Jump to content

Outbound traffic blocked - is it safe now?


Recommended Posts

Two nights ago, I moved my Dell i5 laptop to the living room to do some work.  When I plugged the the (factory original) AC power cord, I got a "The AC power adapter wattage and type cannot be determined. The battery may not charge.the system will adjust the performance to match the power available " error message on boot.  I also got an error message saying that I could not log into my MS One Drive account, so I got a generic blue Windows desktop, not my personalized desktop. 

I have Malwarebytes Premium, which started throwing popups (about every 20 minutes) on outgoing traffic being blocked.  I cannot remember the port, but this was the last line of the alerts: 

Process: C:\Windows\System32\svchost.exe

I browsed a little on Edge, then tried Firefox, which immediately gave me a bogus update notification (that came from something starting with "mich", I think - I am aware of those & do not click on them).  I closed Firefox out & just shut down the the computer.  The next morning, turned on the computer & everything was normal - my customized desktop, no AC adapter warning.  Ran Malwarebytes scan (it is scheduled to run every night during the time the weird stuff was going on the night before) & it came up with nothing.  I downloaded & scanned with aswMBR.  I am not sure how to read that log (attached below) , but nothing screamed at me.

I am now leery of doing any bill paying online.  I am getting NO Malwarebytes popups.

So - is it safe now?  Did whatever it was just give up?  Should I uninstall Firefox and Edge & re-install?  Is there something else I should download & scan with?

Thank you for your assistance.

 

 

aswMBR.txt

Link to post
Share on other sites

Ok GrittyKitty, run the following and post the two produced logs..

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-03-2017
Ran by Tammy Lambdin (administrator) on DESKTOP-TDVKKP2 (04-03-2017 16:44:17)
Running from C:\Users\Tammy Lambdin\Desktop
Loaded Profiles: Tammy Lambdin (Available Profiles: Tammy Lambdin)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\bfgclient\bfggameservices.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
() C:\Program Files (x86)\Gummy Drop!\GummyDrop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7823824 2015-09-21] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1424360 2016-04-29] (Array Networks)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4172279172-3571751980-1744943503-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-14] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4e174788-834a-4ebb-a493-1f8d1b771d5f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b57b338e-743b-4b2c-925c-506388c41895}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{e408bec8-ea1c-433f-a4a3-36f1ecdc75a4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4172279172-3571751980-1744943503-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-4172279172-3571751980-1744943503-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-4172279172-3571751980-1744943503-1001 -> DefaultScope {27B2B829-3EE3-43A2-8322-FD896B78A78D} URL =
SearchScopes: HKU\S-1-5-21-4172279172-3571751980-1744943503-1001 -> {27B2B829-3EE3-43A2-8322-FD896B78A78D} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-02-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-02-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2017-02-27] (Sun Microsystems, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-02-27] (Sun Microsystems, Inc.)
DPF: HKLM {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC}
DPF: HKLM-x32 {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} hxxps://ouvpn-us.oracle.com/prx/000/http/localhost/client_sec/l3vpn/arr_x.cab
DPF: HKLM-x32 {C3CBFE35-9BE8-11D1-B31B-006008948294} hxxp://aquire-codebase.vipasuite.com/codebase117/OrgPubX.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-02-14] (Microsoft Corporation)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-4172279172-3571751980-1744943503-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: fw0g3jps.default
FF ProfilePath: C:\Users\Tammy Lambdin\AppData\Roaming\Mozilla\Firefox\Profiles\fw0g3jps.default [2017-03-04]
FF Session Restore: Mozilla\Firefox\Profiles\fw0g3jps.default -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\Tammy Lambdin\AppData\Roaming\Mozilla\Firefox\Profiles\fw0g3jps.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-04]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Tammy Lambdin\AppData\Roaming\Mozilla\Firefox\Profiles\fw0g3jps.default\features\{0b49866a-3d3d-4fd3-b102-93eb92543efa}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2017-02-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\SysWoW64\npdeployJava1.dll [2017-02-27] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2017-02-27] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-02-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-02-14] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [603248 2016-03-23] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-21] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-21] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [228216 2016-01-21] (Dell Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-03-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1381864 2016-04-29] (Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2328040 2016-04-29] (Array Networks)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATP; C:\WINDOWS\system32\DRIVERS\atpdrvr_7_x64.sys [19456 2011-04-08] (Array Networks)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-03-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-03-04] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3524360 2016-10-04] (Intel Corporation)
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R1 vpntdi; C:\WINDOWS\System32\drivers\vpntdi64.sys [64616 2012-03-12] (Array Networks)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Tammy Lambdin\AppData\Local\Temp\aswMBR.sys [62728 2017-03-03] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Tammy Lambdin\AppData\Local\Temp\aswVmm.sys [224896 2017-03-03] () <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 16:44 - 2017-03-04 16:44 - 00023679 _____ C:\Users\Tammy Lambdin\Desktop\FRST.txt
2017-03-04 14:24 - 2017-03-04 14:27 - 00040112 _____ C:\Users\Tammy Lambdin\Desktop\Addition_1.txt
2017-03-04 14:23 - 2017-03-04 16:44 - 00000000 ____D C:\FRST
2017-03-04 14:23 - 2017-03-04 14:27 - 00034975 _____ C:\Users\Tammy Lambdin\Desktop\FRST_1.txt
2017-03-04 14:22 - 2017-03-04 14:22 - 02423296 _____ (Farbar) C:\Users\Tammy Lambdin\Desktop\FRST64.exe
2017-03-04 14:18 - 2017-03-04 14:18 - 00001659 _____ C:\Users\Tammy Lambdin\Desktop\mwbpost.txt
2017-03-03 21:09 - 2017-03-03 21:09 - 00001874 _____ C:\Users\Tammy Lambdin\Desktop\aswMBR.txt
2017-03-03 21:09 - 2017-03-03 21:09 - 00000512 _____ C:\Users\Tammy Lambdin\Desktop\MBR.dat
2017-03-03 06:49 - 2017-03-03 06:50 - 00416972 _____ C:\WINDOWS\Minidump\030317-31390-01.dmp
2017-03-03 06:45 - 2017-03-03 06:45 - 05198336 _____ (AVAST Software) C:\Users\Tammy Lambdin\Desktop\aswMBR.exe
2017-03-02 21:34 - 2015-10-30 01:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170302-213408.backup
2017-03-02 18:45 - 2017-03-02 21:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-02 18:45 - 2017-03-02 21:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-02 18:45 - 2017-03-02 18:45 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-02 18:45 - 2017-03-02 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-03-02 18:45 - 2017-03-02 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-02 18:45 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-27 21:23 - 2017-02-27 21:23 - 00000000 ____D C:\ProgramData\Sun
2017-02-27 21:22 - 2017-02-27 21:22 - 00477616 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\npdeployJava1.dll
2017-02-27 21:22 - 2017-02-27 21:22 - 00473520 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\deployJava1.dll
2017-02-27 21:22 - 2017-02-27 21:22 - 00162224 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaws.exe
2017-02-27 21:22 - 2017-02-27 21:22 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaw.exe
2017-02-27 21:22 - 2017-02-27 21:22 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\java.exe
2017-02-27 21:22 - 2017-02-27 21:22 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-27 21:10 - 2017-02-27 21:14 - 00000000 ___HD C:\WINDOWS\AxInstSV
2017-02-27 21:10 - 2017-02-27 21:10 - 00000000 ____D C:\Users\Tammy Lambdin\AppData\LocalLow\Sun
2017-02-27 21:09 - 2017-02-27 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-23 17:47 - 2017-02-23 17:47 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-02-23 17:47 - 2017-02-23 17:47 - 00000000 ____D C:\Program Files\Dell Support Center
2017-02-21 23:09 - 2017-03-02 17:24 - 00000954 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-21 23:09 - 2017-03-02 17:24 - 00000950 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-21 23:09 - 2017-02-27 21:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-21 23:09 - 2017-02-21 23:13 - 00000000 ____D C:\Users\Tammy Lambdin\AppData\Local\Dropbox
2017-02-21 23:09 - 2017-02-21 23:09 - 00004014 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-21 23:09 - 2017-02-21 23:09 - 00003782 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-21 23:09 - 2017-02-21 23:09 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-21 12:49 - 2017-02-21 12:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 12:49 - 2017-02-21 12:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-16 12:11 - 2017-02-16 12:11 - 00000000 ____D C:\Users\Tammy Lambdin\AppData\Roaming\Hot Lava Games
2017-02-16 12:09 - 2017-02-16 12:09 - 00000000 ____D C:\Users\Tammy Lambdin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gummy Drop!
2017-02-16 12:09 - 2017-02-16 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gummy Drop!
2017-02-16 12:09 - 2017-02-16 12:09 - 00000000 ____D C:\Program Files (x86)\Gummy Drop!
2017-02-14 21:59 - 2017-02-14 21:59 - 00000000 ____D C:\ProgramData\3ea9c135-f436-4a0b-911c-ad9faacd4074
2017-02-14 12:56 - 2017-02-14 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-14 12:54 - 2017-02-28 22:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-09 02:33 - 2017-02-09 02:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 02:33 - 2017-02-09 02:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 16:32 - 2016-09-27 04:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-04 15:51 - 2017-01-29 07:10 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-03 23:16 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-03 23:16 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-03 21:17 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-03 21:14 - 2016-11-16 18:12 - 00000000 ____D C:\Users\Tammy Lambdin\AppData\LocalLow\Mozilla
2017-03-03 06:59 - 2016-07-12 08:06 - 00000000 ____D C:\ProgramData\Temp
2017-03-03 06:55 - 2016-04-25 14:04 - 01429650 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-03 06:52 - 2016-09-27 04:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 06:52 - 2016-08-04 14:17 - 00000000 __SHD C:\Users\Tammy Lambdin\IntelGraphicsProfiles
2017-03-03 06:51 - 2017-01-29 07:10 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-03 06:51 - 2017-01-29 07:10 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-03 06:51 - 2017-01-29 07:10 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-03 06:51 - 2016-09-27 04:21 - 00000000 ____D C:\Users\Tammy Lambdin
2017-03-03 06:50 - 2016-09-27 04:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 06:49 - 2016-10-07 06:08 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-03 06:49 - 2016-08-07 21:11 - 843928934 _____ C:\WINDOWS\MEMORY.DMP
2017-03-03 06:16 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-02 21:38 - 2016-04-25 14:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-02 21:36 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-02 17:28 - 2016-08-04 17:12 - 00000000 ___RD C:\Users\Tammy Lambdin\Dropbox
2017-02-28 22:56 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-28 07:04 - 2016-08-04 17:35 - 00002242 ____H C:\Users\Tammy Lambdin\Documents\Default.rdp
2017-02-27 23:18 - 2016-12-12 23:04 - 00003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-27 23:18 - 2016-08-04 14:20 - 00002393 _____ C:\Users\Tammy Lambdin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-27 23:18 - 2016-08-04 14:20 - 00000000 ___RD C:\Users\Tammy Lambdin\OneDrive
2017-02-27 21:14 - 2016-11-16 06:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-27 21:14 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-02-27 21:10 - 2016-07-12 08:21 - 00000000 ____D C:\ProgramData\McAfee
2017-02-23 23:12 - 2016-09-08 18:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 17:47 - 2016-07-12 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-23 00:49 - 2016-08-04 17:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 00:47 - 2016-08-04 17:32 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 07:24 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 07:30 - 2016-09-27 06:32 - 00118381 ____H C:\Users\Tammy Lambdin\AppData\Local\IconCache.db.backup
2017-02-20 08:22 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-20 08:20 - 2016-09-27 04:13 - 00353720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-16 12:09 - 2016-08-05 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-16 12:08 - 2016-08-05 08:53 - 00000000 ____D C:\BigFishCache
2017-02-14 22:03 - 2016-08-04 17:36 - 00000252 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
2017-02-14 22:03 - 2016-07-12 08:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-14 22:02 - 2016-07-12 08:15 - 00000000 ____D C:\Program Files\Dell
2017-02-14 12:58 - 2016-04-25 14:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-11 08:18 - 2016-08-04 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-09-27 04:17 - 2016-09-27 04:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-07-12 08:10 - 2016-07-12 08:10 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2016-07-12 08:07 - 2016-07-12 08:08 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2016-07-12 08:09 - 2016-07-12 08:10 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2016-07-12 08:08 - 2016-07-12 08:09 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Some files in TEMP:
====================
2017-01-05 20:30 - 2017-01-05 20:31 - 2858376 _____ () C:\Users\Tammy Lambdin\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-03-04 13:05 - 2017-03-04 13:05 - 2903480 _____ () C:\Users\Tammy Lambdin\AppData\Local\Temp\npp.7.3.2.Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 07:23

==================== End of FRST.txt ============================

 

 

 

 

 

Addition.txt

Link to post
Share on other sites

Thanks for those logs, continues as follows:

Uninstall the following:

SpyBot Search & Destroy
Gummy Drop

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites

OK - thank you for the great detailed instructions.  Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by Tammy Lambdin (04-03-2017 20:00:48) Run:1
Running from C:\Users\Tammy Lambdin\Desktop
Loaded Profiles: Tammy Lambdin (Available Profiles: Tammy Lambdin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Gummy Drop!
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
U3 aswMBR; C:\Users\Tammy Lambdin\AppData\Local\Temp\aswMBR.sys [62728 2017-03-03] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Tammy Lambdin\AppData\Local\Temp\aswVmm.sys [224896 2017-03-03] () <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
C:\ProgramData\3ea9c135-f436-4a0b-911c-ad9faacd4074
Task: {D7F8CBBB-8556-4FFC-AB8F-0CA7AA00B819} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
AlternateDataStreams: C:\ProgramData\Temp:036B81D9 [184]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:322D2CD3 [432]
CMD: ipconfig /flushDNS
EmptyTemp:
end


*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Program Files (x86)\Gummy Drop!" => not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKLM\System\CurrentControlSet\Services\aswMBR => key removed successfully
aswMBR => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
C:\ProgramData\3ea9c135-f436-4a0b-911c-ad9faacd4074 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7F8CBBB-8556-4FFC-AB8F-0CA7AA00B819} => key not found.
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
C:\ProgramData\Temp => ":036B81D9" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":322D2CD3" ADS removed successfully.

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55959311 B
Java, Flash, Steam htmlcache => 11519 B
Windows/system/drivers => 63411700 B
Edge => 4115413 B
Chrome => 0 B
Firefox => 399308640 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 18178 B
NetworkService => 661332 B
Tammy Lambdin => 1126255628 B

RecycleBin => 46527314 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:04:28 ====

 

 

Malwarebytes scan found 0 threats:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/4/17
Scan Time: 8:10 PM
Logfile: scan_summary.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1430
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-TDVKKP2\Tammy Lambdin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345942
Time Elapsed: 9 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

 

ADWCleaner results (2 issues):

 

# AdwCleaner v6.044 - Logfile created 04/03/2017 at 20:26:27
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Tammy Lambdin - DESKTOP-TDVKKP2
# Running from : C:\Users\Tammy Lambdin\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\9d158676-528a-487f-9e55-f9f116b7b9a0
[-] Folder deleted: C:\ProgramData\da84d090-26b6-479d-83b6-d1564c2dd8d1


***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

 

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [913 Bytes] - [04/03/2017 20:26:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1266 Bytes] - [04/03/2017 20:25:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1058 Bytes] ##########

 

 

 

Sophos found 0 threats, so no log.

 

So do you think it is safe to do online bill paying now?

Thank you for the hand-holding.

 

 

 

 

Link to post
Share on other sites

Logs are indicating a clean system, as a precaution make sure to change all passwords... Other than that you should be good to go, we just need to clean up first...

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.