pdf
2017-01-29 14:02 - 2017-02-10 22:59 - 00014361 ____N C:\Users\Nicole\Documents\Bar Mitzvah Addresses.xlsx
2017-01-29 13:25 - 2017-01-29 13:25 - 00510734 _____ C:\Users\Nicole\Downloads\DJ list.pdf
2017-01-29 13:21 - 2017-01-29 13:21 - 00422594 _____ C:\Users\Nicole\Downloads\SafranBarMitzvah.pdf
2017-01-25 02:53 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 02:53 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-18 22:46 - 2017-01-18 22:46 - 00133956 _____ C:\Users\Nicole\Downloads\Inv_112264_from_Aqwa_Services_11244.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-14 14:22 - 2016-09-21 11:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-14 08:07 - 2015-10-26 07:21 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-02-13 22:04 - 2014-05-25 12:03 - 00000000 ____D C:\Users\Nicole\Documents\Jon
2017-02-13 20:30 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 20:29 - 2014-05-25 09:50 - 00000000 ____D C:\ProgramData\Apple
2017-02-13 20:27 - 2014-05-25 09:50 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer
2017-02-12 10:31 - 2016-09-21 11:22 - 00000000 ____D C:\Users\Nicole
2017-02-11 22:12 - 2015-09-25 08:26 - 01189212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-11 22:08 - 2016-03-24 18:21 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Skype
2017-02-11 22:08 - 2014-05-24 15:20 - 00000000 __RDO C:\Users\Nicole\SkyDrive
2017-02-11 22:07 - 2014-12-14 22:40 - 00000000 ___RD C:\Users\Nicole\iCloudDrive
2017-02-11 22:06 - 2016-09-21 11:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 22:06 - 2016-09-21 11:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-11 22:05 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-11 21:47 - 2015-01-02 13:33 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\HpUpdate
2017-02-11 16:43 - 2014-06-03 10:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\CrashDumps
2017-02-11 14:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 23:14 - 2015-08-17 11:17 - 00000000 ____D C:\Users\Nicole\AppData\Local\ElevatedDiagnostics
2017-02-10 12:05 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 17:51 - 2016-09-21 11:48 - 00003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432428255
2017-02-09 17:51 - 2015-05-23 19:43 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-09 07:38 - 2016-09-21 11:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 07:38 - 2016-09-21 11:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 07:38 - 2014-04-03 08:23 - 00000000 ____D C:\Temp
2017-02-09 07:35 - 2016-09-21 11:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 10:34 - 2016-02-13 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-08 10:24 - 2015-05-23 22:12 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-08 10:24 - 2015-05-23 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 10:24 - 2014-06-28 08:36 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-08 10:23 - 2015-05-23 22:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-08 10:23 - 2014-06-28 08:36 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-08 06:57 - 2016-03-24 18:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-08 06:57 - 2016-03-24 18:21 - 00000000 ____D C:\ProgramData\Skype
2017-02-08 06:45 - 2014-05-25 09:27 - 00000000 ____D C:\Users\Nicole\Documents\Pswds
2017-02-07 07:10 - 2016-12-06 11:17 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-07 07:10 - 2015-09-25 09:39 - 00002410 _____ C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-06 17:33 - 2015-08-09 12:25 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:33 - 2015-08-09 12:25 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 16:16 - 2016-05-16 15:16 - 00000000 ____D C:\Users\Nicole\AppData\Local\ComponentW
2017-02-01 17:50 - 2014-09-13 14:04 - 00000000 ____D C:\ProgramData\Origin
2017-02-01 17:49 - 2014-09-13 14:04 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-25 13:55 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 13:18 - 2014-05-24 15:17 - 00000000 ____D C:\Users\Nicole\AppData\Local\Packages
2017-01-20 07:00 - 2015-12-04 08:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 16:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-01-02 13:33 - 2015-01-02 13:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-21 11:17 - 2016-09-21 11:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-03 08:17 - 2014-04-03 08:18 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-03 08:14 - 2014-04-03 08:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-03 08:15 - 2014-04-03 08:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-03 08:16 - 2014-04-03 08:17 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-03 08:14 - 2014-04-03 08:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
2016-12-23 00:22 - 2016-12-01 09:31 - 0050720 _____ (HP Inc.) C:\Users\Nicole\AppData\Local\Temp\ACLMInstaller.exe
2017-02-13 22:22 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Nicole\AppData\Local\Temp\dllnt_dump.dll
2017-01-05 10:33 - 2017-01-05 10:34 - 107929672 _____ () C:\Users\Nicole\AppData\Local\Temp\HPInstaller.exe
2016-10-20 10:37 - 2016-10-20 10:37 - 0737856 _____ (Oracle Corporation) C:\Users\Nicole\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 11:37 - 2017-01-19 11:37 - 0739904 _____ (Oracle Corporation) C:\Users\Nicole\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-05 10:58 - 2017-01-05 10:58 - 5940584 _____ (Igor Pavlov) C:\Users\Nicole\AppData\Local\Temp\Package_en_ww.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-09 14:40
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by Nicole (14-02-2017 14:29:26)
Running from C:\Users\Nicole\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-21 16:55:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4140931100-2863433544-1839387480-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4140931100-2863433544-1839387480-503 - Limited - Disabled)
Guest (S-1-5-21-4140931100-2863433544-1839387480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4140931100-2863433544-1839387480-1004 - Limited - Enabled)
Nicole (S-1-5-21-4140931100-2863433544-1839387480-1002 - Administrator - Enabled) => C:\Users\Nicole
UpdatusUser (S-1-5-21-4140931100-2863433544-1839387480-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 7640 series Basic Device Software (HKLM\...\{28EA5D14-078A-4C03-BD78-82B29092978F}) (Version: 40.5.1092.16309 - HP Inc.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Kidspiration 3 (HKLM-x32\...\Kidspiration 3) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{9F69129E-000B-467D-BA8B-5FA08A6CDA32}) (Version: 40.5.1092.16309 - HP Inc.)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.2.0 - Electronic Arts)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
ROBLOX Player for Nicole (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.5.56688 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Nicole\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0506CB20-74EB-4CB7-8D85-90DA2FAFB269} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {16063ECE-84CB-45CC-B255-688EDECFA8A5} - System32\Tasks\HP AR Program Upload - 0a3d3355a23d43908a6e58cc3044bd9d03e7d8f82b514165abd8dcfb6e179568 => C:\Program Files\HP\HP ENVY 7640 series\bin\HPRewards.exe 
Task: {20402262-74FC-44D5-90A4-531ABD31C0CD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {286FA166-D35F-425D-A406-43C46DBF1EAA} - System32\Tasks\SafeZone scheduled Autoupdate 1486554695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)
Task: {2E7A3B17-F8B7-4EF4-BCF9-A1F5D03B6264} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {30A778DC-FBCF-417E-B257-F6F31F87CE6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-11] (Google Inc.)
Task: {30E901F2-B933-4531-BA00-1B1329425293} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {3AF18E6B-067B-4501-A771-640AA68EA3C7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {3CCB4D0C-901F-4DA9-B958-36F0EA792B19} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CEBAFE6-8CD0-46C2-B754-D0C19383459B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {41570EC3-1FDC-4810-AAC5-DE6C91724F20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-11] (Google Inc.)
Task: {4766E4BC-7AE2-46E8-B1FA-0914C061F74A} - System32\Tasks\HP AR Program Upload - df14b34af03045fa9d135d5956c1018c4807fa18cb4144eb9ae55ba93ed76346 => C:\Program Files\HP\HP ENVY 7640 series\bin\HPRewards.exe 
Task: {4AE1EA1E-9E71-4426-965F-2A47BAFEB495} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5120AEE3-5CB0-4A8A-8D68-97A5C6268D5D} - System32\Tasks\Opera scheduled Autoupdate 1432428255 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
Task: {590C6D80-61BF-491A-8FEA-3E1DB9311444} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nicole_safran@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {5B42593A-9177-4BD8-915A-A95EA3301B90} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {5DDBBE12-EB01-4D41-86FA-DFC319D56250} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {64E46594-EBED-472F-BB18-A971DE8E39AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67775BC9-76AC-4CCC-8E4D-D4BC6819BED9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {67DF42C4-5D12-4161-A120-BBB94B558B20} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {689AC400-EE3E-400F-B810-90C6E0CDB22E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6CBB89B7-CF6A-4E08-A512-38268E34F9E3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6F989FD8-46C5-4488-8E42-AF733B43D1BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {713EB4F9-9BAA-467B-8277-531F60A710BA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Nicole\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {73BEF626-ABE2-4563-A74A-D1239D2609F4} - \WPD\SqmUpload_S-1-5-21-4140931100-2863433544-1839387480-1002 -> No File <==== ATTENTION
Task: {7842E189-1613-4DE2-806A-77B0D3FBDC93} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {84638FA2-25B8-475B-8875-EBED78831AF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {8CAE44EE-072B-4952-8B4D-6D5CFF16426D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8D3199A8-627A-4EFB-96C0-5C99AD64A96A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D6F2ED0-37BD-43D1-A213-56FDF6350D48} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {A0061CB3-4D23-41DD-842B-41BB990612E3} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {A1FA60E8-F4CC-489D-A392-C1FA402ED1D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {BD5FFDA7-BECA-4396-950D-7DB507E7156B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BE73F5E1-5248-4A0B-8EFC-9D855EB31C5F} - System32\Tasks\HP AR Program Upload - 2c037df594904af4828546f888ba8afa0d8065e493114f7382679c15b18ba6d1 => C:\Program Files\HP\HP ENVY 7640 series\bin\HPRewards.exe 
Task: {D0A3DC8F-1C36-4F67-B5D8-86AA861739CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {D1A3EB71-36F0-4D7E-852D-2AB04BE939CD} - System32\Tasks\PocketCloudUpdater => C:\Program 
Task: {D54766D7-4882-4A60-914F-2B2A68321914} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DD3642ED-9084-43DA-BF6A-156672605D49} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [2016-11-04] (HP Inc.)
Task: {E7CB3132-4996-404B-B999-B77C9C63E696} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {F1222F42-5B99-4A20-9048-4D10A8CC9547} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-08] (AVAST Software)
Task: {F490C114-7526-4493-95C1-CD25791A7008} - \gameo_update -> No File <==== ATTENTION
Task: {F74B012F-A250-4BD6-A294-FD34AA802BBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC3ADD7E-B2DF-4BCB-AA82-1B367A568FB5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FEE27FA6-00DF-48CD-B1D9-3E2EA4A3E66D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNicole.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:20 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-21 11:18 - 2016-12-29 07:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2016-12-13 20:20 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-21 15:09 - 2016-09-21 15:09 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 16:24 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 16:24 - 2016-12-21 02:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-06 21:36 - 2017-02-06 21:36 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 21:36 - 2017-02-06 21:36 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 21:36 - 2017-02-06 21:36 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:36 - 2017-02-06 21:36 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-06 20:30 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-11 22:15 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-11 22:15 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-10 16:24 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 16:24 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 16:24 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-10 16:24 - 2016-12-21 01:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-01-10 16:24 - 2016-12-21 01:49 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2017-01-10 16:24 - 2016-12-21 01:47 - 01475584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll
2017-01-09 17:33 - 2017-02-01 17:49 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2014-12-11 16:40 - 2014-12-11 16:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-02-08 06:46 - 2017-02-08 06:46 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-08 06:47 - 2017-02-08 06:47 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-08 06:46 - 2017-02-08 06:46 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-08 06:46 - 2017-02-08 06:46 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-04-03 08:14 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-02-09 17:51 - 2017-02-06 02:41 - 39820376 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_browser.dll
2017-02-09 17:51 - 2017-02-06 02:41 - 45837912 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_child.dll
2017-02-09 17:50 - 2017-02-09 17:50 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libglesv2.dll
2017-02-09 17:50 - 2017-02-09 17:50 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libegl.dll
2014-04-03 08:05 - 2013-09-04 10:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\minecraft.net -> www.minecraft.net
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dscn2705.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\...\StartupApproved\Run: => "Amazon Music"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C9E2EE32-8BAD-4F6A-B69D-63E6E4271842}] => C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe
FirewallRules: [{1DBAC5DE-5FC4-4A9B-9997-4F51109E7BBC}] => C:\Users\Nicole\AppData\Local\Temp\7zS1598\HPDiagnosticCoreUI.exe
FirewallRules: [{A1571D1E-B95E-4CCB-B16E-AA1C24B40B7D}] => C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe
FirewallRules: [{6C13F9EB-148E-4DD2-BB5B-E099542FFBCC}] => C:\Users\Nicole\AppData\Local\Temp\7zS2185\HPDiagnosticCoreUI.exe
FirewallRules: [{6F7DE06E-51A6-4EB8-93E1-16F11E5DC77E}] => C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe
FirewallRules: [{B20F1C93-603F-42FB-B5B7-E60728812749}] => C:\Users\Nicole\AppData\Local\Temp\7zS1FC9\HPDiagnosticCoreUI.exe
FirewallRules: [{87A0B09E-DB75-411B-B8A8-09C4B1E526F1}] => C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe
FirewallRules: [{D2EDCB2D-9C68-4647-8144-5AC80BDE773B}] => C:\Users\Nicole\AppData\Local\Temp\7zS71A5\HPDiagnosticCoreUI.exe
FirewallRules: [{666B712D-A636-4777-8497-FFE26F7144A4}] => C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe
FirewallRules: [{CE966D48-39D9-48BA-9FCE-FC7675398A89}] => C:\Users\Nicole\AppData\Local\Temp\7zS649B\HPDiagnosticCoreUI.exe
FirewallRules: [{36B52848-E137-4C60-90DD-158EF96FDA0D}] => C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe
FirewallRules: [{F61A8397-48FA-4D2F-BCDF-FBC21BD27177}] => C:\Users\Nicole\AppData\Local\Temp\7zS646E\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{006027B9-CF7A-43F5-AB54-6D4056FA653D}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [TCP Query User{15BCAAC7-2470-4F10-8C66-B54E4C26D1D0}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [{3EEB65D7-6D27-46EB-B94B-99BB7D96BF12}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0274BC16-CB5F-438D-B05D-AD35D88E4E91}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5715B86C-AAEE-4760-9475-58A8E7C370C7}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6833766D-A05B-40E7-B9C1-E09A9975D2F3}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{11FEC060-59B1-4D45-B436-09FE14BD1AB6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{1FAD82FD-3F96-47D8-ACE2-4E450A2E87CB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B1383F90-964A-4189-8CDD-E1519312A7D0}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{9AD165F2-8525-471E-B335-BDE134ED7B43}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DB3F3A67-6BC0-4E0F-B5C6-1D0506C89391}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{25E1D067-ADF5-499A-8FEC-2A4086D5B1A0}] => C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe
FirewallRules: [{F1565977-0E67-481C-8C52-86EABBA9057D}] => C:\Users\Nicole\AppData\Local\Temp\7zS2A26\HPDiagnosticCoreUI.exe
FirewallRules: [{8CBC89D8-D868-4608-98BE-C45549D28D71}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{A88E89CF-1D77-4BFB-B99E-7586D713A909}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{4CC7CA1E-20F5-4A9B-AFE9-2A9A5EBE2B12}] => C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe
FirewallRules: [{ACD01B8B-1D0A-45AC-BC7A-F224A67148E2}] => C:\Users\Nicole\AppData\Local\Temp\7zS70BB\HPDiagnosticCoreUI.exe
FirewallRules: [{C03FCAFF-C968-4ED2-9E5D-BAA2C6915B5D}] => C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe
FirewallRules: [{774F7471-3528-4CC1-9A71-D35D215A6B1C}] => C:\Users\Nicole\AppData\Local\Temp\7zS5EB5\HPDiagnosticCoreUI.exe
FirewallRules: [{0D376375-1ECE-4888-A60E-445925996D84}] => C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe
FirewallRules: [{78FB0B53-6FF2-4629-B2EE-CB65F3EDB0ED}] => C:\Users\Nicole\AppData\Local\Temp\7zS4DCE\HPDiagnosticCoreUI.exe
FirewallRules: [{A27369D1-9CBB-45FF-9A91-83CC56E5B0D4}] => C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{8218D920-27D2-4BE0-8FCA-CD866E251B36}] => C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{048BC606-0CE7-42E7-9F75-69E511EBBE4B}] => C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe
FirewallRules: [{BFC36868-E94B-44EC-B45B-B32C824F11D6}] => C:\Users\Nicole\AppData\Local\Temp\7zS3F60\HPDiagnosticCoreUI.exe
FirewallRules: [{11B6C4C9-29EF-4FE3-90C9-94E3925DA128}] => C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe
FirewallRules: [{C2D5B36D-4524-4B33-AB24-66DF95938424}] => C:\Users\Nicole\AppData\Local\Temp\7zS2F78\HPDiagnosticCoreUI.exe
FirewallRules: [{CFCA4045-B9F3-4295-8C3E-7E05D31D720A}] => C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe
FirewallRules: [{B5A22821-B3EA-4D0D-B64C-2EC2379078D9}] => C:\Users\Nicole\AppData\Local\Temp\7zS3426\HPDiagnosticCoreUI.exe
FirewallRules: [{6229CFB4-39CC-414E-9A86-28AAEA8A7A06}] => C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe
FirewallRules: [{B2552578-F950-4401-8214-207165AC7BCA}] => C:\Users\Nicole\AppData\Local\Temp\7zS2645\HPDiagnosticCoreUI.exe
FirewallRules: [{820E724C-4A65-4BBC-9DD5-80713EEF7675}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09EBFC89-6A8F-4A77-89B8-29F1CF61A710}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2FE1C34F-945D-4130-84C1-1150019053CB}] => C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{64BDB53C-23EF-48E0-B8CE-5306CC384FE7}] => C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{65922415-7EAE-45B3-AF43-A38DCCAD408A}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{70205518-373A-4C1B-B07D-CB24700648BA}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4F4452F9-5B86-424D-957F-8146E71A1FC0}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CA8B54A3-DF86-424E-827A-59374D077361}] => LPort=1900
FirewallRules: [{8FAE0D20-D848-436C-BCD8-AC618E574086}] => LPort=2869
FirewallRules: [{B7E26BDE-8C3A-41A9-9038-536F6C2C88B4}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E7A32E7F-B697-4926-A35D-5B227EED2996}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{3FE2F5A5-BE0C-4ED2-8E9B-7A8FB4F85243}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7DFD58EC-3461-492B-984D-E0E4444D9271}] => C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{76718924-EB21-4CA5-9E44-02FF83106743}] => C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{B63652A9-3AE5-491E-9A82-81EEA54209D6}] => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{83AB6D23-A4F3-4769-B296-110A7C313C68}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B9EAA890-271C-466C-B8FE-5FBD81BC8773}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B8DAEAA2-716A-4079-9F51-F87D5C63A4C7}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{F8F23DA2-4EAE-4F4C-8D4D-37837600258A}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{1FA10436-05C2-4882-BA80-78D1F70F4CD0}] => C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe
FirewallRules: [{1B0AF808-7608-4043-BC6C-944E8C103802}] => C:\Users\Nicole\AppData\Local\Temp\7zS76C3\HPDiagnosticCoreUI.exe
FirewallRules: [{1D896C62-AF4D-4D79-84B7-24AF4C6B2E23}] => C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe
FirewallRules: [{EE94AB87-A763-4988-8F21-A3E6EACEA234}] => C:\Users\Nicole\AppData\Local\Temp\7zS76F4\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{D33C3D49-EC5C-407E-9FE0-0D3C4323854F}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E576BFF9-E76C-4978-85A4-FC4C162EBCCC}C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\nicole\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A2F80616-4F4D-4B53-8E82-D354F4EEA09C}] => C:\Users\Nicole\AppData\Local\Temp\7zS7F41\HPDiagnosticCoreUI.exe
FirewallRules: [{6FE506FC-4F80-4721-BD88-A0B2AF713A8E}] => C:\Users\Nicole\AppData\Local\Temp\7zS7F41\HPDiagnosticCoreUI.exe
FirewallRules: [{0EA40053-8D22-4FF6-B55E-A46D798305ED}] => C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{45E2F7E6-6441-4262-84D2-F7D2FB5A836E}] => C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{D7AC4632-81CC-442E-BB59-086CA9A0BAAF}] => C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{772D5E60-4375-42DB-8643-353AF8F3DFD6}] => C:\Program Files\HP\HP ENVY 7640 series\bin\FaxPrinterUtility.exe
FirewallRules: [{C2FE4C75-D653-4C93-B4A1-E6A1EC0A1BE0}] => C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{CBCFD149-E06E-4811-9EB2-DCF06B72278D}] => LPort=5357
FirewallRules: [{25EB28B8-29A2-4DDB-AB86-2418583E6501}] => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0D5D5384-5596-48D3-B3A4-654A78286978}] => C:\Users\Nicole\AppData\Local\Temp\7zS1D40\HPDiagnosticCoreUI.exe
FirewallRules: [{F5755DF8-D56E-4FE4-A91B-F8ECDBFAF1BE}] => C:\Users\Nicole\AppData\Local\Temp\7zS1D40\HPDiagnosticCoreUI.exe
FirewallRules: [{641566FE-604B-4D6D-BA60-6FAF6ABB91A2}] => C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
FirewallRules: [{EF72EF39-EF3F-4ACB-96F7-94CED16FF96D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EEFE82DE-8A23-4094-93DC-CD1320B51A5D}] => C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
 
==================== Restore Points =========================
 
13-02-2017 20:24:41 Removed iTunes
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2017 07:51:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: NetEventPacketCapture.dll, version: 10.0.14393.206, time stamp: 0x57dacea5
Exception code: 0xc0000005
Fault offset: 0x00000000000160d3
Faulting process id: 0xb90
Faulting application start time: 0x01d2867c8fa0745f
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\system32\wbem\NetEventPacketCapture.dll
Report Id: 64a9dd17-4b64-4a5b-ac56-eaa11be27162
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/14/2017 07:50:41 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (02/14/2017 07:50:41 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (02/14/2017 07:50:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (02/14/2017 07:50:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (02/13/2017 11:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x2934
Faulting application start time: 0x01d284dd8aeea2dc
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ea47a5e5-f50f-409e-907c-7a1c1ef1a981
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/13/2017 11:40:08 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (02/13/2017 11:40:08 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (02/13/2017 08:30:00 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NICOLE)
Description: Application or service 'Apple Mobile Device Service' could not be restarted.
 
Error: (02/13/2017 08:24:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (02/14/2017 12:12:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 08:30:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/13/2017 08:30:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
 
Error: (02/13/2017 04:33:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/12/2017 11:28:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 11:15:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:06:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2017 10:05:16 PM) (Source: DCOM) (EventID: 10010) (User: NICOLE)
Description: The server CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-11 16:57:37.771
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:37.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:37.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.897
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.852
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:27.805
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:20.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\System32\WindowsActionDialog.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:20.025
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\System32\WindowsActionDialog.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-11 16:57:20.008
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\eDN1daFCzXr9BNjh\eDN1daFCzXr9BNjh\System32\WindowsActionDialog.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 65%
Total physical RAM: 8143.23 MB
Available physical RAM: 2815.65 MB
Total Virtual: 17359.23 MB
Available Virtual: 11709.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.09 GB) (Free:589.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F565C3AD)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Thanks again for all your help :)


#13 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:32 PM

Posted 15 February 2017 - 10:51 PM

Hi,

Uninstall Yahoo Search Set.
  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      IFEO\apnmcp.exe: [Debugger] tasklist.exe
      IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
      IFEO\brs.exe: [Debugger] tasklist.exe
      IFEO\bservice.exe: [Debugger] tasklist.exe
      IFEO\bservice64.exe: [Debugger] tasklist.exe
      IFEO\cltmng.exe: [Debugger] tasklist.exe
      IFEO\cltmngui.exe: [Debugger] tasklist.exe
      IFEO\CmdShell.exe: [Debugger] tasklist.exe
      IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
      IFEO\dsrlte.exe: [Debugger] tasklist.exe
      IFEO\DTUpdate.exe: [Debugger] tasklist.exe
      IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
      IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
      IFEO\HPNotify.exe: [Debugger] tasklist.exe
      IFEO\HpUI.exe: [Debugger] tasklist.exe
      IFEO\IdcLdr.exe: [Debugger] tasklist.exe
      IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
      IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
      IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
      IFEO\Loader32.exe: [Debugger] tasklist.exe
      IFEO\Loader64.exe: [Debugger] tasklist.exe
      IFEO\loggingserver.exe: [Debugger] tasklist.exe
      IFEO\Lrcnta.exe: [Debugger] tasklist.exe
      IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
      IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
      IFEO\patch_ff.exe: [Debugger] tasklist.exe
      IFEO\PluginService.exe: [Debugger] tasklist.exe
      IFEO\ProtectService.exe: [Debugger] tasklist.exe
      IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
      IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
      IFEO\searcharmor.exe: [Debugger] tasklist.exe
      IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
      IFEO\search_protect.exe: [Debugger] tasklist.exe
      IFEO\smu.exe: [Debugger] tasklist.exe
      IFEO\SP.exe: [Debugger] tasklist.exe
      IFEO\spbiu.exe: [Debugger] tasklist.exe
      IFEO\srptm.exe: [Debugger] tasklist.exe
      IFEO\srpts.exe: [Debugger] tasklist.exe
      IFEO\srptsl.exe: [Debugger] tasklist.exe
      IFEO\SupHPNot.exe: [Debugger] tasklist.exe
      IFEO\SystemkService.exe: [Debugger] tasklist.exe
      IFEO\SystemSockets.exe: [Debugger] tasklist.exe
      IFEO\TBNotifier.exe: [Debugger] tasklist.exe
      IFEO\TNT2User.exe: [Debugger] tasklist.exe
      IFEO\Toolbar.exe: [Debugger] tasklist.exe
      IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
      IFEO\UpdateTask.exe: [Debugger] tasklist.exe
      IFEO\vprot.exe: [Debugger] tasklist.exe
      IFEO\wb.exe: [Debugger] tasklist.exe
      IFEO\YTDownloader.exe: [Debugger] tasklist.exe
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      HKU\S-1-5-21-4140931100-2863433544-1839387480-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
      BHO-x32: No Name -> {d94f51b0-ba26-454b-bf8d-7c495c5e3db6} -> No File
      CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
      2015-01-02 13:33 - 2015-01-02 13:33 - 0000057 _____ () C:\ProgramData\Ament.ini
      Task: {F490C114-7526-4493-95C1-CD25791A7008} - \gameo_update -> No File <==== ATTENTION
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#14 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 16 February 2017 - 07:00 AM

I'm currently doing the above and will post when done.

 

Just for fun, I ran a root kit scanner aswMBR http://public.avast.com/~gmerek/aswMBR.htm and this virus showed up 

 

***File: C:\Users\Nicole\AppData\Local\ComponentW\com.exe  **INFECTED** Win32:Malware-gen*** Full log is below

 

https://www.bleepingcomputer.com/startups/Component.exe-24085.html

 

I will post the above info as soon as it's done. Thanks :)

 

 

LOG

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-02-15 21:30:26
-----------------------------
21:30:26.973    OS Version: Windows x64 6.2.9200 
21:30:26.973    Number of processors: 4 586 0x3C03
21:30:26.973    ComputerName: NICOLE  UserName: Nicole
21:30:34.406    Initialize success
21:30:34.459    VM: initialized successfully
21:30:34.459    VM: Intel CPU supported virtualized 
21:30:37.268    VM: disk I/O iaStorA.sys
21:30:47.690    AVAST engine defs: 17021505
21:30:57.457    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
21:30:57.457    Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 11
21:30:57.457    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000049
21:30:57.457    Disk 1 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.472    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000004a
21:30:57.472    Disk 2 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.472    Disk 3  \Device\Harddisk3\DR3 -> \Device\0000004b
21:30:57.472    Disk 3 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.494    Disk 4  \Device\Harddisk4\DR4 -> \Device\0000004c
21:30:57.494    Disk 4 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.894    Disk 0 MBR read successfully
21:30:57.894    Disk 0 MBR scan
21:30:57.972    Disk 0 unknown MBR code
21:30:58.010    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
21:30:58.056    Disk 0 scanning C:\WINDOWS\system32\drivers
21:31:14.681    Service scanning
21:31:29.473    Modules scanning
21:31:29.480    Disk 0 trace - called modules:
21:31:29.513    ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
21:31:29.518    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffff910e2538f060]
21:31:29.522    3 aswSP.sys[fffff8013b03dafe] -> nt!IofCallDriver -> [0xffff910e23523c40]
21:31:29.526    5 ACPI.sys[fffff80139724571] -> nt!IofCallDriver -> [0xffff910e23519250]
21:31:29.530    7 ACPI.sys[fffff80139724571] -> nt!IofCallDriver -> \Device\0000002f[0xffff910e2350a060]
21:31:33.077    AVAST engine scan C:\WINDOWS
21:31:37.968    AVAST engine scan C:\WINDOWS\system32
21:34:35.954    AVAST engine scan C:\WINDOWS\system32\drivers
21:34:53.789    AVAST engine scan C:\Users\Nicole
21:38:29.077    File: C:\Users\Nicole\AppData\Local\ComponentW\com.exe  **INFECTED** Win32:Malware-gen
22:43:54.804    Disk 0 statistics 3126807/0/0 @ 0.42 MB/s
22:43:54.804    Scan stopped
22:44:12.127    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Documents\MBR.dat"
22:44:12.127    The log file has been saved successfully to "C:\Users\Nicole\Documents\aswMBR.txt"
 
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-02-15 21:30:26
-----------------------------
21:30:26.973    OS Version: Windows x64 6.2.9200 
21:30:26.973    Number of processors: 4 586 0x3C03
21:30:26.973    ComputerName: NICOLE  UserName: Nicole
21:30:34.406    Initialize success
21:30:34.459    VM: initialized successfully
21:30:34.459    VM: Intel CPU supported virtualized 
21:30:37.268    VM: disk I/O iaStorA.sys
21:30:47.690    AVAST engine defs: 17021505
21:30:57.457    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
21:30:57.457    Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 11
21:30:57.457    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000049
21:30:57.457    Disk 1 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.472    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000004a
21:30:57.472    Disk 2 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.472    Disk 3  \Device\Harddisk3\DR3 -> \Device\0000004b
21:30:57.472    Disk 3 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.494    Disk 4  \Device\Harddisk4\DR4 -> \Device\0000004c
21:30:57.494    Disk 4 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
21:30:57.894    Disk 0 MBR read successfully
21:30:57.894    Disk 0 MBR scan
21:30:57.972    Disk 0 unknown MBR code
21:30:58.010    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
21:30:58.056    Disk 0 scanning C:\WINDOWS\system32\drivers
21:31:14.681    Service scanning
21:31:29.473    Modules scanning
21:31:29.480    Disk 0 trace - called modules:
21:31:29.513    ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
21:31:29.518    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffff910e2538f060]
21:31:29.522    3 aswSP.sys[fffff8013b03dafe] -> nt!IofCallDriver -> [0xffff910e23523c40]
21:31:29.526    5 ACPI.sys[fffff80139724571] -> nt!IofCallDriver -> [0xffff910e23519250]
21:31:29.530    7 ACPI.sys[fffff80139724571] -> nt!IofCallDriver -> \Device\0000002f[0xffff910e2350a060]
21:31:33.077    AVAST engine scan C:\WINDOWS
21:31:37.968    AVAST engine scan C:\WINDOWS\system32
21:34:35.954    AVAST engine scan C:\WINDOWS\system32\drivers
21:34:53.789    AVAST engine scan C:\Users\Nicole
21:38:29.077    File: C:\Users\Nicole\AppData\Local\ComponentW\com.exe  **INFECTED** Win32:Malware-gen
22:43:54.804    Disk 0 statistics 3126807/0/0 @ 0.42 MB/s
22:43:54.804    Scan stopped
22:44:12.127    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Documents\MBR.dat"
22:44:12.127    The log file has been saved successfully to "C:\Users\Nicole\Documents\aswMBR.txt"
22:44:16.877    Disk 0 MBR fix error
22:44:25.250    Disk 0 MBR fix error
22:44:26.655    Disk 0 MBR fix error
22:48:30.689    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
22:48:30.689    Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 11
22:48:30.704    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000049
22:48:30.704    Disk 1 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
22:48:30.720    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000004a
22:48:30.720    Disk 2 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
22:48:30.720    Disk 3  \Device\Harddisk3\DR3 -> \Device\0000004b
22:48:30.720    Disk 3 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
22:48:30.742    Disk 4  \Device\Harddisk4\DR4 -> \Device\0000004c
22:48:30.742    Disk 4 Vendor: Generic- 1.00 Size: 953869MB BusType: 1
22:48:30.820    Disk 0 MBR read successfully
22:48:30.841    Disk 0 MBR scan
22:48:30.842    Disk 0 unknown MBR code
22:48:30.874    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
22:48:30.920    Disk 0 scanning C:\WINDOWS\system32\drivers
22:48:30.942    Service scanning
22:48:57.370    Modules scanning
22:48:57.376    Disk 0 trace - called modules:
22:48:57.439    ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
22:48:57.439    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffff910e2538f060]
22:48:57.455    3 aswSP.sys[fffff8013b03dafe] -> nt!IofCallDriver -> [0xffff910e23523c40]
22:48:57.455    5 ACPI.sys[fffff80139724571] -> nt!IofCallDriver -> [0xffff910e23519250]
22:48:57.455    7 ACPI.sys[fffff80139724571] -> nt!IofCallDriver -> \Device\0000002f[0xffff910e2350a060]
22:48:58.809    AVAST engine scan C:\WINDOWS
22:51:20.843    AVAST engine scan C:\WINDOWS\system32
22:55:26.645    AVAST engine scan C:\WINDOWS\system32\drivers
22:56:14.937    AVAST engine scan C:\Users\Nicole
23:03:31.166    File: C:\Users\Nicole\AppData\Local\ComponentW\com.exe  **INFECTED** Win32:Malware-gen
00:58:25.393    AVAST engine scan C:\ProgramData
01:10:08.545    Disk 0 statistics 7629433/0/0 @ 0.33 MB/s
01:10:08.567    Scan finished successfully
06:53:06.011    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Documents\MBR.dat"
06:53:06.026    The log file has been saved successfully to "C:\Users\Nicole\Documents\aswMBR.txt"


#15 Nicolef888

Nicolef888
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:32 AM

Posted 16 February 2017 - 07:16 AM

I was unable to fix anything. I got the message that the file has to be in the same folder as FRST.exe

 

Also, when I went to the Control Panel to uninstall Yahoo Search Set , it said that it had already been uninstalled and just removed the physical name Yahoo Search Set

 

Please advise. Thanks :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users