Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Infected by PUA.Yontoo.c!gen4

This is a discussion on Infected by PUA.Yontoo.c!gen4 within the Resolved HJT Threads forums, part of the Tech Support Forum category. My computer has been infected with the above, if place pop ups in my browser and repeatedly opens new pages


 
 
Thread Tools Search this Thread
Old 03-31-2016, 11:26 AM   #1
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



My computer has been infected with the above, if place pop ups in my browser and repeatedly opens new pages of adverts. Norton security detects it and tries to remove it with power eraser but it is not successful.

Following is the dds.txt file
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by BrianwfPC at 18:20:52 on 2016-03-31
Microsoft Windows 10 Home 10.0.10586.0.1252.44.1033.18.8136.6045 [GMT 1:00]
.
AV: Norton Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe
C:\Windows\system32\dashost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\taskhostw.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\anyda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\5\plugin.exe
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\2\plugin.exe
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\8\plugin.exe
C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\10\plugin.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
C:\Program Files\Dell\Product Registration\PRSvc.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
svchost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
mStart Page = about:blank
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll
uRun: [OneDrive] "C:\Users\anyda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 82.163.142.7 95.211.158.134
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{24ca947f-42bd-467e-ba23-118924f63416} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53} : DHCPNameServer = 82.163.142.7
TCP: Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75} : DHCPNameServer = 82.163.142.7
TCP: Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021} : DHCPNameServer = 82.163.142.7
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-mStart Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coieplg.dll
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_MAXX6] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
x64-Run: [WavesSvc] "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-6-24 1455552]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2015-10-30 46432]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\NSx64\1606000.08E\symefasi64.sys [2016-3-2 1621232]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\BASHDefs\20160316.006\BHDrvx64.sys [2016-3-3 1766640]
R1 ccSet_NS;NS Settings Manager;C:\Windows\System32\drivers\NSx64\1606000.08E\ccsetx64.sys [2016-3-2 173808]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2016-2-9 91912]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\IPSDefs\20160330.002\IDSviA64.sys [2016-3-31 767224]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NSx64\1606000.08E\ironx64.sys [2016-3-2 295664]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NSx64\1606000.08E\symnets.sys [2016-3-2 577768]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2015-6-8 323152]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2015-9-22 137968]
R2 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2016-1-15 119656]
R2 Dell Product Registration;Dell Product Registration;C:\Program Files\Dell\Product Registration\PRSvc.exe [2016-1-25 32104]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-1-5 2571352]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2016-1-5 201816]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-6-24 238320]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-24 18856]
R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe [2016-3-2 289080]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-2-9 307456]
R2 Service Mgr GenerousDeal;Service Mgr GenerousDeal;C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [2016-2-23 1415912]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2016-3-14 31928]
R2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 Update Mgr GenerousDeal;Update Mgr GenerousDeal;C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [2016-2-23 1279720]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2015-6-8 604776]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\drivers\BthLEEnum.sys [2016-2-24 245760]
R3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2016-1-5 32464]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2016-1-5 24240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-2-25 157520]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2016-2-9 886528]
R3 RTSUER;Realtek USB Card Reader - UER;C:\Windows\System32\drivers\RtsUer.sys [2016-2-9 402136]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2015-10-30 28512]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\drivers\NSx64\1606000.08E\symelam.sys [2016-3-2 24192]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2016-2-24 117248]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-30 117760]
S3 IoQos;IoQos;C:\Windows\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 UsoSvc;Update Orchestrator Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\Windows\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2016-3-1 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2016-3-1 29696]
S4 CDPSvc;Connected Device Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-03-30 07:34:50 -------- d-----w- C:\ProgramData\Trend Micro
2016-03-30 07:33:31 307352 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2016-03-28 16:38:01 -------- d-----w- C:\ProgramData\b6aeaac3-42b3-0
2016-03-28 11:19:56 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2016-03-28 11:19:55 -------- d-----w- C:\Program Files\Dell Support Center
2016-03-28 10:33:08 -------- d-----w- C:\ProgramData\b6aeaac3-3061-0
2016-03-28 10:33:04 -------- d-----w- C:\ProgramData\aae46d6d
2016-03-28 10:32:26 -------- d-----w- C:\ProgramData\{05bf97a3-512c-1}
2016-03-28 10:32:26 -------- d-----w- C:\ProgramData\{016ec4f0-712c-0}
2016-03-28 10:22:50 -------- d-----w- C:\Program Files\iPod
2016-03-28 10:22:50 -------- d-----w- C:\Program Files (x86)\iTunes
2016-03-28 10:22:49 -------- d---a-w- C:\Program Files\iTunes
2016-03-28 10:13:59 700416 ----a-w- C:\Windows\System32\AppointmentApis.dll
2016-03-28 10:11:26 -------- d-----w- C:\Users\anyda\IAM_Databaseword
2016-03-04 16:14:45 -------- d---a-w- C:\Users\anyda\IAM_Database
2016-03-02 18:28:16 -------- d-----w- C:\Program Files\Common Files\AV
2016-03-02 18:22:02 577768 ----a-w- C:\Windows\System32\drivers\NSx64\1606000.08E\symnets.sys
2016-03-02 18:22:02 24192 ----a-r- C:\Windows\System32\drivers\NSx64\1606000.08E\symelam.sys
2016-03-02 18:22:01 928504 ----a-w- C:\Windows\System32\drivers\NSx64\1606000.08E\srtsp64.sys
2016-03-02 18:22:01 50936 ----a-r- C:\Windows\System32\drivers\NSx64\1606000.08E\srtspx64.sys
2016-03-02 18:22:01 295664 ----a-w- C:\Windows\System32\drivers\NSx64\1606000.08E\ironx64.sys
2016-03-02 18:22:01 173808 ----a-r- C:\Windows\System32\drivers\NSx64\1606000.08E\ccsetx64.sys
2016-03-02 18:22:01 1621232 ----a-w- C:\Windows\System32\drivers\NSx64\1606000.08E\symefasi64.sys
2016-03-02 18:21:39 -------- d-----w- C:\Windows\System32\drivers\NSx64\1606000.08E
2016-03-02 17:54:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2016-03-02 17:54:35 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2016-03-02 17:54:35 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2016-03-02 17:54:22 -------- d---a-w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2016-03-02 17:54:22 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0701000.01A
2016-03-02 17:54:22 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2016-03-02 16:03:33 -------- d-----w- C:\Users\anyda\AppData\Local\CrashDumps
2016-03-01 19:44:59 86528 ----a-w- C:\Windows\System32\AppCapture.dll
2016-03-01 19:44:59 83456 ----a-w- C:\Windows\SysWow64\InputLocaleManager.dll
2016-03-01 19:44:59 41984 ----a-w- C:\Windows\System32\TimeBrokerClient.dll
2016-03-01 19:44:59 414720 ----a-w- C:\Windows\System32\bcastdvr.exe
2016-03-01 19:44:59 37376 ----a-w- C:\Windows\System32\LaunchWinApp.exe
2016-03-01 19:44:59 31744 ----a-w- C:\Windows\SysWow64\TimeBrokerClient.dll
2016-03-01 19:44:59 29696 ----a-w- C:\Windows\SysWow64\LaunchWinApp.exe
2016-03-01 19:44:59 115712 ----a-w- C:\Windows\System32\srpapi.dll
2016-03-01 19:44:59 108544 ----a-w- C:\Windows\System32\InputLocaleManager.dll
2016-03-01 17:37:38 999424 ----a-w- C:\Windows\System32\hpgt3800.dll
2016-03-01 17:37:38 802816 ----a-w- C:\Windows\System32\hpxp3800.dll
2016-03-01 17:37:38 727040 ----a-w- C:\Windows\System32\hp3800co.dll
2016-03-01 17:27:01 -------- d-----w- C:\Users\anyda\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2016-03-08 07:12:26 829944 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26 176632 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-01 05:31:29 848168 ----a-w- C:\Windows\System32\mfsvr.dll
2016-03-01 05:22:47 709688 ----a-w- C:\Windows\SysWow64\mfsvr.dll
2016-02-25 15:31:13 111344 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2016-02-24 09:52:06 1997328 ----a-w- C:\Windows\System32\KernelBase.dll
2016-02-24 09:51:58 7474528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-02-24 09:48:32 713568 ----a-w- C:\Windows\System32\invagent.dll
2016-02-24 09:47:03 1173344 ----a-w- C:\Windows\System32\aeinv.dll
2016-02-24 09:40:06 513888 ----a-w- C:\Windows\System32\devinv.dll
2016-02-24 09:34:50 1613664 ----a-w- C:\Windows\System32\diagtrack.dll
2016-02-24 09:28:35 3449168 ----a-w- C:\Windows\System32\WSService.dll
2016-02-24 09:15:07 1557768 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-02-24 08:58:26 794888 ----a-w- C:\Windows\System32\mfds.dll
2016-02-24 08:51:24 1322248 ----a-w- C:\Windows\System32\ole32.dll
2016-02-24 08:50:49 808800 ----a-w- C:\Windows\System32\WWAHost.exe
2016-02-24 08:46:25 6607080 ----a-w- C:\Windows\System32\windows.storage.dll
2016-02-24 08:43:01 625000 ----a-w- C:\Windows\System32\ClipSVC.dll
2016-02-24 08:39:30 141560 ----a-w- C:\Windows\System32\AuthHost.exe
2016-02-24 08:39:01 358752 ----a-w- C:\Windows\System32\msv1_0.dll
2016-02-24 08:19:18 670928 ----a-w- C:\Windows\SysWow64\mfds.dll
2016-02-24 08:14:23 216416 ----a-w- C:\Windows\System32\AppxAllUserStore.dll
2016-02-24 08:11:46 957608 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-02-24 08:11:07 258280 ----a-w- C:\Windows\System32\sqmapi.dll
2016-02-24 08:11:03 652392 ----a-w- C:\Windows\System32\dxgi.dll
2016-02-24 08:11:03 394080 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-02-24 08:11:03 1997152 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-02-24 08:11:01 703840 ----a-w- C:\Windows\SysWow64\WWAHost.exe
2016-02-24 08:10:54 576864 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2016-02-24 08:10:52 630632 ----a-w- C:\Windows\System32\fontdrvhost.exe
2016-02-24 08:09:58 640472 ----a-w- C:\Windows\System32\wer.dll
2016-02-24 08:09:49 147808 ----a-w- C:\Windows\System32\wermgr.exe
2016-02-24 0839 5242496 ----a-w- C:\Windows\SysWow64\windows.storage.dll
2016-02-24 07:59:11 294752 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-02-24 07:39:44 23552 ----a-w- C:\Windows\System32\ExtrasXmlParser.dll
2016-02-24 07:39:34 45568 ----a-w- C:\Windows\System32\UserDataTypeHelperUtil.dll
2016-02-24 07:38:35 187744 ----a-w- C:\Windows\SysWow64\AppxAllUserStore.dll
2016-02-24 07:38:12 111616 ----a-w- C:\Windows\System32\UserDataTimeUtil.dll
2016-02-24 07:37:58 45056 ----a-w- C:\Windows\System32\UserDataLanguageUtil.dll
2016-02-24 07:36:17 60416 ----a-w- C:\Windows\System32\PimIndexMaintenanceClient.dll
2016-02-24 07:35:26 220064 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2016-02-24 07:35:24 523752 ----a-w- C:\Windows\SysWow64\dxgi.dll
2016-02-24 07:35:18 45568 ----a-w- C:\Windows\System32\atmlib.dll
2016-02-24 07:35:08 540752 ----a-w- C:\Windows\SysWow64\fontdrvhost.exe
2016-02-24 07:33:53 141664 ----a-w- C:\Windows\SysWow64\wermgr.exe
2016-02-24 07:33:49 538736 ----a-w- C:\Windows\SysWow64\wer.dll
2016-02-24 07:31:49 118272 ----a-w- C:\Windows\System32\fontsub.dll
2016-02-24 07:30:18 25600 ----a-w- C:\Windows\System32\wfapigp.dll
2016-02-24 07:28:12 70656 ----a-w- C:\Windows\System32\POSyncServices.dll
2016-02-24 07:23:20 68096 ----a-w- C:\Windows\System32\UserDataPlatformHelperUtil.dll
2016-02-24 07:23:20 112640 ----a-w- C:\Windows\System32\drivers\bthenum.sys
2016-02-24 07:23:09 91648 ----a-w- C:\Windows\System32\asycfilt.dll
2016-02-24 07:22:03 196608 ----a-w- C:\Windows\System32\fwpolicyiomgr.dll
2016-02-24 07:20:57 167936 ----a-w- C:\Windows\System32\dafBth.dll
2016-02-24 07:20:35 195072 ----a-w- C:\Windows\System32\VCardParser.dll
2016-02-24 07:20:00 87552 ----a-w- C:\Windows\System32\AppxSysprep.dll
2016-02-24 07:19:56 31232 ----a-w- C:\Windows\System32\seclogon.dll
2016-02-24 07:19:10 145408 ----a-w- C:\Windows\System32\dssvc.dll
2016-02-24 07:15:29 365568 ----a-w- C:\Windows\System32\atmfd.dll
2016-02-24 07:14:00 274944 ----a-w- C:\Windows\System32\ExSMime.dll
2016-02-24 07:13:57 121856 ----a-w- C:\Windows\System32\AppointmentActivation.dll
2016-02-24 07:12:54 243712 ----a-w- C:\Windows\System32\cemapi.dll
2016-02-24 07:12:03 221184 ----a-w- C:\Windows\System32\PhoneCallHistoryApis.dll
2016-02-24 07:10:05 93184 ----a-w- C:\Windows\System32\wpninprc.dll
2016-02-24 07:09:04 258560 ----a-w- C:\Windows\System32\UserDataAccountApis.dll
2016-02-24 07:09:00 161792 ----a-w- C:\Windows\System32\AppxSip.dll
2016-02-24 07:07:53 252928 ----a-w- C:\Windows\System32\PimIndexMaintenance.dll
2016-02-24 07:05:00 208896 ----a-w- C:\Windows\System32\storewuauth.dll
2016-02-24 07:03:16 88576 ----a-w- C:\Windows\SysWow64\olepro32.dll
2016-02-24 07:02:17 161280 ----a-w- C:\Windows\System32\CallHistoryClient.dll
2016-02-24 07:01:56 146432 ----a-w- C:\Windows\System32\AuthBroker.dll
2016-02-24 07:01:21 764928 ----a-w- C:\Windows\System32\Chakradiag.dll
2016-02-24 07:01:15 67584 ----a-w- C:\Windows\System32\profext.dll
2016-02-24 07:00:00 214528 ----a-w- C:\Windows\System32\Windows.Devices.Scanners.dll
2016-02-24 06:59:55 450560 ----a-w- C:\Windows\System32\Windows.Internal.Bluetooth.dll
2016-02-24 06:59:44 318976 ----a-w- C:\Windows\System32\domgmt.dll
2016-02-24 06:59:32 360448 ----a-w- C:\Windows\System32\vaultsvc.dll
2016-02-24 06:58:29 685568 ----a-w- C:\Windows\System32\scapi.dll
2016-02-24 06:55:57 790528 ----a-w- C:\Windows\System32\EmailApis.dll
2016-02-24 06:55:39 224256 ----a-w- C:\Windows\System32\PackageStateRoaming.dll
2016-02-24 06:55:08 18944 ----a-w- C:\Windows\SysWow64\ExtrasXmlParser.dll
2016-02-24 06:54:57 37888 ----a-w- C:\Windows\SysWow64\UserDataTypeHelperUtil.dll
2016-02-24 06:54:55 228352 ----a-w- C:\Windows\System32\wsqmcons.exe
2016-02-24 06:54:45 288768 ----a-w- C:\Windows\System32\vaultcli.dll
2016-02-24 06:54:09 526336 ----a-w- C:\Windows\System32\FirewallAPI.dll
2016-02-24 06:53:47 89088 ----a-w- C:\Windows\SysWow64\UserDataTimeUtil.dll
2016-02-24 06:53:35 37888 ----a-w- C:\Windows\SysWow64\UserDataLanguageUtil.dll
2016-02-24 06:52:12 48128 ----a-w- C:\Windows\SysWow64\PimIndexMaintenanceClient.dll
2016-02-24 06:52:11 451584 ----a-w- C:\Windows\System32\werui.dll
2016-02-24 06:51:21 37376 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-02-24 06:49:50 726528 ----a-w- C:\Windows\System32\ChatApis.dll
2016-02-24 06:47:58 93696 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-02-24 06:46:33 20480 ----a-w- C:\Windows\SysWow64\wfapigp.dll
2016-02-24 06:44:46 56320 ----a-w- C:\Windows\SysWow64\POSyncServices.dll
2016-02-24 06:44:18 1713664 ----a-w- C:\Windows\System32\SRHInproc.dll
2016-02-24 06:44:00 915456 ----a-w- C:\Windows\System32\configurationclient.dll
2016-02-24 06:43:59 286720 ----a-w- C:\Windows\System32\deviceaccess.dll
2016-02-24 06:43:12 957952 ----a-w- C:\Windows\System32\SRH.dll
2016-02-24 06:42:48 954368 ----a-w- C:\Windows\System32\drivers\bthport.sys
2016-02-24 06:42:42 84992 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
.
============= FINISH: 18:21:22.37 ===============
Attached Files
File Type: txt attach.txt (19.1 KB, 22 views)
HTCK is offline  
Sponsored Links
Advertisement
 
Old 03-31-2016, 08:05 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-01-2016, 01:57 AM   #3
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi - many thanks for your assistance, have run progs as you recommended and following is the results.

# AdwCleaner v5.108 - Logfile created 01/04/2016 at 09:31:47
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : BrianwfPC - DESKTOP-0NRKU54
# Running from : C:\Users\anyda\Downloads\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

Service Found : Service Mgr GenerousDeal
Service Found : Update Mgr GenerousDeal

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Generous Deal
Folder Found : C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1
Folder Found : C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
Folder Found : C:\ProgramData\aae46d6d
Folder Found : C:\ProgramData\b6aeaac3-3061-0
Folder Found : C:\ProgramData\b6aeaac3-42b3-0
Folder Found : C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\f33a1245-0905-0
Folder Found : C:\ProgramData\f33a1245-5751-1
Folder Found : C:\ProgramData\{016ec4f0-712c-0}
Folder Found : C:\ProgramData\{05bf97a3-512c-1}
Folder Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj

***** [ Files ] *****

File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\default.xml

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{aae46d6d}
Key Found : HKLM\SOFTWARE\Classes\AppID\{186d55b6-3e7a-4ecf-b2fd-cf1752c37935}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4c91a207-8965-4965-ab46-61c9fcf589be}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0B9C833D-FD90-47F3-B4CE-DE4D13701B72}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - OldSearch
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {28B0910C-F091-424C-A744-46380B0F1037}
Value Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Data Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - OldSearch
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021} [NameServer] - 82.163.142.7 95.211.158.134
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\generousdeal-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\oursearchwindow-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\generousdeal-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\oursearchwindow-a.akamaihd.net

***** [ Web browsers ] *****

[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaB0tXUUEeGGlxR1dMbkBRE1xZE1oZdlxNJFZP");
[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA18DB0VXfWFoKB8fHHpWMmpdAEsSSWJKLl1XFg==");
[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("keyword.URL", "hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTR0cFME0FB18EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}");
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU=
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTQkcFME0FBloEURNNfX5dD1wDTkBQBFxZDQ==&q={searchTerms}
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nfhajoihhonkjdebdjijicekpappijdj

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [8042 bytes] - [01/04/2016 09:31:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8115 bytes] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by BrianwfPC (administrator) on DESKTOP-0NRKU54 (01-04-2016 09:42:40)
Running from C:\Users\anyda\Downloads
Loaded Profiles: BrianwfPC (Available Profiles: BrianwfPC)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
() C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\5\Plugin.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\10\Plugin.exe
(Dell) C:\Program Files\Dell\Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714672 2015-09-25] (Waves Audio Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795704 2015-08-07] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-448899356-3544988821-2452118910-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-448899356-3544988821-2452118910-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{24ca947f-42bd-467e-ba23-118924f63416}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKLM -> {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> DefaultScope OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaB0tXUUEeGGlxR1dMbkBRE1xZE1oZdlxNJFZP
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA18DB0VXfWFoKB8fHHpWMmpdAEsSSWJKLl1XFg==
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTR0cFME0FB18EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\anyda\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
FF user.js: detected! => C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\user.js [2016-02-24]
FF SearchPlugin: C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\default.xml [2016-02-25]
FF SearchPlugin: C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\McSiteAdvisor.xml [2016-02-25]
FF SearchPlugin: C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\norton-safe-search.xml [2016-02-25]
FF Extension: Blocker - C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\@kikikokicicidada.xpi [2016-02-25]
FF Extension: uBlock Origin - C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\[email protected] [2016-02-25]
FF Extension: Our Search Window - C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\{4fc93697-721a-497e-9e4a-a3df29915832}.xpi [2016-02-23] [not signed]
FF Extension: Generous Deal - C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\{fee256a6-b535-454f-bde0-f5adee183f89}.xpi [2016-02-22] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon [2016-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTQkcFME0FBloEURNNfX5dD1wDTkBQBFxZDQ==&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaAktXUUEeJ1pNER8fHHJGLlxKDkwCZVBCLA==
CHR Profile: C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-31]
CHR Extension: (Google Docs) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-31]
CHR Extension: (Google Drive) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-31]
CHR Extension: (YouTube) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-31]
CHR Extension: (Norton Security Toolbar) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-31]
CHR Extension: (Google Sheets) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Norton Identity Safe) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-03-31]
CHR Extension: (Generous Deal) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj [2016-04-01] [UpdateUrl: hxxp://cdn.generousdeal.com/update] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-31]
CHR Extension: (Gmail) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-08] (Windows (R) Win 7 DDK provider)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2016-01-25] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-06] (Realtek Semiconductor)
R2 Service Mgr GenerousDeal; C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [1415912 2016-02-25] () <==== ATTENTION
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
R2 Update Mgr GenerousDeal; C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [1279720 2016-02-25] () <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-06] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\BASHDefs\20160401.001\BHDrvx64.sys [1766640 2016-03-03] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-11-12] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\IPSDefs\20160331.001\IDSvia64.sys [767224 2016-03-24] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-09-01] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160331.022\ENG64.SYS [138488 2016-03-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160331.022\EX64.SYS [2148080 2016-03-28] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-13] (Realsil Semiconductor Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-11-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-11-12] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 09:42 - 2016-04-01 09:43 - 00023386 _____ C:\Users\anyda\Downloads\FRST.txt
2016-04-01 09:42 - 2016-04-01 09:42 - 00000000 ____D C:\FRST
2016-04-01 09:41 - 2016-04-01 09:41 - 02374144 _____ (Farbar) C:\Users\anyda\Downloads\FRST64.exe
2016-04-01 09:35 - 2016-04-01 09:36 - 00228540 _____ C:\Windows\Minidump\040116-36062-01.dmp
2016-04-01 09:35 - 2016-04-01 09:35 - 1205241991 _____ C:\Windows\MEMORY.DMP
2016-04-01 09:35 - 2016-04-01 09:35 - 00000000 ____D C:\Windows\Minidump
2016-04-01 09:31 - 2016-04-01 09:31 - 00000000 ____D C:\AdwCleaner
2016-04-01 09:30 - 2016-04-01 09:31 - 03102720 _____ C:\Users\anyda\Downloads\AdwCleaner.exe
2016-04-01 09:28 - 2016-04-01 09:28 - 00038785 _____ C:\Users\anyda\Downloads\Infected_by_PUAYontoocgen4.txt
2016-03-31 18:21 - 2016-03-31 18:21 - 00036333 _____ C:\Users\anyda\Desktop\dds.txt
2016-03-31 18:21 - 2016-03-31 18:21 - 00019562 _____ C:\Users\anyda\Desktop\attach.txt
2016-03-31 18:19 - 2016-03-31 18:20 - 00688992 ____R (Swearware) C:\Users\anyda\Desktop\dds.scr
2016-03-31 18:19 - 2016-03-31 18:19 - 00688992 _____ (Swearware) C:\Users\anyda\Downloads\dds (1).scr
2016-03-31 17:58 - 2016-03-31 17:58 - 00000000 ____D C:\Users\anyda\Downloads\backups
2016-03-30 08:47 - 2016-03-30 08:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\anyda\Downloads\HijackThis.exe
2016-03-30 08:43 - 2016-03-30 08:43 - 00685147 _____ C:\Users\anyda\AppData\Local\census.cache
2016-03-30 08:42 - 2016-03-30 08:42 - 00199445 _____ C:\Users\anyda\AppData\Local\ars.cache
2016-03-30 08:37 - 2016-03-30 08:37 - 00000010 _____ C:\Users\anyda\AppData\Local\sponge.last.runtime.cache
2016-03-30 08:34 - 2016-03-30 08:34 - 00000000 ____D C:\ProgramData\Trend Micro
2016-03-30 08:33 - 2016-03-30 08:33 - 00000036 _____ C:\Users\anyda\AppData\Local\housecall.guid.cache
2016-03-30 08:33 - 2015-05-29 08:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-03-30 08:32 - 2016-03-30 08:33 - 02526736 _____ (Trend Micro Inc.) C:\Users\anyda\Downloads\HousecallLauncher64.exe
2016-03-28 17:38 - 2016-03-28 17:38 - 00000000 ____D C:\ProgramData\b6aeaac3-42b3-0
2016-03-28 12:20 - 2016-03-28 12:20 - 00004144 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-03-28 12:20 - 2016-03-28 12:20 - 00003560 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-03-28 12:20 - 2016-03-28 12:20 - 00003430 _____ C:\Windows\System32\Tasks\PCDDataUploadTask
2016-03-28 12:20 - 2016-03-28 12:20 - 00003316 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-03-28 12:19 - 2016-03-28 12:19 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-03-28 12:19 - 2016-03-28 12:19 - 00000000 ____D C:\Program Files\Dell Support Center
2016-03-28 11:33 - 2016-03-29 20:10 - 00000000 ____D C:\ProgramData\aae46d6d
2016-03-28 11:33 - 2016-03-28 11:33 - 00003890 _____ C:\Windows\System32\Tasks\{2DD90A90-D10B-C1AF-C2AA-AEB602C52416}
2016-03-28 11:33 - 2016-03-28 11:33 - 00000000 ____D C:\ProgramData\b6aeaac3-3061-0
2016-03-28 11:32 - 2016-03-28 11:32 - 00000000 ____D C:\ProgramData\{05bf97a3-512c-1}
2016-03-28 11:32 - 2016-03-28 11:32 - 00000000 ____D C:\ProgramData\{016ec4f0-712c-0}
2016-03-28 11:23 - 2016-03-28 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-28 11:22 - 2016-03-28 11:23 - 00000000 ____D C:\Program Files\iTunes
2016-03-28 11:22 - 2016-03-28 11:22 - 00000000 ____D C:\Program Files\iPod
2016-03-28 11:22 - 2016-03-28 11:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-28 11:20 - 2016-03-28 11:20 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-03-28 11:20 - 2016-03-28 11:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-28 11:14 - 2016-03-01 06:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-03-28 11:14 - 2016-03-01 06:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-03-28 11:14 - 2016-02-24 10:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-28 11:14 - 2016-02-24 10:51 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-28 11:14 - 2016-02-24 10:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-28 11:14 - 2016-02-24 10:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-28 11:14 - 2016-02-24 10:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-03-28 11:14 - 2016-02-24 10:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-28 11:14 - 2016-02-24 09:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-28 11:14 - 2016-02-24 09:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-03-28 11:14 - 2016-02-24 09:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-03-28 11:14 - 2016-02-24 09:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-28 11:14 - 2016-02-24 09:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-03-28 11:14 - 2016-02-24 09:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-03-28 11:14 - 2016-02-24 09:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-03-28 11:14 - 2016-02-24 09:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-03-28 11:14 - 2016-02-24 09:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-03-28 11:14 - 2016-02-24 08:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-03-28 11:14 - 2016-02-24 07:44 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-03-28 11:14 - 2016-02-24 07:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-03-28 11:14 - 2016-02-24 07:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-03-28 11:14 - 2016-02-24 07:39 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-03-28 11:14 - 2016-02-24 07:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-03-28 11:14 - 2016-02-24 07:11 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-03-28 11:14 - 2016-02-24 07:09 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-03-28 11:14 - 2016-02-24 07:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-03-28 11:14 - 2016-02-24 07:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-03-28 11:14 - 2016-02-24 07:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-28 11:14 - 2016-02-24 07:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-03-28 11:14 - 2016-02-24 07:01 - 01831936 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-28 11:14 - 2016-02-24 07:00 - 02273792 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-28 11:14 - 2016-02-24 07:00 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-03-28 11:14 - 2016-02-24 06:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-03-28 11:14 - 2016-02-24 06:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-03-28 11:14 - 2016-02-24 06:20 - 22376960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-03-28 11:14 - 2016-02-24 06:18 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-28 11:14 - 2016-02-24 06:12 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-28 11:14 - 2016-02-24 06:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-28 11:14 - 2016-02-24 06:10 - 24600576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-28 11:14 - 2016-02-24 06:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-28 11:14 - 2016-02-24 06:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-28 11:14 - 2016-02-24 06:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-28 11:14 - 2016-02-24 05:59 - 05661696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-03-28 11:14 - 2016-02-24 05:55 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-03-28 11:13 - 2016-02-24 10:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-28 11:13 - 2016-02-24 10:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-28 11:13 - 2016-02-24 09:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-28 11:13 - 2016-02-24 09:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-28 11:13 - 2016-02-24 09:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-03-28 11:13 - 2016-02-24 09:39 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-28 11:13 - 2016-02-24 09:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-03-28 11:13 - 2016-02-24 09:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-03-28 11:13 - 2016-02-24 09:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-28 11:13 - 2016-02-24 09:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-03-28 11:13 - 2016-02-24 09:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-03-28 11:13 - 2016-02-24 09:10 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-03-28 11:13 - 2016-02-24 09:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-28 11:13 - 2016-02-24 09:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-03-28 11:13 - 2016-02-24 08:59 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-28 11:13 - 2016-02-24 08:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-03-28 11:13 - 2016-02-24 08:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-03-28 11:13 - 2016-02-24 08:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-03-28 11:13 - 2016-02-24 08:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-03-28 11:13 - 2016-02-24 08:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-03-28 11:13 - 2016-02-24 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-03-28 11:13 - 2016-02-24 08:35 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-03-28 11:13 - 2016-02-24 08:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-28 11:13 - 2016-02-24 08:35 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-28 11:13 - 2016-02-24 08:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-28 11:13 - 2016-02-24 08:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-28 11:13 - 2016-02-24 08:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-28 11:13 - 2016-02-24 08:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-03-28 11:13 - 2016-02-24 08:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-03-28 11:13 - 2016-02-24 08:23 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-03-28 11:13 - 2016-02-24 08:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-28 11:13 - 2016-02-24 08:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-03-28 11:13 - 2016-02-24 08:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-03-28 11:13 - 2016-02-24 08:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-03-28 11:13 - 2016-02-24 08:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-03-28 11:13 - 2016-02-24 08:20 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-03-28 11:13 - 2016-02-24 08:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-03-28 11:13 - 2016-02-24 08:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-28 11:13 - 2016-02-24 08:15 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-28 11:13 - 2016-02-24 08:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-03-28 11:13 - 2016-02-24 08:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-03-28 11:13 - 2016-02-24 08:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-03-28 11:13 - 2016-02-24 08:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-03-28 11:13 - 2016-02-24 08:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-03-28 11:13 - 2016-02-24 08:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-03-28 11:13 - 2016-02-24 08:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-03-28 11:13 - 2016-02-24 08:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-03-28 11:13 - 2016-02-24 08:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-03-28 11:13 - 2016-02-24 08:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-28 11:13 - 2016-02-24 08:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-03-28 11:13 - 2016-02-24 08:01 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-03-28 11:13 - 2016-02-24 08:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-03-28 11:13 - 2016-02-24 08:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-03-28 11:13 - 2016-02-24 08:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-03-28 11:13 - 2016-02-24 07:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-03-28 11:13 - 2016-02-24 07:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-03-28 11:13 - 2016-02-24 07:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-03-28 11:13 - 2016-02-24 07:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-03-28 11:13 - 2016-02-24 07:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-03-28 11:13 - 2016-02-24 07:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-03-28 11:13 - 2016-02-24 07:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-03-28 11:13 - 2016-02-24 07:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-03-28 11:13 - 2016-02-24 07:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-03-28 11:13 - 2016-02-24 07:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-03-28 11:13 - 2016-02-24 07:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-28 11:13 - 2016-02-24 07:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-03-28 11:13 - 2016-02-24 07:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-03-28 11:13 - 2016-02-24 07:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-03-28 11:13 - 2016-02-24 07:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-28 11:13 - 2016-02-24 07:51 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-28 11:13 - 2016-02-24 07:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-03-28 11:13 - 2016-02-24 07:47 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-28 11:13 - 2016-02-24 07:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-03-28 11:13 - 2016-02-24 07:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-03-28 11:13 - 2016-02-24 07:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-03-28 11:13 - 2016-02-24 07:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-03-28 11:13 - 2016-02-24 07:43 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-03-28 11:13 - 2016-02-24 07:42 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-03-28 11:13 - 2016-02-24 07:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-03-28 11:13 - 2016-02-24 07:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-03-28 11:13 - 2016-02-24 07:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-03-28 11:13 - 2016-02-24 07:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-28 11:13 - 2016-02-24 07:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-28 11:13 - 2016-02-24 07:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-03-28 11:13 - 2016-02-24 07:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-03-28 11:13 - 2016-02-24 07:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-03-28 11:13 - 2016-02-24 07:34 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-28 11:13 - 2016-02-24 07:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-03-28 11:13 - 2016-02-24 07:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-03-28 11:13 - 2016-02-24 07:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-03-28 11:13 - 2016-02-24 07:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-03-28 11:13 - 2016-02-24 07:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-03-28 11:13 - 2016-02-24 07:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-03-28 11:13 - 2016-02-24 07:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-03-28 11:13 - 2016-02-24 07:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-03-28 11:13 - 2016-02-24 07:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-03-28 11:13 - 2016-02-24 07:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-03-28 11:13 - 2016-02-24 07:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-28 11:13 - 2016-02-24 07:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-03-28 11:13 - 2016-02-24 07:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-03-28 11:13 - 2016-02-24 07:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-03-28 11:13 - 2016-02-24 07:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-03-28 11:13 - 2016-02-24 07:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-03-28 11:13 - 2016-02-24 07:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-28 11:13 - 2016-02-24 07:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-03-28 11:13 - 2016-02-24 07:09 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-03-28 11:13 - 2016-02-24 07:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-03-28 11:13 - 2016-02-24 07:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-03-28 11:13 - 2016-02-24 07:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-03-28 11:13 - 2016-02-24 06:57 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-28 11:13 - 2016-02-24 06:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-03-28 11:13 - 2016-02-24 06:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-03-28 11:11 - 2016-03-28 11:11 - 00000000 ____D C:\Users\anyda\IAM_Databaseword
2016-03-04 17:14 - 2016-04-01 09:19 - 00000000 ____D C:\Users\anyda\IAM_Database
2016-03-04 17:12 - 2016-03-04 17:12 - 16808425 _____ () C:\Users\anyda\Downloads\IAM_Package_18_29 (4).exe
2016-03-02 19:29 - 2016-04-01 09:41 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-03-02 19:28 - 2016-03-28 10:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-03-02 19:28 - 2016-03-02 19:28 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-02 19:23 - 2016-03-02 19:23 - 00003388 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-03-02 19:03 - 2016-04-01 09:37 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-02 19:03 - 2016-04-01 09:08 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-02 19:03 - 2016-03-30 23:10 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-02 19:03 - 2016-03-02 19:03 - 00987728 _____ (Google Inc.) C:\Users\anyda\Downloads\ChromeSetup (1).exe
2016-03-02 19:03 - 2016-03-02 19:03 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-02 19:03 - 2016-03-02 19:03 - 00003762 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-02 18:54 - 2016-03-02 18:54 - 00000000 ____D C:\Windows\system32\Drivers\NBRTWizardx64
2016-03-02 18:54 - 2016-03-02 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2016-03-02 18:54 - 2016-03-02 18:54 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2016-03-02 18:54 - 2012-07-26 06:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2016-03-02 18:54 - 2012-07-26 06:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2016-03-02 18:54 - 2012-07-26 06:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2016-03-02 18:53 - 2016-03-02 18:53 - 01110992 _____ (Symantec Corporation) C:\Users\anyda\Downloads\NBRT-Retail-Downloader.exe
2016-03-02 17:31 - 2016-03-02 17:31 - 16808425 _____ () C:\Users\anyda\Downloads\IAM_Package_18_29 (3).exe
2016-03-02 17:29 - 2016-03-02 17:29 - 16808425 _____ () C:\Users\anyda\Downloads\IAM_Package_18_29 (2).exe
2016-03-02 17:24 - 2016-03-04 17:14 - 00001902 _____ C:\Users\anyda\Desktop\IAM_Members.lnk
2016-03-02 17:22 - 2016-03-02 17:22 - 16808425 _____ () C:\Users\anyda\Downloads\IAM_Package_18_29 (1).exe
2016-03-02 17:09 - 2016-03-02 17:09 - 00427112 _____ () C:\Users\anyda\Downloads\setup (13).exe
2016-03-02 17:09 - 2016-03-02 17:09 - 00000000 ____D C:\Users\anyda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anquet Technology Ltd
2016-03-02 17:03 - 2016-03-02 17:03 - 00000000 ____D C:\Users\anyda\AppData\Local\CrashDumps
2016-03-02 16:58 - 2016-03-02 16:58 - 00315624 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\dxwebsetup (3).exe
2016-03-02 16:49 - 2016-03-02 16:50 - 00427112 _____ () C:\Users\anyda\Downloads\setup (12).exe
2016-03-02 16:48 - 2016-03-02 16:48 - 00427112 _____ () C:\Users\anyda\Downloads\setup (11).exe
2016-03-02 14:01 - 2016-03-02 14:01 - 00427112 _____ () C:\Users\anyda\Downloads\setup (10).exe
2016-03-02 14:00 - 2016-03-02 14:00 - 00315624 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\dxwebsetup (2).exe
2016-03-02 13:56 - 2016-03-02 13:56 - 00427112 _____ () C:\Users\anyda\Downloads\setup (9).exe
2016-03-02 13:55 - 2016-03-02 13:55 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (10).exe
2016-03-02 13:45 - 2016-03-02 13:46 - 06503984 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (18).exe
2016-03-02 13:45 - 2016-03-02 13:45 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (9).exe
2016-03-02 13:45 - 2016-03-02 13:45 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (9).exe
2016-03-02 13:44 - 2016-03-02 13:44 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (17).exe
2016-03-02 12:54 - 2016-03-02 12:54 - 00427112 _____ () C:\Users\anyda\Downloads\setup (8).exe
2016-03-02 12:53 - 2016-03-02 12:53 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (8).exe
2016-03-02 12:50 - 2016-03-02 12:50 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (7).exe
2016-03-02 12:46 - 2016-03-02 12:47 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (8).exe
2016-03-02 12:46 - 2016-03-02 12:46 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (16).exe
2016-03-02 12:40 - 2016-03-02 12:40 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (7).exe
2016-03-02 12:40 - 2016-03-02 12:40 - 06503984 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (15).exe
2016-03-02 12:40 - 2016-03-02 12:40 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (6).exe
2016-03-02 12:39 - 2016-03-02 12:39 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (14).exe
2016-03-02 12:38 - 2016-03-02 12:38 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (13).exe
2016-03-02 12:38 - 2016-03-02 12:38 - 00427112 _____ () C:\Users\anyda\Downloads\setup (7).exe
2016-03-02 12:36 - 2016-03-02 12:37 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (6).exe
2016-03-02 12:36 - 2016-03-02 12:37 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (5).exe
2016-03-02 12:36 - 2016-03-02 12:36 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (12).exe
2016-03-02 12:29 - 2016-03-02 17:02 - 00000000 ____D C:\Users\anyda\Documents\Anquet Maps Databases
2016-03-02 12:29 - 2016-03-02 12:29 - 00427112 _____ () C:\Users\anyda\Downloads\setup (6).exe
2016-03-02 12:25 - 2016-03-02 12:25 - 06503984 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (11).exe
2016-03-02 12:24 - 2016-03-02 12:24 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (9).exe
2016-03-02 12:24 - 2016-03-02 12:24 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (10).exe
2016-03-02 12:24 - 2016-03-02 12:24 - 00315624 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\dxwebsetup (1).exe
2016-03-02 12:22 - 2016-03-02 12:22 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (5).exe
2016-03-02 12:22 - 2016-03-02 12:22 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (4).exe
2016-03-02 12:12 - 2016-03-02 12:16 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (3).exe
2016-03-02 12:12 - 2016-03-02 12:16 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (7).exe
2016-03-02 12:12 - 2016-03-02 12:15 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (4).exe
2016-03-02 12:12 - 2016-03-02 12:13 - 06503984 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (8).exe
2016-03-02 12:02 - 2016-03-02 12:04 - 06503984 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (6).exe
2016-03-02 12:02 - 2016-03-02 12:03 - 07194312 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x64 (2).exe
2016-03-02 12:02 - 2016-03-02 12:03 - 01420840 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_arm (3).exe
2016-03-02 12:02 - 2016-03-02 12:02 - 02723264 _____ (Microsoft Corporation) C:\Users\anyda\Downloads\vcredist_x86 (5).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 09:42 - 2016-02-09 00:57 - 00893588 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 09:42 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-04-01 09:41 - 2016-02-23 19:12 - 00000000 ____D C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
2016-04-01 09:40 - 2016-02-25 17:57 - 00000000 ____D C:\Users\anyda\AppData\Local\65F91075-ADE8-4CD5-BE49-1D4DA8E22027.aplzod
2016-04-01 09:39 - 2016-02-24 17:20 - 00000000 ____D C:\Users\anyda\Documents\Outlook Files
2016-04-01 09:39 - 2016-02-24 03:56 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-04-01 09:39 - 2016-02-23 19:51 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-04-01 09:39 - 2016-02-09 01:26 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-04-01 09:36 - 2016-02-09 00:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 09:35 - 2016-02-24 03:58 - 00000000 ____D C:\Users\anyda
2016-04-01 08:37 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-01 08:36 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-01 08:35 - 2016-02-23 19:14 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{915B8A9F-F82D-42ED-A857-4EB5BB04D86F}
2016-03-31 18:26 - 2015-10-30 07:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-31 16:29 - 2016-02-24 10:29 - 00000000 ____D C:\Users\anyda\AppData\Local\Deployment
2016-03-30 13:30 - 2015-10-25 11:17 - 00000000 ____D C:\Users\anyda\Documents\IAM
2016-03-29 18:51 - 2016-02-26 14:38 - 00000000 ____D C:\Users\anyda\AppData\Local\NPE
2016-03-29 12:23 - 2016-02-24 10:29 - 00000000 ____D C:\Users\anyda\AppData\Local\Apps\2.0
2016-03-29 12:12 - 2016-02-09 00:48 - 00358240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-28 22:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-28 22:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-28 22:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-28 22:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-28 13:35 - 2016-02-25 17:34 - 00003512 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-03-28 13:34 - 2015-10-25 11:21 - 00000000 ____D C:\Users\anyda\Documents\Allotment
2016-03-28 12:24 - 2016-02-24 09:36 - 00000000 ____D C:\Windows\system32\MRT
2016-03-28 12:19 - 2016-02-09 01:21 - 00000000 ____D C:\ProgramData\PCDr
2016-03-28 12:19 - 2016-02-09 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-28 12:18 - 2016-02-24 09:36 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-28 12:18 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-28 11:55 - 2016-02-09 01:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-28 11:37 - 2016-02-23 19:11 - 00000000 ____D C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
2016-03-28 11:33 - 2016-02-23 19:12 - 00000000 ____D C:\ProgramData\f33a1245-5751-1
2016-03-28 11:33 - 2016-02-23 19:12 - 00000000 ____D C:\ProgramData\f33a1245-0905-0
2016-03-28 11:28 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-03-28 11:27 - 2015-10-30 08:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-03-28 11:22 - 2016-02-25 11:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-28 11:20 - 2016-02-25 11:25 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-28 11:06 - 2016-02-29 13:43 - 00000000 ____D C:\Users\anyda\Picasa3
2016-03-28 10:43 - 2016-02-24 04:04 - 00002365 _____ C:\Users\anyda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-28 10:43 - 2016-02-24 04:04 - 00000000 ___RD C:\Users\anyda\OneDrive
2016-03-08 08:12 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:12 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-04 17:45 - 2016-03-01 18:27 - 00000000 ____D C:\Users\anyda\AppData\Local\ElevatedDiagnostics
2016-03-04 16:31 - 2016-02-24 09:35 - 00000000 ____D C:\Users\anyda\AppData\Local\Microsoft Help
2016-03-04 16:22 - 2015-10-25 11:21 - 00000000 ____D C:\Users\anyda\Documents\Classics
2016-03-03 19:16 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\rescache
2016-03-03 19:08 - 2015-10-30 10:05 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\winrm
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\WCN
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\slmgr
2016-03-03 19:08 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\system32\F12
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\MiracastView
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\oobe
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\MUI
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\migwiz
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\Com
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\IME
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\Help
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-03-03 19:08 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-03 19:08 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-03 19:08 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-03-03 19:08 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Dism
2016-03-03 19:08 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\servicing
2016-03-02 19:23 - 2016-02-25 16:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-03-02 19:23 - 2016-02-25 16:30 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-03-02 19:03 - 2016-02-28 12:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-02 18:54 - 2016-02-25 16:27 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-02 18:54 - 2016-02-25 16:26 - 00000000 ____D C:\ProgramData\Norton
2016-03-02 18:53 - 2011-12-27 14:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-03-02 17:50 - 2015-10-25 11:21 - 00062976 _____ C:\Users\anyda\Documents\Passwords Redifined.xlsx
2016-03-02 17:05 - 2016-02-24 11:25 - 00000000 ____D C:\Users\anyda\AppData\Local\ApplicationHistory
2016-03-02 12:31 - 2016-02-24 11:27 - 00000000 ____D C:\Anquet Map Data
2016-03-02 09:48 - 2015-10-25 11:21 - 00000000 ____D C:\Users\anyda\Documents\Cars
2016-03-02 09:47 - 2015-10-25 11:18 - 00000000 ____D C:\Users\anyda\Documents\Misc
2016-03-02 09:45 - 2016-02-09 01:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-02 09:41 - 2015-10-30 08:24 - 00000000 __RSD C:\Windows\Media
2016-03-02 09:41 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-03-02 09:41 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-02 09:41 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\bcastdvr

==================== Files in the root of some directories =======

2016-02-25 11:14 - 2016-02-25 11:14 - 0000000 _____ () C:\Users\anyda\AppData\Roaming\a67f10ae-33ed-42a4-b7d5-b4e086198ec1.storage
2016-03-30 08:42 - 2016-03-30 08:42 - 0199445 _____ () C:\Users\anyda\AppData\Local\ars.cache
2016-03-30 08:43 - 2016-03-30 08:43 - 0685147 _____ () C:\Users\anyda\AppData\Local\census.cache
2016-03-30 08:33 - 2016-03-30 08:33 - 0000036 _____ () C:\Users\anyda\AppData\Local\housecall.guid.cache
2016-03-30 08:37 - 2016-03-30 08:37 - 0000010 _____ () C:\Users\anyda\AppData\Local\sponge.last.runtime.cache
2016-02-09 01:18 - 2016-02-09 01:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-09 01:15 - 2016-02-09 01:15 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2016-02-09 01:03 - 2016-02-09 01:04 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2016-02-09 01:10 - 2016-02-09 01:15 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2016-02-09 01:05 - 2016-02-09 01:10 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Some files in TEMP:
====================
C:\Users\anyda\AppData\Local\Temp\libeay32.dll
C:\Users\anyda\AppData\Local\Temp\msvcr120.dll
C:\Users\anyda\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-28 12:10

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (30.7 KB, 16 views)
HTCK is offline  
Sponsored Links
Advertisement
 
Old 04-01-2016, 12:05 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello HTCK. Any reason you marked this thread as [SOLVED]?

------------------------------------------------------

It appears you didn't click 'Clean' after the AdwCleaner 'Scan', as per the previous instructions.

Please run AdwCleaner again and select 'Clean' after 'Scan' and post the C:\Program Files (x86)\AdwCleaner\AdwCleaner[C#].txt log in your next reply.

------------------------------------------------------

Did you intentionally create a FF user.js file in FireFox?

If you didn't create it, please stop here and let me know. Thanks.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {1EA22C93-CD60-4438-B313-F58234747022} - System32\Tasks\{FCF2D301-4167-4B24-B731-3439C539FDFD} => pcalua.exe -a "C:\Program Files (x86)\Our Search Window\uninstaller.exe"
    Task: {C3D3B1AB-D590-4F81-AB89-39500D834B4C} - System32\Tasks\{1601C5CE-591D-4D49-BE0D-2D71E56C5872} => pcalua.exe -a "C:\Program Files (x86)\Generous Deal\uninstaller.exe"
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
    SearchScopes: HKLM -> DefaultScope {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    SearchScopes: HKLM -> {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> DefaultScope OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaB0tXUUEeGGlxR1dMbkBRE1xZE1oZdlxNJFZP
    FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA18DB0VXfWFoKB8fHHpWMmpdAEsSSWJKLl1XFg==
    FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTR0cFME0FB18EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    FF Extension: Generous Deal - C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\{fee256a6-b535-454f-bde0-f5adee183f89}.xpi [2016-02-22] [not signed]
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
    CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
    CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTQkcFME0FBloEURNNfX5dD1wDTkBQBFxZDQ==&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
    CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaAktXUUEeJ1pNER8fHHJGLlxKDkwCZVBCLA==
    CHR Extension: (Generous Deal) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj [2016-04-01] [UpdateUrl: hxxp://cdn.generousdeal.com/update] <==== ATTENTION
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    R2 Service Mgr GenerousDeal; C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [1415912 2016-02-25] () <==== ATTENTION
    R2 Update Mgr GenerousDeal; C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [1279720 2016-02-25] () <==== ATTENTION
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-02-2016, 01:48 AM   #5
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi

Firstly no the problem was not solved, I do not know how I changed the status to solved and did not see it until after I had posted the thread. I do recognise its not likely to be a quick fix and really do appreciate the time you are spending on it. sorry for any confusion this may have caused

As requested I have run adware again, I thought I had run the clean utility yesterday, I have run it again and attach the report as requested.

Re the FF user.js file in FireFox I do not know what it is and have not knowingly loaded it.

As requested I have not proceeded with any of the subsequent instructions.

Not sure if its significant but I have just found that the ads only pop up on Chrome and Firefox, I tried Microsoft Edge and that is clear.

Many thanks for your assistance.


# AdwCleaner v5.108 - Logfile created 02/04/2016 at 09:19:16
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : BrianwfPC - DESKTOP-0NRKU54
# Running from : C:\Users\anyda\Desktop\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

Service Found : Service Mgr GenerousDeal
Service Found : Update Mgr GenerousDeal

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Generous Deal
Folder Found : C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1
Folder Found : C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
Folder Found : C:\ProgramData\aae46d6d
Folder Found : C:\ProgramData\b6aeaac3-3061-0
Folder Found : C:\ProgramData\b6aeaac3-42b3-0
Folder Found : C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\f33a1245-0905-0
Folder Found : C:\ProgramData\f33a1245-5751-1
Folder Found : C:\ProgramData\{016ec4f0-712c-0}
Folder Found : C:\ProgramData\{05bf97a3-512c-1}
Folder Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj

***** [ Files ] *****

File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\default.xml

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{aae46d6d}
Key Found : HKLM\SOFTWARE\Classes\AppID\{186d55b6-3e7a-4ecf-b2fd-cf1752c37935}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4c91a207-8965-4965-ab46-61c9fcf589be}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0B9C833D-FD90-47F3-B4CE-DE4D13701B72}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - OldSearch
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {28B0910C-F091-424C-A744-46380B0F1037}
Value Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Data Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - OldSearch
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021} [NameServer] - 82.163.142.7 95.211.158.134
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\generousdeal-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\oursearchwindow-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\generousdeal-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\oursearchwindow-a.akamaihd.net

***** [ Web browsers ] *****

[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaB0tXUUEeGGlxR1dMbkBRE1xZE1oZdlxNJFZP");
[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA18DB0VXfWFoKB8fHHpWMmpdAEsSSWJKLl1XFg==");
[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("keyword.URL", "hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTR0cFME0FB18EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}");
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : searchinterneat-a.akamaihd.net
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU=
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTQkcFME0FBloEURNNfX5dD1wDTkBQBFxZDQ==&q={searchTerms}
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nfhajoihhonkjdebdjijicekpappijdj

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [8214 bytes] - [01/04/2016 09:31:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [8353 bytes] - [02/04/2016 09:19:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8426 bytes] ##########
HTCK is offline  
Old 04-02-2016, 06:57 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HTCK. Thanks for letting me know about the user.js file.

It appears you still didn't run the 'Clean' function of AdwCleaner.

You have to run AdwCleaner, click 'Scan', then when the scan is finished, you must click 'Clean' while the AdwCleaner user interface is still open.

If the 'Clean' function is run, there will be a log named AdwCleaner[C#].txt, in addition to the AdwCleaner[S#].txt logs.

[C#] are for Clean, and [S#] are for Scan.

Let me know if you still have trouble.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2016, 07:05 AM   #7
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi

Sorry I guess you are going to lose patience with me, but I am certain that I ran the clean function. I have now repeated the process a number of times with the following results.

I open the AdwClean utility.
I run the scan function and wait while the ribbon proceeds across the page
The scan finishes and in the first tab I have two boxes, both ticked the first reads "Service Mgr Generous Deal" and the second "Update Mgr Generous Deal"
I click on the clean tab and get a warning message to close any running applications etc, I click OK.
After a relatively short period the computer does a restart (I have not told it to do so).

If I want to obtain the log file I have to interrogate the log file tab in between running the scan and clean, this I did and attach a copy of that file. I have not found a C (Clean) text file.

I have repeated this process a number of times including disabling Norton in case it was interfering with the process but each time the sequence of events is as above.

Again many thanks for the time you are spending on this, its much appreciated.

Regards
Brian

AdwScan file reads as follows.

# AdwCleaner v5.108 - Logfile created 03/04/2016 at 14:32:02
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Local]
# Operating system : Windows 10 Home (x64)
# Username : BrianwfPC - DESKTOP-0NRKU54
# Running from : C:\Users\anyda\Desktop\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

Service Found : Service Mgr GenerousDeal
Service Found : Update Mgr GenerousDeal

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Generous Deal
Folder Found : C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1
Folder Found : C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
Folder Found : C:\ProgramData\aae46d6d
Folder Found : C:\ProgramData\b6aeaac3-3061-0
Folder Found : C:\ProgramData\b6aeaac3-42b3-0
Folder Found : C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
Folder Found : C:\ProgramData\f33a1245-0905-0
Folder Found : C:\ProgramData\f33a1245-5751-1
Folder Found : C:\ProgramData\{016ec4f0-712c-0}
Folder Found : C:\ProgramData\{05bf97a3-512c-1}
Folder Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj
Folder Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj

***** [ Files ] *****

File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage
File Found : C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\default.xml

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{aae46d6d}
Key Found : HKLM\SOFTWARE\Classes\AppID\{186d55b6-3e7a-4ecf-b2fd-cf1752c37935}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4c91a207-8965-4965-ab46-61c9fcf589be}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0B9C833D-FD90-47F3-B4CE-DE4D13701B72}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - OldSearch
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {28B0910C-F091-424C-A744-46380B0F1037}
Value Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Data Found : HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - OldSearch
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021} [NameServer] - 82.163.142.7 95.211.158.134
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\generousdeal-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\oursearchwindow-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\generousdeal-a.akamaihd.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\oursearchwindow-a.akamaihd.net

***** [ Web browsers ] *****

[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaB0tXUUEeGGlxR1dMbkBRE1xZE1oZdlxNJFZP");
[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA18DB0VXfWFoKB8fHHpWMmpdAEsSSWJKLl1XFg==");
[C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\prefs.js] [Preference] Found : user_pref("keyword.URL", "hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTR0cFME0FB18EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}");
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : searchinterneat-a.akamaihd.net
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU=
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTQkcFME0FBloEURNNfX5dD1wDTkBQBFxZDQ==&q={searchTerms}
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nfhajoihhonkjdebdjijicekpappijdj
[C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nfhajoihhonkjdebdjijicekpappijdj

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [8214 bytes] - [01/04/2016 09:31:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [8525 bytes] - [02/04/2016 09:19:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [8598 bytes] - [02/04/2016 10:14:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [8833 bytes] - [03/04/2016 13:40:12]
C:\AdwCleaner\AdwCleaner[S5].txt - [44602 bytes] - [03/04/2016 13:45:18]
C:\AdwCleaner\AdwCleaner[S6].txt - [18563 bytes] - [03/04/2016 14:20:45]
C:\AdwCleaner\AdwCleaner[S7].txt - [9263 bytes] - [03/04/2016 14:32:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [9336 bytes] ##########
HTCK is offline  
Old 04-03-2016, 09:50 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HTCK. Thanks for the info.

Not sure what's going on here with AdwCleaner. The 'Clean' function works fine on my Win10 machine.

We'll have to take out those entries with FRST64. First...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :regfind
    {aae46d6d}
    {815378F3-557A-4FF6-9C80-D4E94C8FFCC9}
    11598763487076930564
    U0EeCFZVBB8SRggbe
    {28B0910C-F091-424C-A744-46380B0F1037}
    DoNotAskAgain
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-04-2016, 12:18 AM   #9
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi Chemist

have completed actions as you stated and the following is the text file.

Incidentally having told you that Microsoft Edge was working without the cursed pop-ups it has now gone the same way as the other browsers.

Regards
Brian

SystemLook 30.07.11 by jpshortstuff
Log created at 08:08 on 04/04/2016 by BrianwfPC
Administrator - Elevation successful

========== regfind ==========

Searching for "{aae46d6d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aae46d6d}]

Searching for "{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}]

Searching for "11598763487076930564"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564]

Searching for "U0EeCFZVBB8SRggbe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="https://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhkJVddE1YEUnFGIVU="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="https://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhkJVddE1YEUnFGIVU="
[HKEY_USERS\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="https://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhkJVddE1YEUnFGIVU="

Searching for "{28B0910C-F091-424C-A744-46380B0F1037}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{28B0910C-F091-424C-A744-46380B0F1037}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{28B0910C-F091-424C-A744-46380B0F1037}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}]

Searching for "DoNotAskAgain"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP]
"DoNotAskAgain"="searchinterneat-a.akamaihd.net"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="searchinterneat-a.akamaihd.net"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="searchinterneat-a.akamaihd.net"
[HKEY_USERS\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP]
"DoNotAskAgain"="searchinterneat-a.akamaihd.net"
[HKEY_USERS\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="searchinterneat-a.akamaihd.net"

-= EOF =-
HTCK is offline  
Old 04-04-2016, 07:33 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HTCK.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste Windows Registry Editor Version 5.00):

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=bing.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=bing.com

[HKEY_USERS\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=bing.com
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {1EA22C93-CD60-4438-B313-F58234747022} - System32\Tasks\{FCF2D301-4167-4B24-B731-3439C539FDFD} => pcalua.exe -a "C:\Program Files (x86)\Our Search Window\uninstaller.exe"
    Task: {C3D3B1AB-D590-4F81-AB89-39500D834B4C} - System32\Tasks\{1601C5CE-591D-4D49-BE0D-2D71E56C5872} => pcalua.exe -a "C:\Program Files (x86)\Generous Deal\uninstaller.exe"
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
    SearchScopes: HKLM -> DefaultScope {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    SearchScopes: HKLM -> {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> DefaultScope OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaB0tXUUEeGGlxR1dMbkBRE1xZE1oZdlxNJFZP
    FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA18DB0VXfWFoKB8fHHpWMmpdAEsSSWJKLl1XFg==
    FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTR0cFME0FB18EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
    FF Extension: Generous Deal - C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\{fee256a6-b535-454f-bde0-f5adee183f89}.xpi [2016-02-22] [not signed]
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
    CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
    CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTQkcFME0FBloEURNNfX5dD1wDTkBQBFxZDQ==&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
    CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaAktXUUEeJ1pNER8fHHJGLlxKDkwCZVBCLA==
    CHR Extension: (Generous Deal) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj [2016-04-01] [UpdateUrl: hxxp://cdn.generousdeal.com/update] <==== ATTENTION
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    R2 Service Mgr GenerousDeal; C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [1415912 2016-02-25] () <==== ATTENTION
    R2 Update Mgr GenerousDeal; C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [1279720 2016-02-25] () <==== ATTENTION
    C:\Program Files (x86)\Generous Deal
    C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1
    C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
    C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
    C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
    C:\ProgramData\aae46d6d
    C:\ProgramData\b6aeaac3-3061-0
    C:\ProgramData\b6aeaac3-42b3-0
    C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
    C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
    C:\ProgramData\f33a1245-0905-0
    C:\ProgramData\f33a1245-5751-
    C:\ProgramData\{016ec4f0-712c-0}
    C:\ProgramData\{05bf97a3-512c-1}
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage
    C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage-journal
    C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\default.xml
    Tcpip\..\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021}: [NameServer] 82.163.142.7 95.211.158.134
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{aae46d6d]
    [-HKLM\SOFTWARE\Classes\AppID\{186d55b6-3e7a-4ecf-b2fd-cf1752c37935]
    [-HKLM\SOFTWARE\Classes\AppID\{4c91a207-8965-4965-ab46-61c9fcf589be]
    [-HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8]
    [-HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9]
    [-HKLM\SOFTWARE\Classes\TypeLib\{0B9C833D-FD90-47F3-B4CE-DE4D13701B72]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}]
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564]
    [-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch]
    [-HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}]
    [-HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\generousdeal-a.akamaihd.net]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\oursearchwindow-a.akamaihd.net]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\generousdeal-a.akamaihd.net]
    [-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\oursearchwindow-a.akamaihd.net]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-05-2016, 03:15 AM   #11
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi Chemist

Have completed the actions as you described however upon opening Chrome after the restart I received the following message:-

“Norton Security Toolbar
Another programme on your computer added an extension that may change the Chrome works
It can
• Read and change all your data on the websites you visit
• Read and change your browser history
• Manage your apps, extension and themes
• Communicate with cooperating native websites.”

It gave me an option to “enable” or “remove from Chrome” I selected the later.

I then received a dialog box which said

“Google Chrome
Your preferences file is corrupt or invalid
Google Chrome is unable to recover your settings”

Trust this was correct

The following is the FixLog file you requested.

Many thanks for your ongoing assistance.
Regards
Brian

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by BrianwfPC (2016-04-05 10:33:36) Run:1
Running from C:\Users\anyda\Desktop
Loaded Profiles: BrianwfPC (Available Profiles: BrianwfPC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {1EA22C93-CD60-4438-B313-F58234747022} - System32\Tasks\{FCF2D301-4167-4B24-B731-3439C539FDFD} => pcalua.exe -a "C:\Program Files (x86)\Our Search Window\uninstaller.exe"
Task: {C3D3B1AB-D590-4F81-AB89-39500D834B4C} - System32\Tasks\{1601C5CE-591D-4D49-BE0D-2D71E56C5872} => pcalua.exe -a "C:\Program Files (x86)\Generous Deal\uninstaller.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
SearchScopes: HKLM -> DefaultScope {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKLM -> {28B0910C-F091-424C-A744-46380B0F1037} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> DefaultScope OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-448899356-3544988821-2452118910-1001 -> OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaB0tXUUEeGGlxR1dMbkBRE1xZE1oZdlxNJFZP
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA18DB0VXfWFoKB8fHHpWMmpdAEsSSWJKLl1XFg==
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTR0cFME0FB18EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
FF Extension: Generous Deal - C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\{fee256a6-b535-454f-bde0-f5adee183f89}.xpi [2016-02-22] [not signed]
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeAAIV1hERBgTdgFdTA0VRQUOIQsABRRHEwYUdw8JUVwXR1YFIk0FA1oDB0VXfV5bFElXTwhkJVddE1YEUnFGIVU="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEAWAlHQABGbQkOWVxcFVFHcBRZUwEVDAMRcw4PVwhBRFNFIx9aFQQTQkcFME0FBloEURNNfX5dD1wDTkBQBFxZDQ==&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0beQkOAAwUDAUVeFwVVV0VERhCcgFcTA9DEgIUdggIBF8XQhNBNARaAktXUUEeJ1pNER8fHHJGLlxKDkwCZVBCLA==
CHR Extension: (Generous Deal) - C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj [2016-04-01] [UpdateUrl: hxxp://cdn.generousdeal.com/update] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
R2 Service Mgr GenerousDeal; C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [1415912 2016-02-25] () <==== ATTENTION
R2 Update Mgr GenerousDeal; C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [1279720 2016-02-25] () <==== ATTENTION
C:\Program Files (x86)\Generous Deal
C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1
C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
C:\ProgramData\aae46d6d
C:\ProgramData\b6aeaac3-3061-0
C:\ProgramData\b6aeaac3-42b3-0
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\ProgramData\f33a1245-0905-0
C:\ProgramData\f33a1245-5751-
C:\ProgramData\{016ec4f0-712c-0}
C:\ProgramData\{05bf97a3-512c-1}
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage-journal
C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\default.xml
Tcpip\..\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021}: [NameServer] 82.163.142.7 95.211.158.134
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{aae46d6d]
[-HKLM\SOFTWARE\Classes\AppID\{186d55b6-3e7a-4ecf-b2fd-cf1752c37935]
[-HKLM\SOFTWARE\Classes\AppID\{4c91a207-8965-4965-ab46-61c9fcf589be]
[-HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8]
[-HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9]
[-HKLM\SOFTWARE\Classes\TypeLib\{0B9C833D-FD90-47F3-B4CE-DE4D13701B72]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}]
[-HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\generousdeal-a.akamaihd.net]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\oursearchwindow-a.akamaihd.net]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\generousdeal-a.akamaihd.net]
[-HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\oursearchwindow-a.akamaihd.net]
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EA22C93-CD60-4438-B313-F58234747022}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EA22C93-CD60-4438-B313-F58234747022}" => key removed successfully
C:\Windows\System32\Tasks\{FCF2D301-4167-4B24-B731-3439C539FDFD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FCF2D301-4167-4B24-B731-3439C539FDFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3D3B1AB-D590-4F81-AB89-39500D834B4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3D3B1AB-D590-4F81-AB89-39500D834B4C}" => key removed successfully
C:\Windows\System32\Tasks\{1601C5CE-591D-4D49-BE0D-2D71E56C5872} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1601C5CE-591D-4D49-BE0D-2D71E56C5872}" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037}" => key removed successfully
HKCR\CLSID\{28B0910C-F091-424C-A744-46380B0F1037} => key not found.
HKU\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\{fee256a6-b535-454f-bde0-f5adee183f89}.xpi => moved successfully
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultNewTabURL => removed successfully
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj <==== ATTENTION => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
Service Mgr GenerousDeal => Unable to stop service.
Service Mgr GenerousDeal => service removed successfully
Update Mgr GenerousDeal => Unable to stop service.
Update Mgr GenerousDeal => service removed successfully
C:\Program Files (x86)\Generous Deal => moved successfully
C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1 => moved successfully
C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1 => moved successfully
"C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" => not found.
C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1 => moved successfully
C:\ProgramData\aae46d6d => moved successfully
C:\ProgramData\b6aeaac3-3061-0 => moved successfully
C:\ProgramData\b6aeaac3-42b3-0 => moved successfully

"C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" folder move:

Could not move "C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" => Scheduled to move on reboot.


"C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" folder move:

Could not move "C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" => Scheduled to move on reboot.

C:\ProgramData\f33a1245-0905-0 => moved successfully
"C:\ProgramData\f33a1245-5751-" => not found.
C:\ProgramData\{016ec4f0-712c-0} => moved successfully
C:\ProgramData\{05bf97a3-512c-1} => moved successfully
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj => moved successfully
"C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhajoihhonkjdebdjijicekpappijdj" => not found.
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage => moved successfully
C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj => moved successfully
"C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfhajoihhonkjdebdjijicekpappijdj_0.localstorage" => not found.
"C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nfhajoihhonkjdebdjijicekpappijdj" => not found.
"C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage" => not found.
"C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_generousdeal-a.akamaihd.net_0.localstorage-journal" => not found.
C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\searchplugins\default.xml => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{64639ddd-5488-419d-a779-9ee30c066e53}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7b1993cb-cc1c-4e87-b609-f4c32ba45d75}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dc737cc9-6e84-45c2-bfc9-7f69b2dc1021}\\NameServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{aae46d6d => key not found.
HKLM\SOFTWARE\Classes\AppID\{186d55b6-3e7a-4ecf-b2fd-cf1752c37935 => key not found.
HKLM\SOFTWARE\Classes\AppID\{4c91a207-8965-4965-ab46-61c9fcf589be => key not found.
HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8 => key not found.
HKLM\SOFTWARE\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9 => key not found.
HKLM\SOFTWARE\Classes\TypeLib\{0B9C833D-FD90-47F3-B4CE-DE4D13701B72 => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{815378F3-557A-4FF6-9C80-D4E94C8FFCC9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 => key not found.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037 => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28B0910C-F091-424C-A744-46380B0F1037} => key not found.
HKU\S-1-5-21-448899356-3544988821-2452118910-1001\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch => key not found.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net => key removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net => key removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\generousdeal-a.akamaihd.net => key removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\oursearchwindow-a.akamaihd.net => key removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net => key removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net => key removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\generousdeal-a.akamaihd.net => key removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\oursearchwindow-a.akamaihd.net => key removed successfully
EmptyTemp: => 9.6 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-05 10:36:31)

C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1 => Is moved successfully
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1 => Is moved successfully

==== End of Fixlog 10:36:31 ====
HTCK is offline  
Old 04-05-2016, 01:02 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Brian. You're very welcome. Besides Chrome, how is the machine behaving overall?

------------------------------------------------------

Not sure what happened to Chrome. Make sure you have the latest version.

You may need to create a new profile:

https://support.google.com/chrome/answer/142059?hl=en

Do you have your passwords backed up?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-06-2016, 11:38 AM   #13
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi Chemist
I have undertaken the instruction as described with the exception that during the ESET scan my Auto Protect software re-engaged, I had not anticipated the scan taking as long as it did.
Upon completion of the ESET scan I did not remove the threats it identified as you had not issued any instructions to that effect, I trust this was correct.
I did uninstall and then re-install Chrome before I began your instructions to ensure I had the latest version. Up until then whenever I opened Chrome my home page was Yahoo who I do not like (apologies if you work for them) and had been unable to change it; however after the re-install I have been able to change to my preferred page.
I have briefly used Chrome and so far have not had any pop-up appearing, I tried e-bay which always seemed to bring up immediate pop-ups but none appeared. All of which looks promising.
I really do appreciate your time on this matter.
Regards
Brian

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/04/2016
Scan Time: 13:57
Logfile: Malewarelog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.06.03
Rootkit Database: v2016.04.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: BrianwfPC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388973
Time Elapsed: 7 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{186d55b6-3e7a-4ecf-b2fd-cf1752c37935}, Quarantined, [9efdb3f83366c373da0610d6c141d12f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{186D55B6-3E7A-4ECF-B2FD-CF1752C37935}, Quarantined, [9efdb3f83366c373da0610d6c141d12f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{186D55B6-3E7A-4ECF-B2FD-CF1752C37935}, Quarantined, [9efdb3f83366c373da0610d6c141d12f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{4c91a207-8965-4965-ab46-61c9fcf589be}, Quarantined, [5e3d7c2f0d8cba7c627f8d59df23c739],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4C91A207-8965-4965-AB46-61C9FCF589BE}, Quarantined, [5e3d7c2f0d8cba7c627f8d59df23c739],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4C91A207-8965-4965-AB46-61C9FCF589BE}, Quarantined, [5e3d7c2f0d8cba7c627f8d59df23c739],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{8f639f6b-f8fd-476e-8cca-6f5f4cbbe467}, Quarantined, [d5c6eebdc2d757dfcf0812d4d23058a8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{8F639F6B-F8FD-476E-8CCA-6F5F4CBBE467}, Quarantined, [d5c6eebdc2d757dfcf0812d4d23058a8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{8F639F6B-F8FD-476E-8CCA-6F5F4CBBE467}, Quarantined, [d5c6eebdc2d757dfcf0812d4d23058a8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{9c16ad7b-c04f-46a1-bfe6-8cc7b28b1442}, Quarantined, [3b60e1ca98014de970682bbbcb370ff1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9C16AD7B-C04F-46A1-BFE6-8CC7B28B1442}, Quarantined, [3b60e1ca98014de970682bbbcb370ff1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{9C16AD7B-C04F-46A1-BFE6-8CC7B28B1442}, Quarantined, [3b60e1ca98014de970682bbbcb370ff1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [cecd218af6a300368e66951dd62c33cd],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [cecd218af6a300368e66951dd62c33cd],
PUP.Optional.Yontoo, HKU\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{79B7274A-124A-4EEB-8CE3-F4B50E19A3F7}, Quarantined, [7526e0cbfa9f91a5b547f1f542c0c53b],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\GenerousDeal, Quarantined, [a8f363487623d0663bf4187b3bc9758b],
PUP.Optional.DnsUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AAE46D6D}, Quarantined, [54471695d5c478be5ac44755e51fec14],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-448899356-3544988821-2452118910-1000\SOFTWARE\ONE SYSTEM CARE, Quarantined, [f2a9d5d67029b77f5ead949918ec9a66],

Registry Values: 6
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [d1ca2982c3d6e6501bc5f35bd82c5ba5]
PUP.Optional.DnsUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{aae46d6d}|1, 1459161149, Quarantined, [54471695d5c478be5ac44755e51fec14]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-448899356-3544988821-2452118910-1000\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, Quarantined, [f2a9d5d67029b77f5ead949918ec9a66]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-448899356-3544988821-2452118910-1000\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, https://dl.softservers.net/121002133/DriverPro.exe, Quarantined, [d1ca2b80bbde8fa70406e34af50fc040]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-448899356-3544988821-2452118910-1000\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, https://od.onesaveservers.net/291002133/OneSaveSetup.exe, Quarantined, [04970d9e2f6a350178925ecf2ed6f20e]
PUP.Optional.Yontoo, HKU\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [6f2cbbf09bfec76f0a19fe50a55f4cb4]

Registry Data: 2
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Good: (8.8.8.8), Bad: (82.163.142.7 95.211.158.134),Replaced,[5d3e9f0cd7c282b4beb656d8d431b848]
PUP.Optional.Yontoo, HKU\S-1-5-21-448899356-3544988821-2452118910-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://searchinterneat-a.akamaihd.ne...ddE1YEUnFGIVU=, Good: (Google), Bad: (https://searchinterneat-a.akamaihd.ne...IVU=),Replaced,[e5b6affca9f0ac8a6418c865fd088f71]
Folders: 1
PUP.Optional.DnsUnlocker.ACMB2, C:\ProgramData\f33a1245-5751-1, Quarantined, [d6c59912a8f17fb7cd562ef8b74c8c74],
Files: 14
PUP.Optional.DownloadAssistant, C:\Users\anyda\Downloads\firefox_setup.exe, Quarantined, [7427624974254ceab25d2ecb16eb5ca4],
PUP.Optional.Yontoo, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.kingtopdeals.com_0.localstorage, Quarantined, [fc9f733807924fe7d7e9022c3ec59769],
PUP.Optional.Yontoo, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.kingtopdeals.com_0.localstorage-journal, Quarantined, [4556b6f585145adcf1cf2509748f07f9],
PUP.Optional.Yontoo, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage, Quarantined, [4457c9e2930657dfbf01ce6041c2956b],
PUP.Optional.Yontoo, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal, Quarantined, [fd9e8a21ddbc4beb9729e14da95a06fa],
PUP.Optional.AdNetworkPerformance, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.adnetworkperformance.com_0.localstorage, Quarantined, [d5c6c7e46f2a261065e43551a2621be5],
PUP.Optional.AdNetworkPerformance, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.adnetworkperformance.com_0.localstorage-journal, Quarantined, [0794b1fa336647ef9baee89e0400bf41],
PUP.Optional.PriceMoon, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage, Quarantined, [841778335f3af046f57d2b5dd92b3fc1],
PUP.Optional.PriceMoon, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage-journal, Quarantined, [7a219f0c5841999d90e2beca05ffe917],
PUP.Optional.OnClickAds, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onclickads.net_0.localstorage, Quarantined, [6338a00bcdcc87af85b54c418f750af6],
PUP.Optional.OnClickAds, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onclickads.net_0.localstorage-journal, Quarantined, [bae13477e2b7d6605bdfeaa3cf3525db],
PUP.Optional.Yontoo, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_generousdeal-a.akamaihd.net_0.localstorage, Quarantined, [148799123663d066c569dab99a6ae21e],
PUP.Optional.Yontoo, C:\Users\anyda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_generousdeal-a.akamaihd.net_0.localstorage-journal, Quarantined, [dcbfb1fa3762b383a38bcdc6aa5abf41],
PUP.Optional.Yontoo, C:\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\extensions\{4fc93697-721a-497e-9e4a-a3df29915832}.xpi, Quarantined, [7328119ad6c3a294c7003361e71d2bd5],
Physical Sectors: 0
(No malicious items detected)
(end)
ESETScan text follows
C:\FRST\Quarantine\C\Program Files (x86)\Generous Deal\Extensions\{fee256a6-b535-454f-bde0-f5adee183f89}.xpi JS/BrowseFox.A potentially unwanted application
C:\FRST\Quarantine\C\Users\anyda\AppData\Roaming\Mozilla\Firefox\Profiles\w8ruudaa.default\Extensions\{fee256a6-b535-454f-bde0-f5adee183f89}.xpi.xBAD JS/BrowseFox.A potentially unwanted application
E:\DESKTOP-0NRKU54\Backup Set 2016-03-02 183102\Backup Files 2016-03-02 183102\Backup files 11.zip a variant of Win32/DownloadAssistant.C potentially unwanted application
E:\DESKTOP-0NRKU54\Backup Set 2016-03-02 183102\Backup Files 2016-03-02 183102\Backup files 7.zip JS/BrowseFox.A potentially unwanted application

-----------------
End message
HTCK is offline  
Old 04-06-2016, 12:12 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Brian. You're very welcome. Is your Chrome profile OK now? Did you have to fix it?

The first 2 ESET finds have already been quarantined by FRST. Those will get deleted when we uninstall FRST.

The other 2 are backup files. I'll leave it up to your whether to delete those or not.

------------------------------------------------------

I'd like you to try the 'Clean' feature of AdwCleaner once more.

Please run AdwCleaner again and select 'Scan' then 'Clean' and post the C:\AdwCleaner\AdwCleaner[C#].txt log in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-07-2016, 09:34 AM   #15
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi Chemist

Everything seems to be working just fine, when I re-installed Chrome I set it up with my preferred settings and it all worked well. I have been browsing the Internet today and have not had any problems with pop-ups so it does look if you advice and instructions have worked.

The following is the AdwCleaner text you requested

Many thanks for your ongoing support.

regards
Brian

# AdwCleaner v5.109 - Logfile created 07/04/2016 at 09:32:04
# Updated 04/04/2016 by Xplode
# Database : 2016-04-05.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : BrianwfPC - DESKTOP-0NRKU54
# Running from : C:\Users\anyda\Downloads\adwcleaner_5.109.exe
# Option : Scan
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [8214 bytes] - [01/04/2016 09:31:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [8525 bytes] - [02/04/2016 09:19:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [8598 bytes] - [02/04/2016 10:14:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [8833 bytes] - [03/04/2016 13:40:12]
C:\AdwCleaner\AdwCleaner[S5].txt - [44602 bytes] - [03/04/2016 13:45:18]
C:\AdwCleaner\AdwCleaner[S6].txt - [18563 bytes] - [03/04/2016 14:20:45]
C:\AdwCleaner\AdwCleaner[S7].txt - [9435 bytes] - [03/04/2016 14:32:02]
C:\AdwCleaner\AdwCleaner[S8].txt - [1215 bytes] - [07/04/2016 09:32:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1288 bytes] ##########


Ends
HTCK is offline  
Old 04-07-2016, 07:41 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Brian. You're very welcome. Glad everything is sorted.

Something still weird though. It doesn't appear AdwCleaner is giving a log reflecting a 'Clean'.

I noticed you said earlier:

Quote:
If I want to obtain the log file I have to interrogate the log file tab in between running the scan and clean, this I did and attach a copy of that file. I have not found a C (Clean) text file.
You don't have to use the 'Logfile' tab to get a log. It gets generated automatically.

Please run AdwCleaner again and select 'Scan' then 'Clean' and let your computer reboot when prompted.

After your computer reboots, the C:\AdwCleaner\AdwCleaner[C#].txt log file will open.

Please post it in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-08-2016, 09:52 AM   #17
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi Chemist

Everything is working just fine, no problems using Chrome

I followed your instructions but after re-boot the text file did not open however I went into the AdwCleaner directory and found it there, I have copied it below. Trust this is satisfactory.

Thanks for all your support.
Regards
Brian

# AdwCleaner v5.109 - Logfile created 08/04/2016 at 17:39:50
# Updated 04/04/2016 by Xplode
# Database : 2016-04-07.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : BrianwfPC - DESKTOP-0NRKU54
# Running from : C:\Users\anyda\Downloads\adwcleaner_5.109.exe
# Option : Scan
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S10].txt - [702 bytes] - [08/04/2016 17:39:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [8214 bytes] - [01/04/2016 09:31:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [8525 bytes] - [02/04/2016 09:19:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [8598 bytes] - [02/04/2016 10:14:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [8833 bytes] - [03/04/2016 13:40:12]
C:\AdwCleaner\AdwCleaner[S5].txt - [44602 bytes] - [03/04/2016 13:45:18]
C:\AdwCleaner\AdwCleaner[S6].txt - [18563 bytes] - [03/04/2016 14:20:45]
C:\AdwCleaner\AdwCleaner[S7].txt - [9435 bytes] - [03/04/2016 14:32:02]
C:\AdwCleaner\AdwCleaner[S8].txt - [1367 bytes] - [07/04/2016 09:32:04]
C:\AdwCleaner\AdwCleaner[S9].txt - [1680 bytes] - [07/04/2016 09:36:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [1434 bytes] ##########
HTCK is offline  
Old 04-08-2016, 12:15 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Brian. Well, I just don't understand why AdwCleaner won't Clean. Anyway...

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste Windows Registry Editor Version 5.00):

Code:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564]
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-09-2016, 03:22 AM   #19
Registered Member
 
Join Date: Mar 2016
Posts: 10
OS: Windows 10



Hi Chemist

fantastic - everything working as it should. Have completed the actions in the last post without any problems.

Many thanks to you and all of your colleagues who give up your time to help those of us who do not have the technical skills. I really do appreciate the time and effort you have given in solving my problems.

Best wishes for your future.
Brian
HTCK is offline  
Old 04-09-2016, 12:45 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Brian! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Security 2011/Java-CVE-2010/Cycbot Removal
Hey, everybody. Here's the lowdown: A couple of months ago my sister accidentally sent me the XP Security 2011 virus in a .JPG attached to her e-mail. (I know it was her, alas, as that's how she caught the exact same virus.) I took my PC to a local computer company and paid good money to...
KeithEKimball Resolved HJT Threads 20 08-15-2011 03:34 PM
Laptop barely works, can't access task manager
No access to a Windows install disc or a boot CD Computer takes way too long to start. Takes way too long to restart and shut down. The internet shuts off after a couple of hours and I have to restart the computer. Pop-up keeps appearing even when a web page isn't open....
BalloonBottle Resolved HJT Threads 21 07-25-2011 02:36 PM
"The memory could not be written"
Hi. I appreciate any help you could provide. Recently, I started getting an error that popped up when I run Real Player. Now, anytime I try to install a program I get an application error referencing memory at "0x71ab4a07" and am unable to complete installation. Here is the specific message when...
calbum2 Inactive Malware Help Topics 6 05-09-2011 07:32 AM
Windows 7 Recovery Problem
Hello, I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open internet explorer, disabled malwarebytes and caused general chaos. I managed to get malware bytes open by running an antivirus scan (Panda) and then malware bytes could update and detect/remove...
RichieFth Virus/Trojan/Spyware Help 21 04-28-2011 01:08 PM
XP security center
Hi, using XP SP3, with up to date AVG free. Using other PC to post this. I got the XP security center malware while browsing. I can not open exe files (but get no prompts like for missing associations for example, anything I have tried like Firefox, etc. I can navigate in windows explorer...
rgmm Resolved HJT Threads 16 04-09-2011 08:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:46 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts