Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Chrome Opening Tabs Automatically

This is a discussion on Chrome Opening Tabs Automatically within the Resolved HJT Threads forums, part of the Tech Support Forum category. Chrome is opening many, many tabs at once. It isn't redirecting me anywhere, it's just opening the same tab. For


 
 
Thread Tools Search this Thread
Old 11-24-2015, 10:24 AM   #1
Registered Member
 
Join Date: Jan 2015
Posts: 12
OS: Windows 8.1



Chrome is opening many, many tabs at once. It isn't redirecting me anywhere, it's just opening the same tab. For example, I'll go to Yahoo and it will open 7 tabs of Yahoo. I'll try to search for something and it will act as if I typed in a website and take me to the search page or "page not found" message before I finished typing the search term.

I cannot go into Chrome settings because it then freaks out and opens 1,000 tabs of settings so I can't mess with anything.

Some people have mentioned "Lucky tab" being a program running that causes problems. It isn't on my task manager's list. It isn't there.

Firefox and IE aren't doing this.

I don't know if this is malware, adware, or just a problem with my browsers. I already posted in the Chrome and other browsers sub-forum, only to be told to go here.

I don't have access to a re-install disc or boot CD for Windows.

Please note that DDS isn't working for me. I have downloaded it from the provided link, as well as a different one, and it never works. It always says to me that it "can't run in compatibility mode."

In place of a DDS log, here are my HijackThis logs. If you can help me make DDS work, I'll see about getting those logs. I figured it was better to provide something than nothing.

-----------

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:20:06 PM, on 11/24/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 42.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Users\Nicholas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=yset_ie_sy...ype=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 11802 bytes
NicholasA1 is offline  
Sponsored Links
Advertisement
 
Old 11-24-2015, 07:02 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-26-2015, 03:22 PM   #3
Registered Member
 
Join Date: Jan 2015
Posts: 12
OS: Windows 8.1



Sorry it took so long to get back to you. Immediately after making my original post, I did a system restore, which resulted in my having to reinstall my browsers. Everything seems to be running normally now.

So please delete or close this thread. Unless, of course, you still think I should go through the process just to be safe. Then I will go through the process. If not, then feel free to close up, and please accept my apologies. It wasn't my intention to waste your time.
NicholasA1 is offline  
Sponsored Links
Advertisement
 
Old 11-26-2015, 06:19 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello. You didn't waste my time. And I would like to see your logs.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-03-2015, 09:43 PM   #5
Registered Member
 
Join Date: Jan 2015
Posts: 12
OS: Windows 8.1



Wow, I don't know what happened. There is no excuse for me being unresponsive for this long. I am very sorry. I promise I'll do better. Anyway, if you're still willing to look at my logs, here is the first one. I will attach the AdwCleaner in my next post. I'm so sorry, I just had a brain fart.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Nicholas (administrator) on NICKSCOMPUTER (04-12-2015 00:36:38)
Running from C:\Users\Nicholas\Downloads
Loaded Profiles: Nicholas & (Available Profiles: Nicholas & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-06-15] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-06-15] (IDT, Inc.)
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-09-03] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [839208 2015-11-26] (Webroot)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001\...\MountPoints2: {c0e7013d-efc7-11e2-be74-78e3b5be37d9} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001\...\MountPoints2: {d131ea20-de06-11e2-be70-78e3b5be37d9} - "J:\LaunchU3.exe" -a
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001\...\MountPoints2: {f31c0877-036e-11e3-be74-78e3b5be37d9} - "F:\iLinker.exe"
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c0e7013d-efc7-11e2-be74-78e3b5be37d9} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d131ea20-de06-11e2-be70-78e3b5be37d9} - "J:\LaunchU3.exe" -a
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f31c0877-036e-11e3-be74-78e3b5be37d9} - "F:\iLinker.exe"
HKU\S-1-5-21-1256994616-2630200229-2914135472-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-06-07]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-06-07]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-18]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7839F0B5-FCCB-4255-9766-04DFCD4C903A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{FF0F7469-E594-418D-B180-945076985E88}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
URLSearchHook: [S-1-5-21-1256994616-2630200229-2914135472-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {705A0BB1-C564-46E1-BDB5-684B6F3EBF4B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {705A0BB1-C564-46E1-BDB5-684B6F3EBF4B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001 -> {3B872AF3-2F1B-4381-ACB3-467AB3793607} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001 -> {705A0BB1-C564-46E1-BDB5-684B6F3EBF4B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {3B872AF3-2F1B-4381-ACB3-467AB3793607} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {705A0BB1-C564-46E1-BDB5-684B6F3EBF4B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-06-07] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-30] (Webroot)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-10] (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-06-07] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-30] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-10] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-06-07] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-06-07] (Webroot)
Toolbar: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:
========
FF ProfilePath: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\64hxnr5f.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-18] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1256994616-2630200229-2914135472-1001: hp.com/HPDetect -> C:\Users\Nicholas\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: hp.com/HPDetect -> C:\Users\Nicholas\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-06-30] [not signed]
FF Extension: Webroot Password Manager - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\64hxnr5f.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-06-07] [not signed]
FF Extension: Video DownloadHelper - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\64hxnr5f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Do Not Disturb!) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-11-24]
CHR Extension: (Boomerang for Gmail) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Webroot Password Manager) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-06-07]
CHR Extension: (Instagram for Chrome) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-11-28]
CHR Extension: (Gmail) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-06-07]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-29] (The OpenVPN Project)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-18] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-06-15] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [839208 2015-11-26] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2512016 2014-06-13] (MediaTek Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-11-04] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-30] (Webroot)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 00:36 - 2015-12-04 00:36 - 02350080 _____ (Farbar) C:\Users\Nicholas\Downloads\FRST64.exe
2015-12-04 00:36 - 2015-12-04 00:36 - 00022919 _____ C:\Users\Nicholas\Downloads\FRST.txt
2015-12-04 00:36 - 2015-12-04 00:36 - 00000000 ____D C:\FRST
2015-12-03 09:38 - 2015-12-03 09:38 - 00081788 _____ C:\Users\Nicholas\Desktop\General test with answers.pdf
2015-12-03 03:43 - 2015-12-03 03:43 - 03672514 _____ C:\Users\Nicholas\Desktop\dmv60a.pdf
2015-12-02 23:19 - 2015-12-02 23:19 - 06341607 _____ C:\Users\Nicholas\Downloads\Honey Tickle Interrogation Sample.wmv
2015-12-02 23:18 - 2015-12-02 23:18 - 05477583 _____ C:\Users\Nicholas\Downloads\Jessica All Over Sample.wmv
2015-12-02 23:14 - 2015-12-02 23:15 - 05373589 _____ C:\Users\Nicholas\Downloads\Sexy Jessie Nylons Sample.wmv
2015-12-02 01:01 - 2015-12-02 01:01 - 00023368 _____ C:\Users\Nicholas\Downloads\RTD00768180+pdf+preview.pdf
2015-11-30 02:34 - 2015-11-30 02:34 - 11373475 _____ C:\Users\Nicholas\Downloads\Lotus_Part_2..rm
2015-11-29 20:02 - 2015-12-04 00:29 - 00003516 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateFiles_Nicholas
2015-11-29 20:02 - 2015-12-04 00:29 - 00003510 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateXML_Nicholas
2015-11-29 20:02 - 2015-11-29 20:02 - 00003634 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperResumePrompt_Nicholas
2015-11-29 20:02 - 2015-11-29 20:02 - 00003236 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperLogonPrompt_Nicholas
2015-11-25 03:20 - 2015-12-03 03:43 - 00000000 ____D C:\Users\Nicholas\Desktop\japan
2015-11-24 16:04 - 2015-11-24 16:04 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-24 16:04 - 2015-11-24 16:04 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-24 16:03 - 2015-11-24 16:03 - 00243656 _____ C:\Users\Nicholas\Downloads\Firefox Setup Stub 42.0.exe
2015-11-24 15:17 - 2015-07-05 05:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-11-24 13:56 - 2015-11-24 13:56 - 00002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-24 13:56 - 2015-11-24 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-24 13:55 - 2015-12-03 12:05 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-24 13:55 - 2015-12-03 08:08 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-24 13:55 - 2015-12-02 13:00 - 00003906 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-24 13:55 - 2015-12-02 13:00 - 00003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-23 14:37 - 2015-11-23 14:37 - 00258840 _____ C:\Users\Nicholas\Downloads\2014TurboTaxReturn.pdf
2015-11-22 19:45 - 2015-11-22 19:45 - 00748221 _____ C:\Users\Nicholas\Downloads\Pokemon - Gold Version (USA, Europe).zip
2015-11-22 19:42 - 2015-11-24 17:56 - 00000000 ____D C:\Users\Nicholas\Downloads\TGBDUE-7_2053-0_96
2015-11-22 19:42 - 2015-11-22 19:42 - 00269070 _____ C:\Users\Nicholas\Downloads\TGBDUE-7_2053-0_96.zip
2015-11-21 01:37 - 2015-11-21 01:41 - 00000000 ____D C:\AdwCleaner
2015-11-21 01:14 - 2015-11-21 01:41 - 00000000 ____D C:\Users\Nicholas\AppData\Local\CrashDumps
2015-11-21 01:11 - 2015-11-24 13:43 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-20 17:49 - 2015-11-24 13:55 - 00000000 ____D C:\Users\Nicholas\AppData\Local\Deployment
2015-11-20 11:43 - 2015-11-20 11:43 - 00839208 _____ (Webroot) C:\Program1
2015-11-06 16:24 - 2015-11-06 16:24 - 00500240 _____ C:\Users\Nicholas\Downloads\96final Nov 1 2015.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 00:36 - 2014-06-07 22:58 - 00000000 ____D C:\ProgramData\WRData
2015-12-04 00:36 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-04 00:31 - 2013-06-25 20:37 - 05057536 ___SH C:\Users\Nicholas\Desktop\Thumbs.db
2015-12-04 00:27 - 2014-06-07 22:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-03 15:38 - 2014-06-07 22:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-03 08:08 - 2014-06-15 20:52 - 00000000 ___DO C:\Users\Nicholas\OneDrive
2015-12-02 23:50 - 2013-06-27 23:27 - 07580160 ___SH C:\Users\Nicholas\Downloads\Thumbs.db
2015-12-02 15:17 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-30 02:46 - 2013-06-27 23:10 - 00000000 ____D C:\Users\Nicholas\dwhelper
2015-11-30 02:37 - 2014-06-07 22:09 - 00000000 ____D C:\Users\Nicholas\AppData\Roaming\vlc
2015-11-28 15:38 - 2014-03-18 05:03 - 00956480 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 16:12 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-26 16:30 - 2014-06-07 05:12 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1256994616-2630200229-2914135472-1001
2015-11-26 14:45 - 2014-06-07 22:58 - 00170760 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-11-26 14:45 - 2014-06-07 22:58 - 00105888 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-11-24 16:04 - 2015-10-15 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-24 16:04 - 2014-06-07 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-24 15:57 - 2015-07-12 20:11 - 00003192 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNicholas
2015-11-24 15:57 - 2015-07-12 20:11 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNicholas.job
2015-11-24 15:18 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-24 13:56 - 2014-06-07 05:26 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-24 13:48 - 2014-06-15 20:32 - 00000000 ____D C:\Users\Nicholas
2015-11-24 13:45 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 13:43 - 2014-10-29 20:02 - 00000000 ____D C:\Users\Nicholas\AppData\Roaming\WebApp
2015-11-24 13:43 - 2014-09-22 01:21 - 00000000 ____D C:\Program Files (x86)\Flag 3D Screensaver
2015-11-24 13:43 - 2014-08-07 01:44 - 00000000 ____D C:\Users\Nicholas\.smplayer
2015-11-24 13:43 - 2014-06-15 20:32 - 00000000 ____D C:\Users\Administrator
2015-11-24 13:43 - 2014-06-07 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-11-24 13:43 - 2014-06-07 22:58 - 00000000 ____D C:\Program Files\Webroot
2015-11-24 13:43 - 2014-06-07 05:04 - 00000000 ____D C:\Users\Nicholas\AppData\Local\VirtualStore
2015-11-24 13:43 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-24 13:43 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-24 13:43 - 2013-03-28 13:02 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2015-11-24 13:42 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-24 13:36 - 2014-09-22 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2015-11-24 13:36 - 2014-06-07 21:35 - 00000000 ____D C:\ProgramData\Real
2015-11-24 13:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2015-11-21 02:04 - 2013-06-25 20:12 - 00000000 ____D C:\Users\Nicholas\Desktop\Cover Letters
2015-11-17 21:27 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 14:08 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-11 07:38 - 2014-06-07 22:40 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-04 03:16 - 2014-06-07 22:58 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys

==================== Files in the root of some directories =======

2014-06-07 22:59 - 2014-06-07 22:59 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-08-08 21:19 - 2015-08-08 21:24 - 0005632 _____ () C:\Users\Nicholas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-19 15:11 - 2014-06-21 13:17 - 0001437 _____ () C:\ProgramData\hpzinstall.log
2014-06-07 05:05 - 2014-06-07 05:05 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Nicholas\AppData\Local\Temp\Extract.exe
C:\Users\Nicholas\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Nicholas\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Nicholas\AppData\Local\Temp\lowproc.exe
C:\Users\Nicholas\AppData\Local\Temp\SP64076.exe
C:\Users\Nicholas\AppData\Local\Temp\SP64769.exe
C:\Users\Nicholas\AppData\Local\Temp\SP66742.exe
C:\Users\Nicholas\AppData\Local\Temp\SP67760.exe
C:\Users\Nicholas\AppData\Local\Temp\stubhelper.dll
C:\Users\Nicholas\AppData\Local\Temp\WRupdate560984.exe
C:\Users\Nicholas\AppData\Local\Temp\WRupdate600671.exe
C:\Users\Nicholas\AppData\Local\Temp\WRupdate605974031.exe
C:\Users\Nicholas\AppData\Local\Temp\WRupdate89093828.exe
C:\Users\Nicholas\AppData\Local\Temp\WRupdate89098156.exe
C:\Users\Nicholas\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-26 03:31

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (44.0 KB, 18 views)
NicholasA1 is offline  
Old 12-03-2015, 09:51 PM   #6
Registered Member
 
Join Date: Jan 2015
Posts: 12
OS: Windows 8.1



Here is Adw Cleaner. Again, I am very sorry.

# AdwCleaner v5.021 - Logfile created 21/11/2015 at 01:41:52
# Updated 14/11/2015 by Xplode
# Database : 2015-11-19.4 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Nicholas - NICKSCOMPUTER
# Running from : C:\Users\Nicholas\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[x] Folder Not Deleted : C:\Users\Nicholas\AppData\Local\YSearchUtil
[x] Folder Not Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.darklyrics.com_0.localstorage
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.darklyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage
[-] File Deleted : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[x] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[x] Key Not Deleted : HKCU\Software\APN PIP
[x] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[x] Key Not Deleted : HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\APN PIP

***** [ Web browsers ] *****

[x] [C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : aol.com
[x] [C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3569 bytes] ##########
# AdwCleaner v5.023 - Logfile created 04/12/2015 at 00:47:09
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Nicholas - NICKSCOMPUTER
# Running from : C:\Users\Nicholas\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Nicholas\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[-] Key Deleted : HKU\S-1-5-21-1256994616-2630200229-2914135472-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\APN PIP

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5539 bytes] ##########
NicholasA1 is offline  
Old 12-04-2015, 06:07 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, NicholasA1. You should be good to go.

Your Java is out of date though.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-04-2015, 10:29 AM   #8
Registered Member
 
Join Date: Jan 2015
Posts: 12
OS: Windows 8.1



Thanks. I'll go ahead and update Java. Sorry again about the brain fart.
NicholasA1 is offline  
Old 12-04-2015, 12:20 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome, and no need to apologize.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
New Tabs opening in Firefox after pressing enter
Hi all, Recently I followed a link in a forum that supposedly installed the aurora hijack. I thought nothing of it as I have had no symptons. Until now. I cannot confirm this is the issue, but other members of the forum have said this. This morning I started a chat with my dad in facebook,...
Major Neb Inactive Malware Help Topics 2 07-07-2011 09:57 PM
Internet Explorer rediredting and opening new tabs
Good evening. My Internet on my laptop is redirecting and opening new tabs. I tried to post twice, attched log, and something diabled IE before it would go through. I had to move the files to this other pc to get them out. I do hope they dont all show up later. We had a virus earlier this week, but...
northgp Resolved HJT Threads 17 06-06-2011 02:52 PM
Trojan Infecting Google searches, opening Tabs in Firefox?
Greetings all. I came here in early 2009 with a problem and you guys were great, so I am hoping we can do this again. I noticed my PC (Win XP SP2) would give me false Google search results with Firefox. It would open the Google search results, but when you clicked any link it took you to a...
doctorwho737 Virus/Trojan/Spyware Help 20 03-21-2011 02:23 PM
New browser tabs opening and directing to attack sites.
Hi there, I'm not sure how I did this, but I've infected my computer with trojans / malware. I ran updated and ran both AVG and then Malwarebytes and they each found and succesfully cleaned some trojan infections. But they didn't fix everything. When I google something and click on a link, I...
malleusmalefic Inactive Malware Help Topics 10 03-19-2011 04:38 AM
Virus opening internet browser tabs and searching random criteria
Hi, i know this is a common problem, but my internet browser, firefox, keeps opening random tabs and searching items, then pulling up dangerous pages. I know this must be a virus which is a pain the ***. Help please?
Liam9588 Resolved HJT Threads 1 01-03-2011 09:01 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:41 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts