Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC Possibly Compromised By Web Site Link Opened Via Email Link

Started by RobertDean , Jan 25 2016 04:46 PM

  • Please log in to reply

#1
RobertDean
Posted 25 January 2016 - 04:46 PM

RobertDean

    New Member

  • Member
  • Pip
  • 3 posts

My daughter received an email message from a person she thought was a friend.

 

It contained a link: Link removed

 

She clicked it and was sent to: Link removed

 

When she tried to close the Chrome browser tab, a popup appeared asking if she was sure she wanted to close the tab. She clicked yes.

 

I have not noticed anything that would lead me to believe the PC has been compromised. 

 

I have run scans of Windows Defender, Malwarebytes Anti-Malware, Junkware Removal Tool (JRT.exe) and Adwcleaner.exe and found nothing.

 

I would very much appreciate having an expert look at my FRST logs to ensure my system is as clean as it appears to be.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Robert (administrator) on ROBERT-PC (25-01-2016 14:26:38)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404376 2015-08-09] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®)
HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-08-16]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A2BC8A10-C176-4AAB-B491-1F837016BD93}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-428967656-2931917083-3015171260-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/
HKU\S-1-5-21-428967656-2931917083-3015171260-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-428967656-2931917083-3015171260-1001 -> DefaultScope {2813ED91-3C00-49C2-A265-F0AB76B5BA87} URL = 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\zz2798ws.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://my.xfinity.com/
about:preferences#general
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-428967656-2931917083-3015171260-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-12] (Citrix Online)
FF Extension: Certificate Patrol - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\zz2798ws.default\extensions\[email protected] [2015-08-28]
FF Extension: Flashblock - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\zz2798ws.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-09-01]
FF Extension: HTTPS-Everywhere - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\zz2798ws.default\Extensions\[email protected] [2015-08-28]
FF Extension: Privacy Badger - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\zz2798ws.default\Extensions\[email protected] [2015-12-17]
FF Extension: uBlock Origin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\zz2798ws.default\Extensions\[email protected] [2015-12-17]
FF Extension: Video DownloadHelper - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\zz2798ws.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-13] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=mtmh01092012
CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=mtmh01092012"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Select & translate - context menu) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapcampblfdohlgnilfjbmhjijhflbjf [2016-01-02]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-12-04]
CHR Extension: (uBlock Origin) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-12]
CHR Extension: (VTchromizer) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-12-04]
CHR Extension: (Google Calendar) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-12-04]
CHR Extension: (HTTPS Everywhere) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-12-18]
CHR Extension: (Pixlr Editor) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-12-04]
CHR Extension: (New XKit) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-12-04]
CHR Extension: (Video DownloadHelper) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-12]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-12-19]
CHR Extension: (New XKit) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-12]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-12]
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-14]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-14]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-14]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-14]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-14]
CHR Extension: (Google Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-14]
CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 3
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows ® Win 7 DDK provider) [File not signed]
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-18] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-18] (Secunia)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-25 14:26 - 2016-01-25 14:26 - 00022101 _____ C:\Users\Robert\Desktop\FRST.txt
2016-01-25 14:26 - 2016-01-25 14:26 - 00000000 ____D C:\FRST
2016-01-25 14:23 - 2016-01-25 14:23 - 02370560 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2016-01-25 12:32 - 2016-01-25 12:32 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-01-25 08:08 - 2016-01-25 08:08 - 00000000 ___RD C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-25 05:57 - 2016-01-25 05:57 - 01505280 _____ C:\Users\Robert\Desktop\adwcleaner_5.030.exe
2016-01-20 14:29 - 2016-01-20 14:29 - 00001036 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2016-01-20 14:29 - 2016-01-20 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2016-01-20 14:28 - 2016-01-20 14:29 - 00000000 ____D C:\Program Files\Tracker Software
2016-01-20 14:26 - 2016-01-20 14:27 - 17765360 _____ (Tracker Software Products Ltd ) C:\Users\Robert\Downloads\PDFXVwer.exe
2016-01-13 20:50 - 2016-01-13 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-13 20:50 - 2016-01-13 20:50 - 00000000 ____D C:\Program Files\7-Zip
2016-01-13 20:49 - 2016-01-13 20:49 - 01371668 _____ (Igor Pavlov) C:\Users\Robert\Downloads\7z1514-x64.exe
2016-01-12 10:35 - 2015-12-10 20:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 10:35 - 2015-12-10 20:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 10:35 - 2015-12-10 19:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 10:35 - 2015-12-10 19:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 10:35 - 2015-12-10 19:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 10:35 - 2015-12-10 19:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 10:35 - 2015-12-10 19:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 10:35 - 2015-12-10 19:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-12 10:35 - 2015-12-10 19:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 10:35 - 2015-12-10 19:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 10:35 - 2015-12-10 18:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 10:35 - 2015-12-10 18:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 10:35 - 2015-12-10 18:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-12 10:35 - 2015-12-10 18:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 10:35 - 2015-12-10 18:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 10:35 - 2015-12-10 18:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 10:35 - 2015-12-10 18:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 10:35 - 2015-12-10 18:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 10:35 - 2015-12-10 18:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 10:35 - 2015-12-10 18:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 10:35 - 2015-12-10 18:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 10:35 - 2015-12-04 21:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 10:35 - 2015-12-04 21:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 10:35 - 2015-12-02 07:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 10:35 - 2015-12-02 07:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 10:34 - 2015-12-30 11:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 10:34 - 2015-12-30 11:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 10:34 - 2015-12-30 11:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 10:34 - 2015-12-10 16:13 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 10:34 - 2015-12-10 16:13 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 10:34 - 2015-12-10 16:13 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 10:34 - 2015-12-10 16:13 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 10:34 - 2015-12-08 11:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 10:34 - 2015-12-08 11:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 10:34 - 2015-12-07 02:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 10:34 - 2015-12-04 21:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 10:34 - 2015-12-04 21:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 10:34 - 2015-12-04 07:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 10:34 - 2015-12-03 11:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-12 10:34 - 2015-12-03 11:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-12 10:34 - 2015-12-03 11:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 10:34 - 2015-12-03 11:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-12 10:34 - 2015-12-03 11:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 10:34 - 2015-12-03 10:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-12 10:34 - 2015-12-03 10:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 10:34 - 2015-12-03 10:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-12 10:34 - 2015-12-03 10:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 10:34 - 2015-12-03 10:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 10:34 - 2015-12-03 10:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 10:34 - 2015-12-03 10:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 10:34 - 2015-12-03 10:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 10:34 - 2015-12-03 10:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 10:34 - 2015-12-03 10:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 10:34 - 2015-12-03 09:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 10:34 - 2015-12-03 09:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-12 10:34 - 2015-12-03 09:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 10:34 - 2015-12-03 09:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 10:34 - 2015-12-03 09:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 10:34 - 2015-12-03 09:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 10:34 - 2015-12-03 09:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 10:34 - 2015-12-03 09:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 10:34 - 2015-12-03 09:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 10:34 - 2015-12-03 09:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-12 10:34 - 2015-12-03 09:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 10:34 - 2015-12-03 09:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 10:34 - 2015-12-03 09:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 10:34 - 2015-12-03 09:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 10:34 - 2015-12-03 08:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 10:34 - 2015-12-03 08:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 10:34 - 2015-12-03 08:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-11 16:51 - 2016-01-12 10:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-08 12:37 - 2016-01-08 12:37 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SUPERAntiSpyware.com
2016-01-08 12:36 - 2016-01-25 08:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-08 12:36 - 2016-01-08 12:36 - 00001822 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-08 12:36 - 2016-01-08 12:36 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-08 12:36 - 2016-01-08 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-08 12:35 - 2016-01-08 12:35 - 24377856 _____ (SUPERAntiSpyware) C:\Users\Robert\Downloads\SAS_32020.EXE
2016-01-05 14:36 - 2016-01-05 14:36 - 00063503 _____ C:\Users\Robert\Downloads\BootSafe.zip
2016-01-05 14:30 - 2016-01-05 14:30 - 02618336 _____ (Foolish IT LLC ) C:\Users\Robert\Downloads\CryptoPreventSetup.exe
2015-12-30 18:46 - 2015-12-30 18:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-30 18:45 - 2016-01-25 06:52 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-30 18:45 - 2015-12-30 18:45 - 00001093 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-12-30 18:45 - 2015-12-30 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-12-30 18:45 - 2012-05-02 11:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-12-30 18:45 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-12-30 13:10 - 2015-12-30 13:10 - 04274096 _____ (BrightFort LLC ) C:\Users\Robert\Downloads\spywareblastersetup54.exe
2015-12-30 13:06 - 2015-12-30 13:06 - 24266224 _____ (SUPERAntiSpyware) C:\Users\Robert\Downloads\SUPERAntiSpyware.exe
2015-12-29 12:09 - 2016-01-25 06:08 - 00001195 _____ C:\Users\Robert\Desktop\JRT.txt
2015-12-29 12:03 - 2015-12-29 12:03 - 01599336 _____ (Malwarebytes) C:\Users\Robert\Desktop\JRT.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-25 14:26 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2016-01-25 14:12 - 2015-08-12 14:52 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-25 12:14 - 2015-08-13 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-25 09:10 - 2015-08-12 14:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C404EEC4-319C-4697-A46F-D4F24BD41861}
2016-01-25 08:11 - 2014-05-07 13:44 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-25 08:11 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-01-25 08:09 - 2014-05-07 14:01 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-01-25 08:07 - 2015-08-12 17:52 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-01-25 08:07 - 2015-08-12 14:29 - 00000000 __RDO C:\Users\Robert\OneDrive
2016-01-25 08:07 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-25 08:06 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-25 06:53 - 2015-08-13 14:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-25 06:53 - 2014-05-07 13:52 - 00000000 ____D C:\ProgramData\Temp
2016-01-25 05:59 - 2015-08-17 08:30 - 00000000 ____D C:\AdwCleaner
2016-01-22 14:58 - 2015-08-20 07:35 - 00000000 ____D C:\Users\Robert\AppData\Roaming\XnConvert
2016-01-21 10:59 - 2015-08-12 14:52 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-20 14:47 - 2015-08-12 14:30 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-428967656-2931917083-3015171260-1001
2016-01-19 18:36 - 2015-08-17 08:13 - 00000000 ____D C:\Users\Robert\AppData\Local\CrashDumps
2016-01-16 08:59 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-14 06:16 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2016-01-13 20:42 - 2015-08-12 14:24 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
2016-01-13 20:42 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-12 10:40 - 2015-08-19 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-12 10:39 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-12 10:38 - 2015-08-12 17:09 - 00000000 ____D C:\Windows\system32\MRT
2016-01-12 10:36 - 2015-08-12 17:09 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-11 23:31 - 2015-08-15 17:18 - 00000000 ____D C:\Users\Robert\AppData\Roaming\vlc
2016-01-05 12:04 - 2015-08-12 17:51 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 12:04 - 2015-08-12 17:51 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 18:46 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-30 18:45 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
 
==================== Files in the root of some directories =======
 
2015-10-12 23:24 - 2015-10-12 23:24 - 0003584 _____ () C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-16 21:34 - 2015-08-16 21:34 - 0007679 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2014-05-07 13:59 - 2014-05-07 13:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-07 13:54 - 2014-05-07 13:54 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-05-07 13:52 - 2014-05-07 13:52 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-05-07 13:52 - 2014-05-07 13:53 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-05-07 13:53 - 2014-05-07 13:54 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-05-07 13:52 - 2014-05-07 13:52 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\0082261439421523mcinst.exe
C:\Users\Robert\AppData\Local\Temp\hwjvdroo.dll
C:\Users\Robert\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Robert\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-21 05:41
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Robert (2016-01-25 14:27:07)
Running from C:\Users\Robert\Desktop
Windows 8.1 (X64) (2015-08-12 22:24:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-428967656-2931917083-3015171260-500 - Administrator - Disabled)
Guest (S-1-5-21-428967656-2931917083-3015171260-501 - Limited - Disabled)
Robert (S-1-5-21-428967656-2931917083-3015171260-1001 - Administrator - Enabled) => C:\Users\Robert
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.316.1 - Tracker Software Products Ltd)
Photo! Editor 1.1 (HKLM-x32\...\PhotoToolkit_is1) (Version:  - )
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
XnConvert 1.71 (HKLM\...\XnConvert_is1) (Version: 1.71 - Gougelet Pierre-e)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-428967656-2931917083-3015171260-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CEC9E29-338C-46C4-8C1E-0BBC10825F1E} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {1DF40DFD-F801-470C-848C-8B646694DFF1} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {256E9C38-069A-4ED8-84F7-0146A0E96CD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-12] (Google Inc.)
Task: {461FB628-F638-4C49-A450-E5F0BF1A8F2B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {484890B4-ECA3-4B3A-9362-2C3783E7A1B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-12] (Google Inc.)
Task: {55B70B05-AB89-43E7-8255-A80D936E0EFB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {5BF69E76-1C1E-4903-AFD2-FE197461CFFD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {653345C3-2610-4BAD-9B88-FFCB79BF5780} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-21] (CyberLink Corp.)
Task: {85166E6E-B25A-4441-A140-52774180C162} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
Task: {B41AABE7-8049-46E1-8A8D-01D09249F8C0} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {E80A3226-FE36-4A7B-A594-290B483B8C1C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F5B973F4-2E95-447A-ACD0-ECD7903EAD0A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-08-22 10:40 - 2013-08-22 10:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 10:40 - 2013-08-22 10:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 10:40 - 2013-08-22 10:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-05-07 14:02 - 2013-08-19 08:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-05-07 14:02 - 2013-08-19 08:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-05-07 14:02 - 2013-08-19 08:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-05-07 13:56 - 2015-08-09 03:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe
2013-09-04 22:20 - 2013-09-04 22:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-04 22:17 - 2013-09-04 22:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-04 22:24 - 2013-09-04 22:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2016-01-21 10:59 - 2016-01-15 04:16 - 02048840 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\libglesv2.dll
2016-01-21 10:59 - 2016-01-15 04:16 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\libegl.dll
2015-08-09 03:52 - 2015-08-09 03:52 - 17973744 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll
2014-05-07 13:52 - 2013-03-04 19:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 10:41 - 2013-03-05 10:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-13 22:03 - 2014-01-13 22:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-05-07 13:54 - 2013-12-09 14:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-428967656-2931917083-3015171260-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-428967656-2931917083-3015171260-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Local\Microsoft\Windows\Themes\Besto Blu (2)\DesktopBackground\my best july 2015.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{77E0AD2D-108E-4F15-82EB-E4D67367547D}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{0B2B6298-56C0-4E2B-822A-F25136AB0CF3}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{0CBF3B55-C36D-49BD-B745-3FE8BD36768E}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{07C9777E-AB97-40E7-8840-59233F9F8001}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{2AD7421E-5F0B-480C-A43F-CCAA99D0166E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{670CC32F-3FFB-4055-8056-312A8E4A17E7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1618C495-76F8-400F-B99A-93FD4EDA98DD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9BF25E7E-11FC-4AC2-92E2-59DA059F2F87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46A00DFF-CDD5-4047-BAFC-10A41A81C088}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A96EC92C-068E-4511-9DE4-D22784202CF9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5A3974F0-CBA4-4B6C-BE11-3334859424FE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C3BA640A-8340-4475-920C-6597AE2445CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{749A21C7-89B0-4550-92A8-B211969D54F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7C12C54E-A2BD-44B3-AE7C-E2F6FBA0547D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
06-01-2016 02:44:46 Scheduled Checkpoint
12-01-2016 10:35:33 Windows Update
20-01-2016 14:21:04 Removed PDF-XChange Viewer
25-01-2016 06:06:48 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/25/2016 07:27:05 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (01/23/2016 10:47:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "47.0.2526.111,language="&#x2a;",type="win32",version="47.0.2526.111"1".
Dependent Assembly 47.0.2526.111,language="&#x2a;",type="win32",version="47.0.2526.111" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/20/2016 02:24:13 PM) (Source: MsiInstaller) (EventID: 11730) (User: ROBERT-PC)
Description: Product: PDF-XChange Viewer -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.
 
Error: (01/19/2016 06:36:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5
Exception code: 0xc0000005
Fault offset: 0x000000000003dd0e
Faulting process id: 0x1048
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (01/07/2016 06:07:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000005
Fault offset: 0x000000000003dcfe
Faulting process id: 0x1860
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (01/06/2016 02:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000005
Fault offset: 0x000000000003dcfe
Faulting process id: 0x130
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (01/06/2016 01:58:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (01/02/2016 07:12:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000005
Fault offset: 0x000000000003dcfe
Faulting process id: 0x344
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (12/30/2015 10:34:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000005
Fault offset: 0x000000000003dcfe
Faulting process id: 0x140c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (12/30/2015 06:32:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000005
Fault offset: 0x000000000003dcfe
Faulting process id: 0x107c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
 
System errors:
=============
Error: (01/25/2016 05:59:52 AM) (Source: DCOM) (EventID: 10010) (User: ROBERT-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/25/2016 05:59:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/25/2016 05:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (01/25/2016 05:59:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/25/2016 05:59:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/25/2016 05:59:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/25/2016 05:59:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/25/2016 05:59:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/25/2016 05:59:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/25/2016 05:59:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 49%
Total physical RAM: 8108.94 MB
Available physical RAM: 4083.2 MB
Total Virtual: 9388.94 MB
Available Virtual: 4079.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.46 GB) (Free:854.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0CE5F827)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

Advertisements

#2
RKinner
Posted 25 January 2016 - 05:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The only thing I see that looks suspicious is:

 

C:\Users\Robert\AppData\Local\Temp\hwjvdroo.dll

 

The file has a random name which is usually a bad sign.  However, it doesn't appear to be active.  I would run a free online ESET scan:

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
May take 3 hours or so depending on how many files you have but it is a very good scan.

  • 0

#3
RobertDean
Posted 25 January 2016 - 06:45 PM

RobertDean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

I ran the Eset scan but it did not report any threats found.

 

I ran a search of hwjvdroo.dll at Virustotal.com and this was the result:

 

https://www.virustot...sis/1453769734/


Edited by RobertDean, 25 January 2016 - 06:59 PM.

  • 0

#4
RKinner
Posted 25 January 2016 - 09:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Looks like you dodged the bullet.  Unless you have other problems we can clean up.

 

We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. 
 
 
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
 
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

  • 0

#5
RobertDean
Posted 25 January 2016 - 09:31 PM

RobertDean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
# DelFix v1.011 - Logfile created 25/01/2016 at 19:27:04
# Updated 18/08/2015 by Xplode
# Username : Robert - ROBERT-PC
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleaner[C1].txt
Deleted : C:\AdwCleaner[C2].txt
Deleted : C:\AdwCleaner[C3].txt
Deleted : C:\AdwCleaner[C4].txt
Deleted : C:\AdwCleaner[C5].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\AdwCleaner[S3].txt
Deleted : C:\AdwCleaner[S4].txt
Deleted : C:\AdwCleaner[S5].txt
Deleted : C:\Users\Robert\Desktop\Addition.txt
Deleted : C:\Users\Robert\Desktop\adwcleaner_5.030.exe
Deleted : C:\Users\Robert\Desktop\FRST.txt
Deleted : C:\Users\Robert\Desktop\FRST64.exe
Deleted : C:\Users\Robert\Desktop\JRT.exe
Deleted : C:\Users\Robert\Desktop\JRT.txt
Deleted : C:\Users\Robert\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #29 [Scheduled Checkpoint | 01/06/2016 10:44:46]
Deleted : RP #30 [Windows Update | 01/12/2016 18:35:33]
Deleted : RP #31 [Removed PDF-XChange Viewer | 01/20/2016 22:21:04]
Deleted : RP #32 [JRT Pre-Junkware Removal | 01/25/2016 14:06:48]
 
New restore point created !
 
########## - EOF - ##########
 
So my system wasn't compromised as I had feared.
 
THANK YOU RKinner for looking at my logs and ensuring I have nothing to worry about. Thank you.

  • 0

#6
RKinner
Posted 25 January 2016 - 09:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Looks good.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP