Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Manual Proxy refuses to stay off

This is a discussion on Manual Proxy refuses to stay off within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have a problem where whenever I turn on my computer (Windows 10) the manual proxy is on to addresses


 
 
Thread Tools Search this Thread
Old 07-12-2017, 06:22 AM   #1
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



I have a problem where whenever I turn on my computer (Windows 10) the manual proxy is on to addresses "http=127.0.0.1:64550;https=127.0.0.1:64550". I don't know what they are, and I didn't put them there. When on, it prevents me from accessing the internet. When I turn it off, there is no problem, but the addresses stay in the box even if I delete it, and when I restart my computer the manual proxy turns back on. I try again to set it to automatic detect settings but again it changes back to the proxy settings automatically. I did a McAfee virus scan and nothing. I ran Malwarebytes and some malware was removed but it didn't fix the issue either.

Requested info has been copied/pasted and attached. I don't think I have a Windows install disc or a boot CD.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.77.2
Run by umm_s_000 at 8:53:53 on 2017-07-12
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.3977.1120 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan *Enabled/Updated* {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\umm_s_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\umm_s_000\AppData\Local\YouGov Pulse US\YouGov Pulse US.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
C:\Program Files (x86)\SmartApp\SmartApp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe
C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
C:\Users\umm_s_000\AppData\Roaming\Zoom\bin\Zoom.exe
C:\WINDOWS\system32\taskhostw.exe
c:\PROGRA~1\mcafee\vul\mcvulctr.exe
c:\PROGRA~1\mcafee\vul\MCVULA~1.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\umm_s_000\AppData\Roaming\Zoom\bin\Zoom.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = Dell United States Official Site | Dell United States
uProxyServer = hxxp=127.0.0.1:64550;https=127.0.0.1:64550
uProxyOverride = <local>
uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files (x86)\InboxDollars\Helper.dll
uWinlogon: Shell = -
BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} -
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} -
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\umm_s_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Google Update] C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
uRun: [Zoom] <no file>
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Digital Coupon Print Driver] "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\UMM_S_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WIZIQD~1.LNK - C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: DisableCAD = dword:1
mPolicies-System: EnableUIPI = dword:1
mPolicies-Windows\System: DisableLogonBackgroundImage = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{2cc2820f-1945-4e22-a35a-2c0473974a1f} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{c2acd69e-fa16-4750-a9b1-cb4683666294} : DHCPNameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{c2acd69e-fa16-4750-a9b1-cb4683666294}\4516168696271686723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{c2acd69e-fa16-4750-a9b1-cb4683666294}\457413637323744323 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: DisableCAD = dword:1
x64-mPolicies-System: EnableUIPI = dword:1
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.comÂ*-Â*This website is for sale!Â*-Â*spywareinfo Resources and Information.
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\umm_s_000\AppData\Roaming\Mozilla\Firefox\Profiles\pt8ulg5j.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\umm_s_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\umm_s_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\umm_s_000\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\umm_s_000\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-30 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2014-4-3 923640]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2014-4-3 254800]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-28 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-29 227328]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2014-6-18 92536]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_57262;CDPUserSvc_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1413736]
R2 DDVCollectorSvcApi;Dell Data Vault Service API;C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [2017-6-20 206712]
R2 DDVDataCollector;Dell Data Vault Collector;C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2017-6-20 3296632]
R2 DDVRulesProcessor;Dell Data Vault Processor;C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [2017-6-20 217464]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2016-12-21 130936]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2017-5-1 230248]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-7-14 169432]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-6-29 188352]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-6-29 4470736]
R2 McAPExe;McAfee AP Service;C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe [2017-2-8 994312]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\mcafee\CSP\2.3.322.0\McCSPServiceHost.exe [2017-2-28 2054080]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-7-19 641520]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe [2015-6-26 385112]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2014-7-19 343792]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe [2017-2-8 1551512]
R2 OneSyncSvc_57262;Sync Host_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-2-27 1105840]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-12-10 312056]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2017-6-28 52696]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-7-16 246472]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-6-18 81536]
R2 ZoomCptService;Zoom Sharing Service;C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe [2017-6-22 24752]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\WINDOWS\System32\drivers\btath_bus.sys [2014-6-18 33944]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-7-13 610336]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2017-4-11 32960]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2017-4-11 32568]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-6-29 101784]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-6-29 45472]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-6-29 253856]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-6-29 93600]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2015-2-17 487184]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2014-4-3 366328]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2014-7-19 241040]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2014-4-3 518704]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2017-1-19 498648]
R3 mfeplk;McAfee Inc. mfeplk;C:\WINDOWS\System32\drivers\mfeplk.sys [2016-9-9 110256]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_57262;Contact Data_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-12-10 896744]
R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-5-14 402960]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-7-16 42696]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_57262;User Data Storage_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_57262;User Data Access_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2014-4-3 85048]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2014/06/18 17:21:45;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-13 236144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2014-6-18 35496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-29 118272]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2014-4-3 88464]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-5-6 50240]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\WINDOWS\System32\drivers\leath_hid.sys [2014-6-18 39704]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [2017-6-23 404368]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_57262;MessagingService_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2017-1-19 109320]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 qca_shb;Qualcomm Atheros UART Bus Driver;C:\WINDOWS\System32\drivers\qca_shb.sys [2014-6-18 99328]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-11 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2014-6-18 41272]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-11 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_57262;Windows Push Notifications User Service_57262;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-28 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2017-07-07 23:07:52 -------- d--h--w- C:\OneDriveTemp
2017-07-01 04:25:18 54728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\pingsender.exe
2017-06-29 17:30:51 -------- d-----w- C:\ProgramData\McAfee Security Scan
2017-06-29 17:23:12 -------- d---a-w- C:\Program Files (x86)\Dell Update
2017-06-29 16:25:50 188352 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-06-29 16:25:32 93600 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-06-29 16:25:32 101784 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-06-29 16:25:22 45472 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-06-29 16:25:16 253856 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-06-29 16:24:58 77376 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-06-29 16:24:45 -------- d-----w- C:\Program Files\Malwarebytes
2017-06-28 00:20:34 -------- d-----w- C:\ProgramData\XDMessagingv4
2017-06-26 19:52:50 -------- d-----w- C:\ProgramData\SupportAssistAgent
2017-06-26 19:51:59 -------- d-----w- C:\ProgramData\SupportAssist
2017-06-22 20:31:54 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2017-06-22 20:31:41 -------- d-----w- C:\Program Files\Dell Support Center
2017-06-22 17:24:26 -------- d-----w- C:\Program Files (x86)\Common Files\Zoom
2017-06-22 02:26:03 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-18 23:17:44 -------- d-----w- C:\WINDOWS\Panther
2017-06-17 05:57:56 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-17 05:56:55 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-17 05:56:55 552960 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2017-06-17 05:56:52 2538496 ----a-w- C:\WINDOWS\System32\mssrch.dll
2017-06-17 05:56:50 391168 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2017-06-17 05:56:47 3403264 ----a-w- C:\WINDOWS\System32\tquery.dll
2017-06-17 05:56:40 903680 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2017-06-17 05:56:40 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-17 05:56:03 1217024 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2017-06-17 05:56:00 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-17 05:55:58 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-17 05:55:56 38752 ----a-w- C:\WINDOWS\System32\OOBEUpdater.exe
2017-06-17 05:55:42 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-17 05:55:39 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-17 05:55:36 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-17 05:55:35 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-17 05:55:34 1131008 ----a-w- C:\WINDOWS\System32\localspl.dll
2017-06-17 05:54:57 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-17 05:54:57 100864 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2017-06-17 05:54:56 456192 ----a-w- C:\WINDOWS\System32\puiobj.dll
2017-06-17 05:54:54 834048 ----a-w- C:\WINDOWS\System32\win32spl.dll
2017-06-17 05:54:54 266752 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2017-06-17 05:54:52 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-17 05:54:51 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-17 05:54:45 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-17 05:54:28 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-17 05:53:15 441344 ----a-w- C:\WINDOWS\System32\netcorehc.dll
2017-06-17 05:52:54 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2017-06-17 05:52:34 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-17 05:52:22 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2017-06-17 05:52:21 3664384 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-06-17 05:52:19 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-17 05:52:04 6042624 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-06-17 05:52:00 4744704 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-06-17 05:51:57 691200 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-06-17 05:51:44 8125440 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-06-17 05:51:18 1513472 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2017-06-17 05:51:17 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-17 05:51:15 1845248 ----a-w- C:\WINDOWS\System32\FntCache.dll
2017-06-17 05:51:02 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-17 05:49:54 3615744 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-06-17 05:49:49 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2017-06-17 05:49:23 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-17 05:49:17 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-17 05:48:46 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2017-06-17 05:48:46 2510848 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2017-06-17 05:48:18 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-17 05:48:18 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-17 05:48:03 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-17 05:48:02 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-17 05:48:01 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-17 05:48:00 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-17 05:47:55 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-17 05:47:52 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-17 05:47:52 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-17 05:47:49 503808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2017-06-17 05:47:42 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-17 05:47:42 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-17 05:47:14 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-17 05:47:05 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-06-17 05:47:00 489472 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
.
==================== Find3M ====================
.
2017-07-07 23:01:29 150264 ------w- C:\WINDOWS\System32\drivers\rikvm_38F51D56.sys
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:16:14 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-03 10:14:28 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-03 10:14:26 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:14:20 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 1040 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 10:01:49 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:55:19 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-03 09:54:24 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-03 09:53:07 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:50:15 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-03 09:49:27 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-03 09:48:44 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:44:34 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-03 09:40:36 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-03 09:40:33 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-03 09:39:04 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-03 09:18:28 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-03 09:16:27 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-03 09:16:24 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:15:20 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-03 09:14:35 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-03 09:12:49 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2017-06-03 09:11:56 353792 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2017-06-03 09:10:54 117760 ----a-w- C:\WINDOWS\System32\AuthBrokerUI.dll
2017-06-03 09:10:51 252928 ----a-w- C:\WINDOWS\System32\edputil.dll
2017-06-03 09:10:19 261120 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2017-06-03 09:10:06 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2017-06-03 09:09:50 337408 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:08:25 1221120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2017-06-03 09:08:23 2643968 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-06-03 09:07:14 255488 ----a-w- C:\WINDOWS\System32\HNetCfgClient.dll
2017-06-03 0911 198144 ----a-w- C:\WINDOWS\System32\dpapisrv.dll
2017-06-03 09:05:25 295424 ----a-w- C:\WINDOWS\SysWow64\hnetcfg.dll
2017-06-03 09:05:10 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2017-06-03 09:04:48 773120 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2017-06-03 09:04:06 2006528 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2017-06-03 09:03:45 932864 ----a-w- C:\WINDOWS\System32\kerberos.dll
2017-06-03 09:03:09 1988096 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2017-06-03 09:02:30 2997760 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-06-03 09:01:46 856064 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-06-03 08:58:35 64512 ----a-w- C:\WINDOWS\System32\fdProxy.dll
2017-06-03 08:52:29 975872 ----a-w- C:\WINDOWS\HelpPane.exe
2017-06-03 08:52:24 886784 ----a-w- C:\WINDOWS\System32\CPFilters.dll
2017-06-03 08:51:56 1418240 ----a-w- C:\WINDOWS\System32\certutil.exe
2017-06-03 08:50:43 641024 ----a-w- C:\WINDOWS\System32\wbem\NetAdapterCim.dll
2017-06-03 08:49:39 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2017-06-03 08:49:25 351744 ----a-w- C:\WINDOWS\System32\hnetcfg.dll
2017-06-03 08:49:05 2475520 ----a-w- C:\WINDOWS\System32\DWrite.dll
2017-06-03 08:46:42 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2017-06-03 08:40:59 483840 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2017-06-03 06:36:03 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-05-20 04:39:52 87904 ----a-w- C:\WINDOWS\System32\UNPUXWorker.exe
2017-05-11 11:22:23 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
.
============= FINISH: 9:04:22.16 ===============
Attached Files
File Type: txt Attach.txt (7.3 KB, 11 views)
Taahirah is offline  
Sponsored Links
Advertisement
 
Old 07-13-2017, 03:23 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, McAfee and MBAM.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

In case you were wondering, MBAM v.3 is now a full-fledged real-time antivirus.

Please one to keep and uninstall the other via Programs and Features in your Control Panel.

If you choose to keep McAfee as your antivirus, but want MBAM as an on-demand scanner, you can download an earlier version and decline the antivirus option.

https://www.bleepingcomputer.com/dow...-malware/dl/7/

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-13-2017, 07:32 PM   #3
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



# AdwCleaner v6.047 - Logfile created 13/07/2017 at 20:22:36
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : umm_s_000 - TAAHIRAH
# Running from : C:\Users\umm_s_000\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[!] Service not deleted: CouponPrinterService
[!] Service not deleted: couponprinterservice


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\0f6c4011-17f8-4703-9202-a9e9ab0b4804
[-] Folder deleted: C:\Users\umm_s_000\AppData\Local\YSearchUtil
[!] Folder not deleted: C:\Users\umm_s_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InboxDollars
[-] Folder deleted: C:\Program Files\Alexa Toolbar
[!] Folder not deleted: C:\Program Files\InboxDollars
[!] Folder not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot
[-] Folder deleted: C:\Program Files (x86)\Alexa Toolbar
[!] Folder not deleted: C:\Program Files (x86)\Coupons
[!] Folder not deleted: C:\Program Files (x86)\Digital Coupon Printer
[!] Folder not deleted: C:\Program Files (x86)\InboxDollars
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
[-] Folder deleted: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbdfnhblopmjjmghkgflplloabcclbmj


***** [ Files ] *****

[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
[-] File deleted: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
[-] File deleted: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AlxSSB2.AlxAutoUpdater
[-] Key deleted: HKLM\SOFTWARE\Classes\AlxSSB2.AlxAutoUpdater.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AlxSSB2.AlxTBSSB
[-] Key deleted: HKLM\SOFTWARE\Classes\AlxSSB2.AlxTBSSB.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
[-] Key deleted: HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AlxSSB2.AlxAutoUpdater
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AlxSSB2.AlxAutoUpdater.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AlxSSB2.AlxTBSSB
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AlxSSB2.AlxTBSSB.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4219427B-0228-4356-A78B-EB7668D37D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4219427B-0228-4356-A78B-EB7668D37D07}]
[-] Key deleted: HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\AppDataLow\Software\Freecause
[-] Key deleted: HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Freecause
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Freecause
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Freecause
[-] Key deleted: [x64] HKLM\SOFTWARE\Alexa Toolbar
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar


***** [ Web browsers ] *****

[-] [C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbdfnhblopmjjmghkgflplloabcclbmj
[-] [C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gngocbkfmikdgphklgmmehbjjlfgdemm
[-] [C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\UmmNa\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\UmmNa\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5772 Bytes] - [13/07/2017 20:22:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [5919 Bytes] - [13/07/2017 20:15:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5918 Bytes] ##########




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by umm_s_000 (administrator) on TAAHIRAH (13-07-2017 21:10:39)
Running from C:\Users\umm_s_000\Downloads
Loaded Profiles: umm_s_000 (Available Profiles: umm_s_000 & UmmNa)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.3.322.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wakoopa) C:\Users\umm_s_000\AppData\Local\YouGov Pulse US\YouGov Pulse US.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [76912 2012-07-13] (cyberlink)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [557344 2017-04-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Run: [Google Update] => C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Run: [YouGov Pulse US] => C:\Users\umm_s_000\AppData\Local\YouGov Pulse US\YouGov Pulse US.exe [1215736 2017-06-23] (Wakoopa)
HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Run: [GoogleChromeAutoLaunch_8E7F8644AF5163B2634651059A947982] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Winlogon: [Shell] - <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\umm_s_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WizIQ Desktop.lnk [2016-09-15]
ShortcutTarget: WizIQ Desktop.lnk -> C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-770772059-380845386-3500025744-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-770772059-380845386-3500025744-1002] => http=127.0.0.1:64550;https=127.0.0.1:64550
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{2cc2820f-1945-4e22-a35a-2c0473974a1f}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{c2acd69e-fa16-4750-a9b1-cb4683666294}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell United States Official Site | Dell United States
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO -> {1d970ed5-3eda-438d-bffd-715931e2775d} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-770772059-380845386-3500025744-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-04-17] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-04-17] (McAfee, Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-770772059-380845386-3500025744-1002 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\umm_s_000\AppData\Roaming\TomTom\HOME\Profiles\1kj0q7ao.default [2015-06-27]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\umm_s_000\AppData\Roaming\Mozilla\Firefox\Profiles\pt8ulg5j.default [2017-07-13]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pt8ulg5j.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\pt8ulg5j.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\pt8ulg5j.default -> Google
FF Extension: (Desktop messenger for WhatsApp™) - C:\Users\umm_s_000\AppData\Roaming\Mozilla\Firefox\Profiles\pt8ulg5j.default\Extensions\[email protected] [2017-02-20]
FF Extension: (SavvyConnect) - C:\Users\umm_s_000\AppData\Roaming\Mozilla\Firefox\Profiles\pt8ulg5j.default\Extensions\[email protected] [2017-05-16]
FF Extension: (Screenwise Meter) - C:\Users\umm_s_000\AppData\Roaming\Mozilla\Firefox\Profiles\pt8ulg5j.default\Extensions\[email protected] [2017-06-15]
FF Extension: (SwagButton) - C:\Users\umm_s_000\AppData\Roaming\Mozilla\Firefox\Profiles\pt8ulg5j.default\Extensions\[email protected] [2016-07-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\[email protected] => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-770772059-380845386-3500025744-1002: @citrixonline.com/appdetectorplugin -> C:\Users\umm_s_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-770772059-380845386-3500025744-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\umm_s_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-770772059-380845386-3500025744-1002: @talk.google.com/O1DPlugin -> C:\Users\umm_s_000\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-770772059-380845386-3500025744-1002: @tools.google.com/Google Update;version=3 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-770772059-380845386-3500025744-1002: @tools.google.com/Google Update;version=9 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-770772059-380845386-3500025744-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\umm_s_000\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-10] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\umm_s_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\umm_s_000\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-07-13] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-13] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/search
CHR StartupUrls: Default -> "hxxp://www.google.com/search","hxxp://mail.yahoo.com/"
CHR Profile: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default [2017-07-13]
CHR Extension: (Google Slides) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
CHR Extension: (Google Docs) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
CHR Extension: (Google Drive) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (SavvyConnect) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbdfnhblopmjjmghkgflplloabcclbmj [2017-07-13]
CHR Extension: (YouTube) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Background Image for Google™ Homepage) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedihplmdadkgmhdlblolekfbpghnppa [2016-07-29]
CHR Extension: (Adblock Plus) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google Search) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
CHR Extension: (Whatsapp Web) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahehbojcacaklcdefjblcpcpammjlj [2017-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (SwagButton) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-07-13]
CHR Extension: (Screenwise Meter) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmclfdibpffglligfnnppjocdlhgjbb [2017-05-30]
CHR Extension: (Flower Power) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmneifajijolpgdmmlnhocigfomagnae [2016-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Profile: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-02-18]
CHR Profile: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-13]
CHR Extension: (Google Docs) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-03]
CHR Extension: (Google Drive) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]
CHR Extension: (YouTube) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]
CHR Extension: (Google Search) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-17]
CHR Extension: (Gmail) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-03]
CHR Profile: C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-30]
CHR Extension: (Google Slides) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (YouTube) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
CHR Extension: (Google Search) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
CHR Extension: (Google Sheets) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
CHR Extension: (Gmail) - C:\Users\umm_s_000\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2016-09-13] (Coupons.com Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-04-04] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-10] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [52696 2017-06-28] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
R2 ZoomCptService; C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe [24752 2017-07-10] (Zoom Video Communications, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
S3 lehidmini; C:\WINDOWS\System32\drivers\leath_hid.sys [39704 2012-08-08] (Atheros)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-03] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 qca_shb; C:\WINDOWS\System32\drivers\qca_shb.sys [99328 2012-08-08] (Qualcomm Atheros Communications Inc.) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-12-10] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-13 21:10 - 2017-07-13 21:15 - 00031525 _____ C:\Users\umm_s_000\Downloads\FRST.txt
2017-07-13 21:10 - 2017-07-13 21:10 - 00000000 ____D C:\FRST
2017-07-13 21:09 - 2017-07-13 21:09 - 02435584 _____ (Farbar) C:\Users\umm_s_000\Downloads\FRST64.exe
2017-07-13 21:04 - 2017-07-13 21:04 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-07-13 21:04 - 2017-07-13 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-07-13 21:03 - 2017-07-13 21:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-07-13 20:55 - 2017-07-13 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-07-13 20:43 - 2017-07-13 20:43 - 00006037 _____ C:\Users\umm_s_000\Downloads\AdwCleaner[C0].txt
2017-07-13 20:09 - 2017-07-13 20:22 - 00000000 ____D C:\AdwCleaner
2017-07-13 20:08 - 2017-07-13 20:08 - 04110280 _____ C:\Users\umm_s_000\Downloads\AdwCleaner.exe
2017-07-13 08:07 - 2017-04-21 17:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-07-13 08:07 - 2017-04-21 17:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-07-13 08:06 - 2017-04-21 17:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-07-13 08:06 - 2017-04-11 14:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-07-13 08:06 - 2017-03-15 14:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-07-13 08:05 - 2017-04-21 17:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-07-13 08:05 - 2017-04-11 14:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-07-13 08:05 - 2017-03-15 14:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-07-13 07:54 - 2017-07-13 20:39 - 00004166 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-07-12 09:06 - 2017-07-12 09:06 - 00049736 _____ C:\Users\umm_s_000\Downloads\DDS.txt
2017-07-12 09:05 - 2017-07-12 09:05 - 00007486 _____ C:\Users\umm_s_000\Downloads\Attach.txt
2017-07-12 09:04 - 2017-07-12 09:04 - 00049736 _____ C:\Users\umm_s_000\Desktop\dds.txt
2017-07-12 09:04 - 2017-07-12 09:04 - 00007486 _____ C:\Users\umm_s_000\Desktop\attach.txt
2017-07-12 08:53 - 2017-07-12 08:53 - 00688992 ____R (Swearware) C:\Users\umm_s_000\Downloads\dds.scr
2017-07-10 07:51 - 2017-07-10 07:51 - 00001985 _____ C:\Users\umm_s_000\Desktop\Zoom.lnk
2017-07-10 07:50 - 2017-07-10 07:50 - 00000000 ____D C:\Users\umm_s_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-07-07 19:07 - 2017-07-07 19:07 - 00000000 ___HD C:\OneDriveTemp
2017-07-07 17:59 - 2017-07-07 17:59 - 00003932 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
2017-07-07 10:43 - 2017-07-13 19:59 - 00004356 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-29 13:23 - 2017-06-29 13:23 - 00000000 ____D C:\Program Files (x86)\Dell Update
2017-06-29 12:23 - 2017-06-29 12:24 - 64232976 _____ (Malwarebytes ) C:\Users\umm_s_000\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-27 23:01 - 2017-06-27 23:01 - 00011866 _____ C:\Users\umm_s_000\Downloads\PATXJFS PARP30E 17175013538188185.pdf
2017-06-27 20:20 - 2017-06-27 20:20 - 00000000 ____D C:\ProgramData\XDMessagingv4
2017-06-26 16:17 - 2017-06-26 16:17 - 00529200 _____ C:\Users\umm_s_000\Downloads\2017-06-19.pdf
2017-06-26 15:53 - 2017-06-26 15:53 - 00003896 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-06-26 15:52 - 2017-06-26 15:52 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-06-26 15:51 - 2017-07-07 17:57 - 00000000 ____D C:\ProgramData\SupportAssist
2017-06-22 16:32 - 2017-06-22 16:32 - 00002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2017-06-22 16:31 - 2017-06-22 16:31 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-06-22 16:31 - 2017-06-22 16:31 - 00000000 ____D C:\Program Files\Dell Support Center
2017-06-21 22:26 - 2017-06-21 22:26 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-18 19:17 - 2017-06-18 19:17 - 00000000 ____D C:\WINDOWS\Panther
2017-06-17 01:58 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-17 01:58 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-17 01:58 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-17 01:58 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-17 01:58 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-17 01:58 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-17 01:58 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-17 01:58 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-17 01:58 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-17 01:58 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-17 01:58 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-17 01:58 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-17 01:58 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-17 01:57 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-17 01:57 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-17 01:57 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-17 01:57 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-17 01:57 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-17 01:57 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-17 01:57 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-17 01:57 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-17 01:57 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-17 01:57 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-17 01:57 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-17 01:57 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-17 01:57 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-17 01:57 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-17 01:57 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-17 01:57 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-17 01:57 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-17 01:57 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-17 01:57 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-17 01:57 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-17 01:57 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-17 01:57 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-17 01:57 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-17 01:57 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-17 01:57 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-17 01:57 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-17 01:57 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-17 01:57 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-17 01:57 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-17 01:56 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-17 01:56 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-17 01:56 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-17 01:56 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-17 01:56 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-17 01:56 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-17 01:56 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-17 01:56 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-17 01:56 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-17 01:55 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-17 01:55 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-17 01:55 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-17 01:55 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-17 01:55 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-17 01:55 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-17 01:55 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-17 01:55 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-17 01:54 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-17 01:54 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-17 01:54 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-17 01:54 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-17 01:54 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-17 01:54 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-17 01:54 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-17 01:54 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-17 01:54 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-17 01:53 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-17 01:52 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-17 01:52 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-17 01:52 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-17 01:52 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-17 01:52 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-17 01:52 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-17 01:52 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-17 01:52 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-17 01:51 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-17 01:51 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-17 01:51 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-17 01:51 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-17 01:51 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-17 01:51 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-17 01:51 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-17 01:51 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-17 01:51 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-17 01:50 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-17 01:50 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-17 01:50 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-17 01:50 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-17 01:50 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-17 01:50 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-17 01:50 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-17 01:50 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-17 01:50 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-17 01:50 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-17 01:50 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-17 01:50 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-17 01:50 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-17 01:50 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-17 01:50 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-17 01:50 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-17 01:50 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-17 01:50 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-17 01:50 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-17 01:50 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-17 01:49 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-17 01:49 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-17 01:49 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-17 01:49 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-17 01:49 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-17 01:48 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-17 01:48 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-17 01:48 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-17 01:48 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-17 01:48 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-17 01:48 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-17 01:48 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-17 01:48 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-17 01:47 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-17 01:47 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-17 01:47 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-17 01:47 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-17 01:47 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-17 01:47 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-17 01:47 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-17 01:47 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-17 01:46 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-17 01:46 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-17 01:46 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-17 01:46 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-17 01:46 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-17 01:46 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-17 01:46 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-17 01:46 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-17 01:46 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-17 01:46 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-17 01:46 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-17 01:46 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-17 01:46 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-17 01:46 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-17 01:46 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-17 00:53 - 2017-06-17 00:53 - 04832335 _____ C:\Users\umm_s_000\Downloads\2017-06-07-VIDEO-00010498.mp4
2017-06-17 00:35 - 2017-06-17 00:35 - 65063900 _____ C:\Users\umm_s_000\Documents\Caramel Carrot Cake.mp4
2017-06-17 00:21 - 2017-06-17 00:21 - 09059667 _____ C:\Users\umm_s_000\Downloads\2017-06-05-VIDEO-00000221.mp4
2017-06-17 00:12 - 2017-06-17 00:13 - 08326184 _____ C:\Users\umm_s_000\Downloads\2017-06-06-VIDEO-00010477.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-13 21:04 - 2015-11-26 11:50 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-07-13 20:57 - 2016-09-27 23:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-13 20:56 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-13 20:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-13 20:55 - 2017-01-12 10:16 - 00004426 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2017-07-13 20:55 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-13 20:53 - 2016-09-28 00:27 - 00003372 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2017-07-13 20:52 - 2014-07-04 10:38 - 00000000 __RDO C:\Users\umm_s_000\OneDrive
2017-07-13 20:51 - 2014-07-04 10:41 - 00000000 __SHD C:\Users\umm_s_000\IntelGraphicsProfiles
2017-07-13 20:47 - 2016-09-28 00:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-13 20:47 - 2015-07-30 09:39 - 00150264 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2017-07-13 20:46 - 2016-07-16 02:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-13 20:40 - 2016-10-27 18:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-13 20:03 - 2016-09-28 00:27 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-07-13 20:03 - 2016-09-28 00:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-07-13 20:03 - 2014-07-03 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-13 19:59 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-13 08:17 - 2017-03-18 10:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 09:04 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-10 17:41 - 2014-09-22 15:07 - 00000000 ____D C:\Users\umm_s_000\AppData\Local\ElevatedDiagnostics
2017-07-10 07:51 - 2016-11-12 11:47 - 00000000 ____D C:\Users\umm_s_000\AppData\Roaming\Zoom
2017-07-09 21:59 - 2016-12-09 00:40 - 00000000 ____D C:\Users\umm_s_000\AppData\LocalLow\Mozilla
2017-07-07 10:51 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-07-07 00:49 - 2017-05-12 17:03 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-07 00:49 - 2017-05-12 17:03 - 00000000 ____D C:\Program Files\UNP
2017-07-07 00:38 - 2014-06-27 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-03 13:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-03 13:24 - 2017-01-12 10:00 - 00000000 ____D C:\Users\umm_s_000\AppData\Local\Verto Analytics
2017-06-30 19:54 - 2017-05-16 15:59 - 00000000 ____D C:\Users\umm_s_000\AppData\Local\Deployment
2017-06-29 13:27 - 2015-07-30 09:44 - 01527420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-29 13:23 - 2014-06-27 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-29 13:14 - 2016-03-02 12:07 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-29 13:07 - 2016-09-27 23:35 - 00000000 ____D C:\Users\umm_s_000
2017-06-29 13:05 - 2014-08-25 01:20 - 00000000 ____D C:\Program Files\InboxDollars
2017-06-29 13:05 - 2014-08-25 01:20 - 00000000 ____D C:\Program Files (x86)\InboxDollars
2017-06-29 13:04 - 2014-09-19 15:25 - 00000000 ____D C:\Program Files (x86)\iolo
2017-06-27 21:28 - 2016-04-29 22:40 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 21:28 - 2016-04-29 22:40 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-27 20:19 - 2015-03-31 23:10 - 00000000 ____D C:\Program Files (x86)\SmartApp
2017-06-26 15:51 - 2014-06-18 18:37 - 00000000 ____D C:\Program Files\Dell
2017-06-24 13:40 - 2014-06-18 18:31 - 00000000 ____D C:\ProgramData\PCDr
2017-06-21 22:30 - 2014-06-27 08:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-21 22:28 - 2016-09-27 23:24 - 00386576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-21 22:26 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-21 22:26 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-21 22:26 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-20 22:48 - 2016-12-12 20:45 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 22:48 - 2015-07-30 10:44 - 00002417 _____ C:\Users\umm_s_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-18 20:06 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 20:06 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-18 19:16 - 2014-06-27 19:40 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-16 14:12 - 2016-01-17 15:25 - 00000000 ____D C:\Users\umm_s_000\Documents\Islam

==================== Files in the root of some directories =======

2015-07-14 13:49 - 2015-07-14 13:49 - 0000017 _____ () C:\Users\umm_s_000\AppData\Local\resmon.resmoncfg
2016-04-17 09:20 - 2016-03-13 15:40 - 0031648 _____ (Bomgar) C:\Users\umm_s_000\AppData\Local\[email protected]!-217681569260882493958-32.tmp
2016-04-17 09:20 - 2016-03-13 15:40 - 0036768 _____ (Bomgar) C:\Users\umm_s_000\AppData\Local\[email protected]!-217681569260882493958-64.tmp
2016-09-27 23:30 - 2016-09-27 23:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-03 10:49 - 2015-03-03 10:51 - 0000347 _____ () C:\ProgramData\hpzinstall.log
2014-06-18 18:22 - 2014-06-18 18:22 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-06-18 18:14 - 2014-06-18 18:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-06-18 18:15 - 2014-06-18 18:18 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-06-18 18:13 - 2014-06-18 18:13 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-06-18 18:18 - 2014-06-18 18:21 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
2017-06-30 19:53 - 2017-05-16 15:58 - 0265840 _____ (Luth Research LLC.) C:\Users\umm_s_000\AppData\Local\Temp\SCUninstall.exe
2017-06-28 14:41 - 2017-06-28 14:41 - 0968344 _____ () C:\Users\umm_s_000\AppData\Local\Temp\update_1.9.9.4.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-09 21:56

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (44.7 KB, 15 views)
Taahirah is offline  
Sponsored Links
Advertisement
 
Old 07-13-2017, 08:14 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Taahirah.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.30.4\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    Task: {00A975C9-9923-4D2B-9ABF-69AD92F99494} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
    Task: {0C853911-B0DD-4AEA-9126-02131A14CD58} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {12357A17-E032-4701-A15C-3B2A8FE16852} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {241B4324-C012-4CCF-8B06-EEAB7BAF96E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {26433B57-7B35-45FD-93FB-AD9CFA4608AF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {2E2D508C-9CB6-4A83-94CA-150658A16F4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {40486CDA-3F1D-402F-9AB6-DCBE66B423B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {69477E75-94AE-4C39-843A-791332E98C80} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
    Task: {7013F92E-5894-4A9C-AF56-3A9E6D63A53E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {708B712D-DAD7-4AAA-AB21-48183F907628} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {8B62483D-53AA-4C9D-A0CF-53180343D3D0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {A2D74240-0E79-40FD-93C1-792A1CF077BF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {C2A67A1D-AF2C-4ACB-B648-A98CDCF40E9B} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
    Task: {E1E352EF-6737-45D5-B16D-E281CA9B8B73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Run: [Zoom] => [X]
    HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Winlogon: [Shell] - <==== ATTENTION
    ShortcutTarget: WizIQ Desktop.lnk -> C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe (No File)
    ProxyEnable: [S-1-5-21-770772059-380845386-3500025744-1002] => Proxy is enabled.
    ProxyServer: [S-1-5-21-770772059-380845386-3500025744-1002] => http=127.0.0.1:64550;https=127.0.0.1:64550
    FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\[email protected] => not found
    FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\npfirefoxtracker.dll [No File]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-07-13] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-13] <==== ATTENTION
    RemoveProxy:
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-15-2017, 05:42 PM   #5
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work:

They are both in the same location but I can't move the folders right next to each other. Does it matter?
Taahirah is offline  
Old 07-15-2017, 07:10 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



No, it doesn't matter, as long as both are in the same folder, or both on the desktop.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-16-2017, 12:04 PM   #7
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by umm_s_000 (16-07-2017 00:00:03) Run:1
Running from C:\Users\umm_s_000\Downloads
Loaded Profiles: umm_s_000 (Available Profiles: umm_s_000 & UmmNa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.30.4\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\umm_s_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {00A975C9-9923-4D2B-9ABF-69AD92F99494} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {0C853911-B0DD-4AEA-9126-02131A14CD58} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {12357A17-E032-4701-A15C-3B2A8FE16852} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {241B4324-C012-4CCF-8B06-EEAB7BAF96E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {26433B57-7B35-45FD-93FB-AD9CFA4608AF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2E2D508C-9CB6-4A83-94CA-150658A16F4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {40486CDA-3F1D-402F-9AB6-DCBE66B423B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {69477E75-94AE-4C39-843A-791332E98C80} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {7013F92E-5894-4A9C-AF56-3A9E6D63A53E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {708B712D-DAD7-4AAA-AB21-48183F907628} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8B62483D-53AA-4C9D-A0CF-53180343D3D0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A2D74240-0E79-40FD-93C1-792A1CF077BF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C2A67A1D-AF2C-4ACB-B648-A98CDCF40E9B} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {E1E352EF-6737-45D5-B16D-E281CA9B8B73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-770772059-380845386-3500025744-1002\...\Winlogon: [Shell] - <==== ATTENTION
ShortcutTarget: WizIQ Desktop.lnk -> C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe (No File)
ProxyEnable: [S-1-5-21-770772059-380845386-3500025744-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-770772059-380845386-3500025744-1002] => http=127.0.0.1:64550;https=127.0.0.1:64550
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\[email protected] => not found
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-07-13] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-13] <==== ATTENTION
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00A975C9-9923-4D2B-9ABF-69AD92F99494} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00A975C9-9923-4D2B-9ABF-69AD92F99494} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C853911-B0DD-4AEA-9126-02131A14CD58} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C853911-B0DD-4AEA-9126-02131A14CD58} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12357A17-E032-4701-A15C-3B2A8FE16852} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12357A17-E032-4701-A15C-3B2A8FE16852} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{241B4324-C012-4CCF-8B06-EEAB7BAF96E0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{241B4324-C012-4CCF-8B06-EEAB7BAF96E0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26433B57-7B35-45FD-93FB-AD9CFA4608AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26433B57-7B35-45FD-93FB-AD9CFA4608AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E2D508C-9CB6-4A83-94CA-150658A16F4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2D508C-9CB6-4A83-94CA-150658A16F4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40486CDA-3F1D-402F-9AB6-DCBE66B423B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40486CDA-3F1D-402F-9AB6-DCBE66B423B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69477E75-94AE-4C39-843A-791332E98C80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69477E75-94AE-4C39-843A-791332E98C80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7013F92E-5894-4A9C-AF56-3A9E6D63A53E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7013F92E-5894-4A9C-AF56-3A9E6D63A53E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{708B712D-DAD7-4AAA-AB21-48183F907628} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{708B712D-DAD7-4AAA-AB21-48183F907628} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B62483D-53AA-4C9D-A0CF-53180343D3D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B62483D-53AA-4C9D-A0CF-53180343D3D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2D74240-0E79-40FD-93C1-792A1CF077BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2D74240-0E79-40FD-93C1-792A1CF077BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2A67A1D-AF2C-4ACB-B648-A98CDCF40E9B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A67A1D-AF2C-4ACB-B648-A98CDCF40E9B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1E352EF-6737-45D5-B16D-E281CA9B8B73} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1E352EF-6737-45D5-B16D-E281CA9B8B73} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => value removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe => not found.
HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@nielsen/FirefoxTracker => key removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js => moved successfully
C:\Program Files (x86)\mozilla firefox\mozilla.cfg => moved successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-770772059-380845386-3500025744-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{C655B72A-9793-4922-AC52-B5A059900B9C} canceled.
{EDA41726-E218-4C6C-92FB-A03F3BC51D17} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19136537 B
Java, Flash, Steam htmlcache => 950 B
Windows/system/drivers => 115555653 B
Edge => 21640826 B
Chrome => 574591332 B
Firefox => 24137501 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 850463 B
systemprofile32 => 0 B
LocalService => 586264 B
NetworkService => 2880 B
umm_s_000 => 270691570 B
UmmNa.TAAHIRAH => 6783 B

RecycleBin => 5499921 B
EmptyTemp: => 984.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:08:18 ====
Taahirah is offline  
Old 07-16-2017, 12:06 PM   #8
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



I'm still having the proxy issue even after the fix.
Taahirah is offline  
Old 07-16-2017, 08:25 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Taahirah. Well, that was my next question. Sorry to hear that. A few questions...

Do you know how to export your Chrome bookmarks, passwords, etc. and save them?

Or, do you have them all in Firefox?

You will probably have to uninstall, delete your profile, then re-install Chrome. Not now, later.

Next...

Open Chrome and copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://extensions

Do you see any extensions that you don't use, didn't install, etc.?

If so, click the trash can icon by it/them...

When prompted, click 'Remove'. Restart Chrome.

Is the proxy still there? Does the proxy remain/return after rebooting? Let me know.

---------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-17-2017, 05:37 AM   #10
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



Yes after rebooting the proxy is still there.
Taahirah is offline  
Old 07-17-2017, 05:39 AM   #11
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



Sorry I forgot to answer your first question. I exported my chrome bookmarks in the past but I don't remember how I did it. I don't think they are on firefox.
Taahirah is offline  
Old 07-17-2017, 01:17 PM   #12
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



I also forgot to mention that the proxy issue that I have is on firefox as well. I'm not able to change the settings to no proxy.
Taahirah is offline  
Old 07-17-2017, 09:48 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Taahirah. I'm not seeing the culprit here.

Do you remember the exact date the problem started?

Do you remember what you were doing on the machine when it started?

Were you, or had you been, making any changes to your machine?

Or did it just appear one day on startup? Did you run any tools before coming here for help?

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings /s
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings /s
    :regfind
    ProxySettingsPerUser
    Security_HKLM_only
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-19-2017, 09:51 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Taahirah. Any trouble with those last instructions?

Did a little digging once you mentioned it wasn't browser specific.

I see you have SmartApp installed:

Quote:
2017-06-27 20:19 - 2015-03-31 23:10 - 00000000 ____D C:\Program Files (x86)\SmartApp
Is that about when you started having this proxy issue?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-20-2017, 04:08 AM   #15
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



Sorry for the delay. I don't remember the exact date it started. It has been going on for about a year or longer. I don't remember any exact details behind when it all started. I just remember I started having issues with my internet connection and I couldn't figure out why. So one day I happen to be on the phone with my internet service provider and I asked concerning the issue and he showed me how to go under LAN settings and change it from proxy to manual. So basically what would happen is that when I would start up my laptop the internet connection would automatically set to proxy so I would have to change it back to manual and everything would be fine until I have to restart again. Now recently the issue is it keeps changing to proxy whether I restart or not and I have to constantly change it through the duration of me using my laptop.

I have been with Smart Panel for about 2 years now. I don't remember if the issue started before or after installing it.

The only thing I tried doing before coming here for help was run McAfee and Malwarebytes but it didn't help obviously.

I didn't run the recent tool yet sorry. I was going to do it last night but I forgot. I will try doing it today. Thanks for all of your help. I really appreciate it.
Taahirah is offline  
Old 07-20-2017, 07:05 PM   #16
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



SystemLook 30.07.11 by jpshortstuff
Log created at 22:00 on 20/07/2017 by umm_s_000
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
(No values found)

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
(No values found)


[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
(No values found)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
(No values found)


[HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings]
(Unable to open key - key not found)

========== regfind ==========

Searching for "ProxySettingsPerUser"
No data found.

Searching for "Security_HKLM_only"
No data found.

-= EOF =-
Taahirah is offline  
Old 07-20-2017, 07:35 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Taahirah. You're very welcome.

Read the first line here:

Malware scan of smartapp.exe (PCMeter) 1e568f0785f95f4f65b181eac6b29dc39198ccf2 - herdProtect

Uninstall SmartApp, reboot, and see if the problem remains. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-21-2017, 04:05 PM   #18
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



Well it looks like Smartapp was the culprit. I never would have thought it. So far no proxy issues and I restarted my pc twice. Automatic detect settings has not changed to proxy.
Taahirah is offline  
Old 07-22-2017, 03:30 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java 8 Update 77

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > https://java.com/en/

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-24-2017, 02:51 PM   #20
Registered Member
 
Join Date: Jul 2017
Posts: 38
OS: Windows 10



Sorry for the delay. Just letting you know I'm working on what you asked me to do last. Thank you.
Taahirah is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] my internet keep getting disconnecting connecting
Hi.I'm new on this forum.I got problem with my internet connection.It keeps dropping then connecting by itself.I cant download anything because in the middle it just drops.My connection is wireless and is cable.My other housemates who have laptops like me have no problem with connection.I took my...
jumrose123 Networking Support 52 03-21-2014 05:18 PM
Mac OS X Server Forward Proxy(Web Caching)...setup a website for the proxy???
My office is a Mac environment with a couple of windows pcs. To save on bandwidth i would like to setup a Mac OS X Snow leopard server with a web caching proxy, forward proxy. I read this link from apple Server Admin 10.6 Help: Configuring Web Service Proxy Settings i understand that to...
akabbara Mac Support 0 06-30-2011 11:30 PM
Proxy Issues
Hey everyone. The internet I use at work requires a proxy to use (I connect to the network, which is unpassworded, and then go to my proxy settings and configure the IP and Port for the proxy server, and I use that same one for all protocols). After setting it up with the proxy I've been told, the...
help_needed Networking Support 6 04-29-2011 02:56 PM
Need Help on startup listStartupList report, 11/04/2011, 10:10:33 StartupList version
StartupList report, 11/04/2011, 10:10:33 StartupList version: 1.52.2 Started from : C:\Documents and Settings\amy\My Documents\Downloads\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v8.00 (8.00.6001.18702) * Using default options * Including empty and...
leerobert Virus/Trojan/Spyware Help 2 04-15-2011 08:27 AM
REMOTE Hacker - Bank Accounts, Email, Facebook and Administration Control
Hello Tech Support Members. This is long, though it is a culmination of past (solved threads, that aren't) information all in one as well as an all around plea to the selfless experts. I am creating this final last ditch thread to help shed some light on a real enigma that has been cloaking my...
fiLmNut Virus/Trojan/Spyware Help 4 01-21-2011 05:33 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:30 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts