Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Malware trying to install programs

This is a discussion on Malware trying to install programs within the Resolved HJT Threads forums, part of the Tech Support Forum category. Tried to install a browser plugin and ended up getting lots of things not wanted with it. Malwarebytes is constantly


 
 
Thread Tools Search this Thread
Old 11-19-2015, 01:49 PM   #1
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Tried to install a browser plugin and ended up getting lots of things not wanted with it. Malwarebytes is constantly bringing up PUP's and other notices of blocked sites. Programs crash more often and im noticing a system healer on startup but uninstalled the program via add/remove programs yesterday.

I DO NOT HAVE ACCESS TO A WINDOWS CD.

-------------------------
DDS Log:
-------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 10.60.2
Run by John Kim at 13:44:15 on 2015-11-19
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.6090.3425 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\ProgramData\JjMpqJX\KxkTVT.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\System32\dwm.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\SystemHealer\HealerConsole.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskeng.exe
C:\Users\John Kim\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\SysWOW64\UMonit64.exe
C:\Windows\RTFTrack.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\windows\system32\msfeedssync.exe
C:\WINDOWS\System32\sihclient.exe
C:\WINDOWS\System32\svchost.exe -k smphost
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [BitTorrent] "C:\Users\John Kim\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [OneDrive] "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Spotify] "C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Sound+] "C:\Program Files\Sound+\Sound+.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/-bfr-sw__alt__ddc_dsssyc_bd_com
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2014-6-9 65224]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2014-6-9 274808]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2014-3-7 39008]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-11 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswsnx.sys [2014-6-9 1059656]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswsp.sys [2014-6-9 449992]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-9-15 669872]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2015936]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2014-6-9 28656]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014-6-9 90968]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2014-6-9 150160]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-7-21 146600]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-16 1152656]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-7 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-6-26 155448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-7 169432]
R2 KxkTVT;KxkTVT;C:\ProgramData\JjMpqJX\KxkTVT.exe [2015-11-18 3000824]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-5-21 417288]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2015-5-21 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2015-5-29 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-15 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-15 1135416]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2015-3-6 1291248]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-25 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-25 23007376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-8-31 410744]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-7-8 35600]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-3-19 253680]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2013-9-27 130248]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-11-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-11-15 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-11-15 64216]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-7-10 3496216]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-25 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-6-22 46768]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2014-3-7 8876248]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-6-3 42696]
R3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-9-30 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2012-2-15 108800]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-9-25 178312]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-29 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-29 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2012-2-15 206080]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-18 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-29 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-11 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2014-3-7 102376]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-11-19 21:40:55 16148 ----a-w- C:\WINDOWS\System32\JOHN_John Kim_HistoryPrediction.bin
2015-11-19 06:55:20 -------- d-----w- C:\AdwCleaner
2015-11-19 06:50:17 -------- d-----w- C:\ProgramData\Peeamuwiaihuo
2015-11-19 06:42:33 -------- d-----w- C:\Users\John Kim\AppData\Local\mixvideoplayer
2015-11-19 06:41:46 -------- d-----w- C:\ProgramData\JjMpqJX
2015-11-19 06:41:41 -------- d-----w- C:\Program Files\Sound+
2015-11-19 06:41:40 -------- d-----w- C:\Program Files (x86)\spaceeplus_v138.9331
2015-11-19 06:41:40 -------- d-----w- C:\Program Files (x86)\spaceeplus
2015-11-19 06:41:35 -------- d-----w- C:\Program Files (x86)\MixVideoPlayer
2015-11-19 06:41:33 -------- d-----w- C:\Users\John Kim\AppData\Roaming\System Healer
2015-11-19 06:41:33 -------- d-----w- C:\Program Files (x86)\SystemHealer
2015-11-08 19:53:07 -------- d-----w- C:\Users\John Kim\AppData\Local\Popcorn-Time-Community
2015-11-08 19:52:38 -------- d-----w- C:\Users\John Kim\AppData\Local\Popcorn Time Community
2015-10-30 20:47:06 21871616 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-10-30 20:47:00 18801664 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-10-28 01:59:51 -------- d-----w- C:\Users\John Kim\AppData\Local\Popcorn Time Offical
.
==================== Find3M ====================
.
2015-11-19 21:41:59 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-11-11 00:02:55 35328 ----a-w- C:\WINDOWS\System32\LMIport.dll
2015-11-11 00:02:55 122400 ----a-w- C:\WINDOWS\System32\LMIRfsClientNP.dll
2015-11-11 00:02:55 107008 ----a-w- C:\WINDOWS\System32\LMIinit.dll
2015-11-10 14:21:22 1059656 ----a-w- C:\WINDOWS\System32\drivers\aswsnx.sys
2015-10-21 12:45:50 541024 ----a-w- C:\WINDOWS\System32\mcupdate_GenuineIntel.dll
2015-10-21 12:44:41 459104 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2015-10-21 12:43:02 1392480 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-10-21 12:00:19 3248128 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-10-21 11:59:51 76800 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2015-10-21 11:57:51 2418688 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-10-21 11:52:58 2987520 ----a-w- C:\WINDOWS\System32\esent.dll
2015-10-21 11:50:51 333312 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2015-10-21 11:48:00 1068032 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-10-21 11:47:00 453120 ----a-w- C:\WINDOWS\System32\Windows.Devices.Usb.dll
2015-10-21 11:46:03 2179584 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-10-21 11:44:17 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-10-21 11:44:07 713216 ----a-w- C:\WINDOWS\System32\usermgr.dll
2015-10-21 11:43:11 2675200 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2015-10-21 11:42:37 627712 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2015-10-21 11:41:27 48128 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-10-21 11:41:25 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-10-21 11:40:17 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2015-10-21 11:38:32 502272 ----a-w- C:\WINDOWS\System32\dlnashext.dll
2015-10-21 05:53:48 961376 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-10-21 05:11:46 2647040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-10-21 05:08:29 1918976 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-10-21 05:05:36 2639872 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2015-10-21 05:03:19 311296 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
2015-10-21 04:58:48 2049536 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2015-10-21 04:58:12 464896 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2015-10-21 04:57:27 457728 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-10-21 04:55:14 441344 ----a-w- C:\WINDOWS\SysWow64\dlnashext.dll
2015-10-16 03:10:46 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-10-16 03:10:46 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-10-10 07:12:02 78528 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-10-06 03:03:57 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-10-06 02:46:57 13027840 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-10-05 17:50:22 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-10-05 17:50:10 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-10-05 17:50:06 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-10-01 04:01:10 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2015-10-01 04:01:10 1018568 ----a-w- C:\WINDOWS\System32\winresume.efi
2015-10-01 04:01:03 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2015-10-01 04:01:03 1123400 ----a-w- C:\WINDOWS\System32\winload.exe
2015-10-01 04:00:07 8020320 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-10-01 03:03:36 757760 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-09-25 04:01:54 2573768 ----a-w- C:\WINDOWS\System32\msxml6.dll
2015-09-25 04:01:05 498016 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2015-09-25 03:52:05 980832 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2015-09-25 03:33:37 1997336 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2015-09-25 03:11:52 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 03:11:49 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 03:07:38 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-25 03:04:12 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2015-09-25 03:03:53 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-09-25 03:03:35 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-25 03:02:56 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-25 03:02:37 949248 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-09-25 03:02:35 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-09-25 03:01:26 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-09-25 03:01:15 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-25 03:00:50 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-25 03:00:40 1382400 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-09-25 03:00:07 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-25 03:00:05 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-25 02:59:54 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-25 02:59:48 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-25 02:59:48 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-25 02:59:38 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-25 02:59:31 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-25 02:59:04 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-25 02:58:37 1871360 ----a-w- C:\WINDOWS\System32\msxml3.dll
2015-09-25 02:47:16 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-25 02:47:16 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-25 02:38:45 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2015-09-25 02:38:40 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-09-25 02:38:19 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-09-25 02:37:35 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-25 02:37:19 766976 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-09-25 02:37:09 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-25 02:36:04 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-09-25 02:34:21 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-25 02:34:19 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-25 02:34:07 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-25 02:34:03 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-25 02:34:00 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-25 02:33:44 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
2015-09-25 02:32:49 466432 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2015-09-25 02:32:35 1594368 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2015-09-19 05:14:37 102304 ----a-w- C:\WINDOWS\System32\omadmapi.dll
2015-09-17 06:50:17 99664 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2015-09-17 06:50:10 2464216 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-09-17 06:50:05 1563392 ----a-w- C:\WINDOWS\System32\winmde.dll
2015-09-17 06:50:02 88384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2015-09-17 06:49:33 1563472 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2015-09-17 06:49:11 6487248 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2015-09-17 06:49:11 501008 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2015-09-17 06:49:10 894256 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
2015-09-17 06:49:01 553808 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
.
============= FINISH: 13:46:36.34 ===============
Attached Files
File Type: txt attach.txt (10.6 KB, 20 views)
h34n is offline  
Sponsored Links
Advertisement
 
Old 11-22-2015, 03:36 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears you already ran AdwCleaner. Did you use the Cleaning function?

If so, please post the log found at C:\AdwCleaner\AdwCleaner[C#].txt

If not, rerun it, choosing Cleaning after Scan, and post the log.

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-23-2015, 11:34 AM   #3
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Hi and thank you. Here is the adwcleaner log:

# AdwCleaner v5.021 - Logfile created 18/11/2015 at 22:57:32
# Updated 14/11/2015 by Xplode
# Database : 2015-11-17.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : John Kim - JOHN
# Running from : C:\Users\John Kim\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\WebShield
[!] Folder Not Deleted : C:\ProgramData\WebShield
[-] Folder Deleted : C:\Users\John Kim\AppData\Local\BrowserWeb
[-] Folder Deleted : C:\Users\John Kim\AppData\Local\WebShield
[-] Folder Deleted : C:\Users\John Kim\AppData\Local\Weather_Warnings_LLC
[!] Folder Not Deleted : C:\Users\John Kim\AppData\Local\WebShield
[-] Folder Deleted : C:\Users\John Kim\AppData\Roaming\RHEng

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk
[-] File Deleted : C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] File Deleted : C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlertsApp.lnk
[-] File Deleted : C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
[-] File Deleted : C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : MixVideoPlayer Update

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\MixVideoPlayer.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [IOPROTECT]
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351A01B5-849A-ECA5-2760-EE9665E223C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{593D67B9-3A50-EBAA-17BE-61A5EC986A22}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKLM\SOFTWARE\MixVideoPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield
[-] Key Deleted : HKU\S-1-5-21-3656025934-1805325345-282951442-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SweetLabs App Platform
[-] Key Deleted : HKU\S-1-5-21-3656025934-1805325345-282951442-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\DynConIE

***** [ Web browsers ] *****

[-] [C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Yahoo Search!");
[-] [C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "Yahoo Search!");
[-] [C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxps://secure.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
[-] [C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://homepage-web.com/?s=lenovo&m=home

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5655 bytes] ##########


Farbar Recovery log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by John Kim (administrator) on JOHN (21-11-2015 12:14:15)
Running from C:\Users\John Kim\Desktop
Loaded Profiles: John Kim (Available Profiles: John Kim)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Irrational Number Applications) C:\ProgramData\JjMpqJX\KxkTVT.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Pokki) C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Pokki) C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\John Kim\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Spotify Ltd) C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Pokki) C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Pokki) C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-05-21] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-09-09] (Synaptics Incorporated)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [623088 2015-03-06] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [BitTorrent] => C:\Users\John Kim\AppData\Roaming\BitTorrent\BitTorrent.exe [1832808 2015-10-03] (BitTorrent Inc.)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Spotify Web Helper] => C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-11] (Spotify Ltd)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\Run: [Spotify] => C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-11] (Spotify Ltd)
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [150528 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-21] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> DefaultScope {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-21] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-21] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-14] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/-bfr-sw__alt__ddc_dsssyc_bd_com
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-08-04] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3656025934-1805325345-282951442-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)
FF Extension: Great Find - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\Extensions\{1472391e-5578-45fd-9d60-7bb30cee1cce}.xpi [2015-07-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-21] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (Google Search) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (ICE Quick Stream) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2015-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Profile: C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-21] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-22] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 KxkTVT; C:\ProgramData\JjMpqJX\KxkTVT.exe [3000824 2015-11-18] (Irrational Number Applications)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-11-10] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-11-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-05-21] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1291248 2015-03-06] (Cisco Systems, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-21] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-05-21] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-09] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 12:14 - 2015-11-21 12:15 - 00028399 _____ C:\Users\John Kim\Desktop\FRST.txt
2015-11-21 12:13 - 2015-11-21 12:14 - 00000000 ____D C:\FRST
2015-11-21 12:13 - 2015-11-21 12:13 - 02345984 _____ (Farbar) C:\Users\John Kim\Desktop\FRST64.exe
2015-11-21 12:10 - 2015-11-21 12:10 - 00016148 _____ C:\WINDOWS\system32\JOHN_John Kim_HistoryPrediction.bin
2015-11-19 13:46 - 2015-11-19 13:46 - 00036773 _____ C:\Users\John Kim\Desktop\dds.txt
2015-11-19 13:46 - 2015-11-19 13:46 - 00010904 _____ C:\Users\John Kim\Desktop\attach.txt
2015-11-19 13:43 - 2015-11-19 13:44 - 00688992 ____R (Swearware) C:\Users\John Kim\Desktop\dds.scr
2015-11-18 23:01 - 2015-11-18 23:01 - 00003250 _____ C:\WINDOWS\System32\Tasks\{71BB6FCE-1C85-403B-9739-DC85293871EA}
2015-11-18 23:00 - 2015-11-18 23:05 - 00002356 _____ C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-11-18 22:55 - 2015-11-18 22:57 - 00000000 ____D C:\AdwCleaner
2015-11-18 22:54 - 2015-11-18 22:54 - 01732096 _____ C:\Users\John Kim\Desktop\AdwCleaner.exe
2015-11-18 22:50 - 2015-11-18 22:50 - 00000000 ____D C:\ProgramData\Peeamuwiaihuo
2015-11-18 22:42 - 2015-11-18 22:42 - 00000000 ____D C:\Users\John Kim\AppData\Local\mixvideoplayer
2015-11-18 22:42 - 2015-11-18 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
2015-11-18 22:41 - 2015-11-19 13:42 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2015-11-18 22:41 - 2015-11-18 23:00 - 00000000 ____D C:\Program Files\Sound+
2015-11-18 22:41 - 2015-11-18 22:48 - 00000000 ____D C:\Program Files (x86)\spaceeplus_v138.9331
2015-11-18 22:41 - 2015-11-18 22:45 - 00000000 ____D C:\Users\John Kim\AppData\Roaming\System Healer
2015-11-18 22:41 - 2015-11-18 22:42 - 00000000 ____D C:\ProgramData\JjMpqJX
2015-11-18 22:41 - 2015-11-18 22:42 - 00000000 ____D C:\Program Files (x86)\MixVideoPlayer
2015-11-18 22:41 - 2015-11-18 22:41 - 00003400 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2015-11-18 22:41 - 2015-11-18 22:41 - 00003330 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0
2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\Program Files (x86)\spaceeplus
2015-11-09 08:35 - 2015-11-09 08:35 - 00359672 _____ C:\WINDOWS\Minidump\110915-19640-01.dmp
2015-11-08 20:45 - 2015-11-08 20:45 - 00000000 ____D C:\Users\John Kim\Desktop\Visual Boy Advance
2015-11-08 11:53 - 2015-11-18 23:30 - 00000000 ____D C:\Users\John Kim\AppData\Local\Popcorn-Time-Community
2015-11-08 11:53 - 2015-11-08 11:53 - 00002174 _____ C:\Users\John Kim\Desktop\Popcorn Time Community.lnk
2015-11-08 11:52 - 2015-11-08 11:53 - 00000000 ____D C:\Users\John Kim\AppData\Local\Popcorn Time Community
2015-11-04 14:41 - 2015-11-04 14:41 - 00360024 _____ C:\WINDOWS\Minidump\110415-15843-01.dmp
2015-10-30 12:47 - 2015-10-27 15:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-30 12:47 - 2015-10-27 15:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-30 12:47 - 2015-10-21 04:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-30 12:47 - 2015-10-20 21:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-30 12:46 - 2015-10-21 04:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-30 12:46 - 2015-10-21 04:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-30 12:46 - 2015-10-21 04:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-30 12:46 - 2015-10-21 04:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-30 12:46 - 2015-10-21 04:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-30 12:46 - 2015-10-21 03:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-30 12:46 - 2015-10-21 03:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-30 12:46 - 2015-10-21 03:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-30 12:46 - 2015-10-21 03:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-30 12:46 - 2015-10-21 03:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-30 12:46 - 2015-10-21 03:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-30 12:46 - 2015-10-21 03:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-30 12:46 - 2015-10-21 03:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-30 12:46 - 2015-10-21 03:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-30 12:46 - 2015-10-21 03:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-30 12:46 - 2015-10-21 03:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-30 12:46 - 2015-10-21 03:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-30 12:46 - 2015-10-21 03:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-30 12:46 - 2015-10-21 03:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-30 12:46 - 2015-10-21 03:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-30 12:46 - 2015-10-20 21:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-30 12:46 - 2015-10-20 21:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-30 12:46 - 2015-10-20 21:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-30 12:46 - 2015-10-20 21:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-30 12:46 - 2015-10-20 21:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-30 12:46 - 2015-10-20 21:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-30 12:46 - 2015-10-20 21:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 12:46 - 2015-10-20 20:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-30 12:46 - 2015-10-20 20:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-30 12:46 - 2015-10-20 20:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-30 10:22 - 2015-11-18 23:03 - 00003380 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2015-10-27 18:00 - 2015-11-08 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time Offical
2015-10-27 17:59 - 2015-11-08 11:47 - 00000000 ____D C:\Users\John Kim\AppData\Local\Popcorn Time Offical

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 12:13 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-21 12:13 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-21 12:13 - 2014-06-09 16:31 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5200A860-A67C-42FB-B70A-E819A4714641}
2015-11-21 12:12 - 2014-06-09 15:58 - 00000000 ____D C:\Users\John Kim\AppData\Local\SweetLabs App Platform
2015-11-21 12:11 - 2015-08-08 15:34 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 12:11 - 2015-07-07 08:13 - 00000000 ____D C:\Users\John Kim\AppData\Local\TSVNCache
2015-11-21 12:11 - 2015-04-26 14:13 - 00000000 ____D C:\Users\John Kim\AppData\Local\Adobe
2015-11-21 12:11 - 2014-11-15 12:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-21 12:10 - 2015-05-29 21:20 - 00000000 ____D C:\ProgramData\LogMeIn
2015-11-20 21:27 - 2015-05-17 19:46 - 00000000 ____D C:\Users\John Kim\AppData\Local\NexonLauncher
2015-11-20 21:23 - 2014-08-25 18:42 - 00000000 ____D C:\Users\John Kim\AppData\Local\Battle.net
2015-11-20 20:49 - 2015-08-08 15:34 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-20 17:02 - 2014-08-25 18:42 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-20 10:43 - 2015-07-02 19:27 - 00000000 ____D C:\Program Files (x86)\Diablo II
2015-11-19 13:42 - 2015-08-24 23:47 - 00002510 _____ C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-11-18 23:06 - 2015-07-29 16:01 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-18 23:01 - 2015-06-22 08:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-18 22:59 - 2015-07-29 15:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-18 22:59 - 2015-07-10 04:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-18 22:59 - 2015-05-29 21:22 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-11-18 22:59 - 2015-05-29 21:22 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-11-18 22:58 - 2015-07-10 04:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-18 22:58 - 2015-07-10 01:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-18 22:51 - 2014-11-15 12:04 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-18 22:51 - 2014-11-15 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-18 22:51 - 2014-11-15 12:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-18 22:44 - 2015-07-29 15:30 - 00189426 _____ C:\WINDOWS\PFRO.log
2015-11-10 19:11 - 2015-07-29 15:40 - 00000000 ____D C:\Users\John Kim
2015-11-10 19:09 - 2015-07-10 02:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 16:03 - 2015-05-29 21:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-11-10 16:02 - 2015-05-29 21:22 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-11-10 16:02 - 2015-05-29 21:22 - 00035328 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-11-10 16:02 - 2015-05-29 21:20 - 00107008 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-11-10 13:51 - 2015-08-08 15:35 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 13:27 - 2015-01-20 22:30 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-10 07:29 - 2014-06-14 16:57 - 00000000 ____D C:\Users\John Kim\AppData\Roaming\Skype
2015-11-10 06:21 - 2014-06-09 17:22 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-10 06:21 - 2014-06-09 17:22 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-09 21:05 - 2014-06-14 16:57 - 00000000 ____D C:\ProgramData\Skype
2015-11-09 08:35 - 2015-08-06 14:52 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-09 08:35 - 2015-04-04 15:16 - 847015817 _____ C:\WINDOWS\MEMORY.DMP
2015-11-08 18:09 - 2014-06-09 16:49 - 00000000 ____D C:\Users\John Kim\Desktop\Treasure Pygmy
2015-11-08 11:47 - 2015-10-18 13:45 - 00000000 ____D C:\Users\John Kim\AppData\Local\Popcorn-Time
2015-11-02 20:44 - 2015-07-29 16:32 - 00002389 _____ C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-02 20:44 - 2015-07-29 16:32 - 00000000 ___RD C:\Users\John Kim\OneDrive
2015-10-31 15:10 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-31 13:40 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-30 10:22 - 2014-06-09 17:19 - 00002488 _____ C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-10-23 09:19 - 2015-04-26 14:20 - 00000000 ___RD C:\Users\John Kim\Creative Cloud Files
2015-10-22 09:13 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2015-05-31 14:02 - 2015-10-10 19:35 - 0001456 _____ () C:\Users\John Kim\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-29 15:35 - 2015-07-29 15:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\John Kim\AppData\Local\Temp\DivXSetup.exe
C:\Users\John Kim\AppData\Local\Temp\npp.6.8.3.Installer.exe
C:\Users\John Kim\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\John Kim\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\John Kim\AppData\Local\Temp\nvStInst.exe
C:\Users\John Kim\AppData\Local\Temp\oct3ADD.tmp.exe
C:\Users\John Kim\AppData\Local\Temp\oct6CD5.tmp.exe
C:\Users\John Kim\AppData\Local\Temp\octB7E2.tmp.exe
C:\Users\John Kim\AppData\Local\Temp\octC9FF.tmp.exe
C:\Users\John Kim\AppData\Local\Temp\octE6F.tmp.exe
C:\Users\John Kim\AppData\Local\Temp\octF5D4.tmp.exe
C:\Users\John Kim\AppData\Local\Temp\SkypeSetup.exe
C:\Users\John Kim\AppData\Local\Temp\sqlite3.dll
C:\Users\John Kim\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-19 19:12

==================== End of FRST.txt ============================

Thanks again.
Attached Files
File Type: txt attach.txt (10.6 KB, 15 views)
h34n is offline  
Sponsored Links
Advertisement
 
Old 11-23-2015, 12:42 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello h34n. You're welcome.

It appears you attached the attach.txt log from dds, instead of the Addition.txt log from FRST to your last reply.

I need to see the Addition.txt log. Should be on your desktop.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\ProgramData\JjMpqJX\KxkTVT.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-23-2015, 03:42 PM   #5
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Oh my bad. Kk.

https://www.virustotal.com/en/file/b...is/1448322186/
Attached Files
File Type: txt Addition.txt (45.4 KB, 16 views)
h34n is offline  
Old 11-23-2015, 06:55 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------

Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if it still exists:

Sound+<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files\Sound+

------------------------------------------------------

It appears from the Addition.txt log, your hard drive has a bad block:

Quote:
Error: (11/20/2015 07:46:24 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
You might want to ask for help for that in our Hardware Support Forum once we are done here.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-3656025934-1805325345-282951442-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-994A094803E8}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    Task: {2E67BC8E-004B-4FF5-A949-8EC6BB1CDEE6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {37069908-7216-47F5-843F-EE243ABABDA1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {434DFADF-540D-4685-B558-62016C493FCE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {459A4563-B84F-416A-837D-3E3D06F713FA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {46B89602-321F-4FD1-A955-394BD7371EF4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {5088E648-D57E-4A8C-998B-93C201326330} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {524E4CE0-B92F-44EA-9E9A-7DAE4276DD8E} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-10-26] ()
    Task: {68FA65CF-9B5C-44A7-855C-53198C72353B} - System32\Tasks\{71BB6FCE-1C85-403B-9739-DC85293871EA} => pcalua.exe -a "C:\Program Files (x86)\SystemHealer\Uninstaller.exe"
    Task: {6DD964A1-2B26-4BA5-8344-7E7472740296} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {6ED506BF-17D5-4AEE-8B77-58AECEC47B66} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-10-26] ()
    Task: {750A9F80-8240-4534-B380-DBAB47BBD077} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {8C0D7981-4A35-49F1-B57D-8B8ECA2A33C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {A9EC1012-2424-4F9E-8971-9232372B22E9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {E2E36284-DB42-4FD7-BFF1-1F7C383B364A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    FirewallRules: [{B021CA93-E285-414B-B22E-AB9C53A709D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{7C130926-BA25-4DE4-9424-64B5A39393F5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\mcafee
    HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
    HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
    HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
    SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> DefaultScope {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
    SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Extension: Great Find - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\Extensions\{1472391e-5578-45fd-9d60-7bb30cee1cce}.xpi [2015-07-31] [not signed]
    2015-11-18 22:50 - 2015-11-18 22:50 - 00000000 ____D C:\ProgramData\Peeamuwiaihuo
    2015-11-18 22:42 - 2015-11-18 22:42 - 00000000 ____D C:\Users\John Kim\AppData\Local\mixvideoplayer
    2015-11-18 22:42 - 2015-11-18 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
    2015-11-18 22:41 - 2015-11-19 13:42 - 00000000 ____D C:\Program Files (x86)\SystemHealer
    2015-11-18 22:41 - 2015-11-18 23:00 - 00000000 ____D C:\Program Files\Sound+
    2015-11-18 22:41 - 2015-11-18 22:48 - 00000000 ____D C:\Program Files (x86)\spaceeplus_v138.9331
    2015-11-18 22:41 - 2015-11-18 22:45 - 00000000 ____D C:\Users\John Kim\AppData\Roaming\System Healer
    2015-11-18 22:41 - 2015-11-18 22:42 - 00000000 ____D C:\ProgramData\JjMpqJX
    2015-11-18 22:41 - 2015-11-18 22:42 - 00000000 ____D C:\Program Files (x86)\MixVideoPlayer
    2015-11-18 22:41 - 2015-11-18 22:41 - 00003400 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
    2015-11-18 22:41 - 2015-11-18 22:41 - 00003330 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
    2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0
    2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
    2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\Program Files (x86)\spaceeplus
    C:\ProgramData\WebShield
    C:\Users\John Kim\AppData\Local\WebShield
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield]
    Reg: reg delete HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "BitTorrent" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-24-2015, 11:11 AM   #7
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Deleted the sound+ folder and here is my fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by John Kim (2015-11-24 11:01:18) Run:1
Running from C:\Users\John Kim\Desktop
Loaded Profiles: John Kim (Available Profiles: John Kim)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-3656025934-1805325345-282951442-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-994A094803E8}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {2E67BC8E-004B-4FF5-A949-8EC6BB1CDEE6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {37069908-7216-47F5-843F-EE243ABABDA1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {434DFADF-540D-4685-B558-62016C493FCE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {459A4563-B84F-416A-837D-3E3D06F713FA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {46B89602-321F-4FD1-A955-394BD7371EF4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5088E648-D57E-4A8C-998B-93C201326330} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {524E4CE0-B92F-44EA-9E9A-7DAE4276DD8E} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-10-26] ()
Task: {68FA65CF-9B5C-44A7-855C-53198C72353B} - System32\Tasks\{71BB6FCE-1C85-403B-9739-DC85293871EA} => pcalua.exe -a "C:\Program Files (x86)\SystemHealer\Uninstaller.exe"
Task: {6DD964A1-2B26-4BA5-8344-7E7472740296} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6ED506BF-17D5-4AEE-8B77-58AECEC47B66} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-10-26] ()
Task: {750A9F80-8240-4534-B380-DBAB47BBD077} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8C0D7981-4A35-49F1-B57D-8B8ECA2A33C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A9EC1012-2424-4F9E-8971-9232372B22E9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E2E36284-DB42-4FD7-BFF1-1F7C383B364A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
FirewallRules: [{B021CA93-E285-414B-B22E-AB9C53A709D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7C130926-BA25-4DE4-9424-64B5A39393F5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\mcafee
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\...\RunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> DefaultScope {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
SearchScopes: HKU\S-1-5-21-3656025934-1805325345-282951442-1002 -> {A55F4D66-FF70-4AFD-BA74-871F669C8BA0} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: Great Find - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\Extensions\{1472391e-5578-45fd-9d60-7bb30cee1cce}.xpi [2015-07-31] [not signed]
2015-11-18 22:50 - 2015-11-18 22:50 - 00000000 ____D C:\ProgramData\Peeamuwiaihuo
2015-11-18 22:42 - 2015-11-18 22:42 - 00000000 ____D C:\Users\John Kim\AppData\Local\mixvideoplayer
2015-11-18 22:42 - 2015-11-18 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
2015-11-18 22:41 - 2015-11-19 13:42 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2015-11-18 22:41 - 2015-11-18 23:00 - 00000000 ____D C:\Program Files\Sound+
2015-11-18 22:41 - 2015-11-18 22:48 - 00000000 ____D C:\Program Files (x86)\spaceeplus_v138.9331
2015-11-18 22:41 - 2015-11-18 22:45 - 00000000 ____D C:\Users\John Kim\AppData\Roaming\System Healer
2015-11-18 22:41 - 2015-11-18 22:42 - 00000000 ____D C:\ProgramData\JjMpqJX
2015-11-18 22:41 - 2015-11-18 22:42 - 00000000 ____D C:\Program Files (x86)\MixVideoPlayer
2015-11-18 22:41 - 2015-11-18 22:41 - 00003400 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2015-11-18 22:41 - 2015-11-18 22:41 - 00003330 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0
2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2015-11-18 22:41 - 2015-11-18 22:41 - 00000000 ____D C:\Program Files (x86)\spaceeplus
C:\ProgramData\WebShield
C:\Users\John Kim\AppData\Local\WebShield
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield]
Reg: reg delete HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "BitTorrent" /f
EmptyTemp:
end

*****************

Restore point was successfully created.
"HKU\S-1-5-21-3656025934-1805325345-282951442-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-994A094803E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E67BC8E-004B-4FF5-A949-8EC6BB1CDEE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E67BC8E-004B-4FF5-A949-8EC6BB1CDEE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37069908-7216-47F5-843F-EE243ABABDA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37069908-7216-47F5-843F-EE243ABABDA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{434DFADF-540D-4685-B558-62016C493FCE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{434DFADF-540D-4685-B558-62016C493FCE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{459A4563-B84F-416A-837D-3E3D06F713FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{459A4563-B84F-416A-837D-3E3D06F713FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46B89602-321F-4FD1-A955-394BD7371EF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46B89602-321F-4FD1-A955-394BD7371EF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5088E648-D57E-4A8C-998B-93C201326330}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5088E648-D57E-4A8C-998B-93C201326330}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{524E4CE0-B92F-44EA-9E9A-7DAE4276DD8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{524E4CE0-B92F-44EA-9E9A-7DAE4276DD8E}" => key removed successfully
C:\WINDOWS\System32\Tasks\SystemHealer Monitor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68FA65CF-9B5C-44A7-855C-53198C72353B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68FA65CF-9B5C-44A7-855C-53198C72353B}" => key removed successfully
C:\WINDOWS\System32\Tasks\{71BB6FCE-1C85-403B-9739-DC85293871EA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{71BB6FCE-1C85-403B-9739-DC85293871EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DD964A1-2B26-4BA5-8344-7E7472740296}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DD964A1-2B26-4BA5-8344-7E7472740296}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ED506BF-17D5-4AEE-8B77-58AECEC47B66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ED506BF-17D5-4AEE-8B77-58AECEC47B66}" => key removed successfully
C:\WINDOWS\System32\Tasks\SystemHealer Run Delay => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{750A9F80-8240-4534-B380-DBAB47BBD077}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{750A9F80-8240-4534-B380-DBAB47BBD077}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C0D7981-4A35-49F1-B57D-8B8ECA2A33C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C0D7981-4A35-49F1-B57D-8B8ECA2A33C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9EC1012-2424-4F9E-8971-9232372B22E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EC1012-2424-4F9E-8971-9232372B22E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2E36284-DB42-4FD7-BFF1-1F7C383B364A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2E36284-DB42-4FD7-BFF1-1F7C383B364A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B021CA93-E285-414B-B22E-AB9C53A709D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C130926-BA25-4DE4-9424-64B5A39393F5} => value removed successfully
"C:\Program Files\Common Files\mcafee" => not found.
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 => value removed successfully
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 => value removed successfully
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 => value removed successfully
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 => value removed successfully
HKU\S-1-5-21-3656025934-1805325345-282951442-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3656025934-1805325345-282951442-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F4D66-FF70-4AFD-BA74-871F669C8BA0}" => key removed successfully
HKCR\CLSID\{A55F4D66-FF70-4AFD-BA74-871F669C8BA0} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\Extensions\{1472391e-5578-45fd-9d60-7bb30cee1cce}.xpi => moved successfully
C:\ProgramData\Peeamuwiaihuo => moved successfully
C:\Users\John Kim\AppData\Local\mixvideoplayer => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer => moved successfully
C:\Program Files (x86)\SystemHealer => moved successfully
"C:\Program Files\Sound+" => not found.
C:\Program Files (x86)\spaceeplus_v138.9331 => moved successfully
C:\Users\John Kim\AppData\Roaming\System Healer => moved successfully

"C:\ProgramData\JjMpqJX" folder move:

Could not move "C:\ProgramData\JjMpqJX" => Scheduled to move on reboot.

C:\Program Files (x86)\MixVideoPlayer => moved successfully
"C:\WINDOWS\System32\Tasks\SystemHealer Run Delay" => not found.
"C:\WINDOWS\System32\Tasks\SystemHealer Monitor" => not found.
C:\Users\John Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0 => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer => moved successfully
C:\Program Files (x86)\spaceeplus => moved successfully
"C:\ProgramData\WebShield" => not found.
"C:\Users\John Kim\AppData\Local\WebShield" => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield => key not found.

========= reg delete HKU\S-1-5-21-3656025934-1805325345-282951442-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "BitTorrent" /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => 5.2 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-24 11:08:23)

C:\ProgramData\JjMpqJX => Is moved successfully

==== End of Fixlog 11:08:23 ====
h34n is offline  
Old 11-24-2015, 01:10 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. How is the machine behaving?

------------------------------------------------------

I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java(TM) 7 Update 60

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (Programs)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-25-2015, 11:37 AM   #9
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Malwarebytes no longer giving threat detections and the annoying startup things are gone too.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/24/2015
Scan Time: 8:07 PM
Logfile: mbam scan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.24.07
Rootkit Database: v2015.11.23.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: John Kim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366757
Time Elapsed: 12 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.BrowserWeb, HKLM\SOFTWARE\MICROSOFT\TRACING\BrowserWeb_RASAPI32, Quarantined, [7e593b46a2e99e98dfd2b924a65d22de],
PUP.Optional.BrowserWeb, HKLM\SOFTWARE\MICROSOFT\TRACING\BrowserWeb_RASMANCS, Quarantined, [a730433e2269fd39337ed00de221b44c],
PUP.Optional.SoundPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SOUNDPLUS, Quarantined, [cd0abdc4c5c62016b3186b7d1fe4ad53],
PUP.Optional.SoundPlus, HKLM\SOFTWARE\WOW6432NODE\SOUNDPLUS, Quarantined, [6770c7ba018ab482fe23e50406fdf40c],
PUP.Optional.SystemHealer, HKU\S-1-5-21-3656025934-1805325345-282951442-1002\SOFTWARE\SYSTEM HEALER, Quarantined, [faddee93bccf1422a345f7ec10f334cc],

Registry Values: 5
PUP.Optional.SoundPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Sound+, "C:\Program Files\Sound+\Sound+.exe", Quarantined, [ce090081b0dbee48e8e2d414ee159d63]
PUP.Optional.SoundPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SOUNDPLUS|UninstallString, "C:\Program Files\Sound+\Uninstall.exe", Quarantined, [cd0abdc4c5c62016b3186b7d1fe4ad53]
PUP.Optional.SoundPlus, HKLM\SOFTWARE\WOW6432NODE\SOUNDPLUS|Path, C:\Program Files (x86)\spaceeplus, Quarantined, [6770c7ba018ab482fe23e50406fdf40c]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3656025934-1805325345-282951442-1002\SOFTWARE\SYSTEM HEALER|HomePage, Awesome PC Cleanup Tool | System Healer, Quarantined, [faddee93bccf1422a345f7ec10f334cc]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3656025934-1805325345-282951442-1002\SOFTWARE\SYSTEM HEALER|SupportPage, Frequently Asked Questions | System Healer, Quarantined, [4196c5bc296246f0bf29c221b84b57a9]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\databases\http_charmsavings.com_0, Quarantined, [6374fc8599f266d0c313f39a6e947d83],
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_charmsavings.com_0.indexeddb.leveldb, Quarantined, [3f980879d6b5c96d1bbc74193cc66d93],

Files: 7
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\databases\http_charmsavings.com_0\10, Quarantined, [6374fc8599f266d0c313f39a6e947d83],
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_charmsavings.com_0.indexeddb.leveldb\000003.log, Quarantined, [3f980879d6b5c96d1bbc74193cc66d93],
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_charmsavings.com_0.indexeddb.leveldb\CURRENT, Quarantined, [3f980879d6b5c96d1bbc74193cc66d93],
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_charmsavings.com_0.indexeddb.leveldb\LOCK, Quarantined, [3f980879d6b5c96d1bbc74193cc66d93],
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_charmsavings.com_0.indexeddb.leveldb\LOG, Quarantined, [3f980879d6b5c96d1bbc74193cc66d93],
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_charmsavings.com_0.indexeddb.leveldb\LOG.old, Quarantined, [3f980879d6b5c96d1bbc74193cc66d93],
PUP.Optional.CharmSavings, C:\Users\John Kim\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_charmsavings.com_0.indexeddb.leveldb\MANIFEST-000001, Quarantined, [3f980879d6b5c96d1bbc74193cc66d93],

Physical Sectors: 0
(No malicious items detected)


(end)

Eset scan results:

C:\FRST\Quarantine\C\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe a variant of MSIL/NewPlayer.D potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\MixVideoPlayer\mixUpdater.exe a variant of MSIL/NewPlayer.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\MixVideoPlayer\MixVideoPlayer.exe a variant of MSIL/NewPlayer.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\spaceeplus_v138.9331\ioproduct.exe a variant of Win32/Adware.MaxDriver.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\spaceeplus_v138.9331\spaceeplus_Service.exe a variant of Win32/Adware.MaxDriver.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\SystemHealer\HealerConsole.exe a variant of Win32/OptimizerEliteMax.E potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\SystemHealer\SystemHealer.exe a variant of Win32/OptimizerEliteMax.E potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\JjMpqJX\KxkTVT.exe a variant of MSIL/Adware.PullUpdate.G.gen application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\JjMpqJX\dat\ipdIQdZdxG.dll a variant of MSIL/Adware.PullUpdate.K.gen application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\JjMpqJX\dat\QwFBKwhkGR.exe a variant of MSIL/Adware.PullUpdate.E application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\JjMpqJX\dat\TmdBgyX.dll a variant of MSIL/Adware.PullUpdate.K.gen application cleaned by deleting - quarantined
h34n is offline  
Old 11-25-2015, 01:49 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, h34n. Glad to hear it. All the ESET finds have already been quarantined by FRST. Those will get deleted shortly.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-25-2015, 02:34 PM   #11
Registered Member
 
Join Date: May 2012
Posts: 36
OS: Windows 10



Hey chemist. Thanks for your help and my system seems to be functioning normally ty.
h34n is offline  
Old 11-25-2015, 05:11 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, h34n! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Problems with staying on line with all Browsers
Hi all, I have a Compaq Microsoft Windows XP Version 2002 Service Pk 3. I checked and it said I have 11.3 GB available. I have downloaded every single Browser, IE keeps saying low on memory, no memory at line 1, 10, 22 etc. freezes up on me & boots me off line.The rest of them seem to all say:...
JoJo62 Motherboards, Bios & CPU 14 06-19-2013 07:43 AM
my comp was hacked "please help"
system is= windows vista 32bit with service pac 1 I got hacked a while back here are some problems I have found i need help with 1.in device manager,show hiddin devices, network adapter , cannot update the following =all wan miniport adapters , IP, IPv6, L2TP, network monitor, PPTP, SSTP. ...
coltgard Windows 7 , Windows Vista Support 5 01-13-2012 02:57 PM
Install programs on a remote computer(HDD)
Hi everyone! I've got a dilema. That is: that I have a slow general storage drive that is becoming full. A fast HDD for recording onto with fraps and for programs that I won't use with fraps. I then have an SSD as my main drive which gets VERY full VERY quickly. I then have another computer that...
deviess File and Application Sharing 16 11-01-2011 04:15 PM
[SOLVED] Domain Users Install Programs
Hi, We have a small network where I work. We have a server running Server 2003 Enterprise edition set up as a domain controller and 10-15 workstations running Windows XP SP3. Anyway, some of the user accounts were created before I started here and they have the ability to install software as...
cl0udedth0ught Windows Servers 6 06-09-2011 06:26 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:23 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts