Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible malware (arcadepatriot.com) in Google Chrome browser

This is a discussion on Possible malware (arcadepatriot.com) in Google Chrome browser within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I just recently started using Google Chrome as my default browser. Previously used Firefox. Firefox performance had slowed significantly,


 
 
Thread Tools Search this Thread
Old 09-19-2016, 11:41 AM   #1
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Hello, I just recently started using Google Chrome as my default browser. Previously used Firefox. Firefox performance had slowed significantly, not sure if due to malware. Google Chrome has some malware attached to it from the website arcadepatriot.com. When clicking on "legitimate" links, this site also triggers popup ads, etc. in separate browser window. Running on Windows 10.

Here is the DDS text:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.31.2
Run by Dell Inspiron at 14:30:27 on 2016-09-19
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.8049.4114 [GMT -4:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Intel\BCA\pabeSvc64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\igfxTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
C:\Users\Dell Inspiron\AppData\Local\Apps\2.0\DCNPLHJ2.DB3\ZP4G69W5.9WX\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\sysWow64\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11193&guid={B0D42D72-B7AD-46BC-B409-6CB151A72754}&i=
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Like: {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Simple: {886bf106-6ebf-4ef4-8676-6663caabbda4} -
BHO: Music Search App (Dist. by Bandoo Media, Inc.): {88d8ecb7-204f-4efd-8134-f6341f76c672} -
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
TB: Music Search App (Dist. by Bandoo Media, Inc.): {88d8ecb7-204f-4efd-8134-f6341f76c672} -
TB: Yahoo Toolbar: {10EE7BCD-5A88-4922-82AD-957FEAE222BA} -
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [cdloader] "C:\Users\Dell Inspiron\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [DellSystemDetect] C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [EPSON Artisan 725] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATIHQA.EXE /FU "C:\Users\DELLIN~1\AppData\Local\Temp\E_SF50A.tmp" /EF "HKCU"
uRun: [EPLTarget\P0000000000000002] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000002" /M "WF-3540 Series"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [OneDrive] "C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRunOnce: [Uninstall C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
uRunOnce: [Uninstall C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Internet Helper Anti-phishing] "C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Avira System Speedup User Starter] "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
dRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3540 Series"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{839a14cb-e4fa-4c2b-9890-97338570ccca} : DHCPNameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{c49f85b0-4b0d-42a0-bce6-d03c89396128} : DHCPNameServer = 64.233.217.2 64.233.217.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Music Search App (Dist. by Bandoo Media, Inc.): {88d8ecb7-204f-4efd-8134-f6341f76c672} -
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Music Search App (Dist. by Bandoo Media, Inc.): {88d8ecb7-204f-4efd-8134-f6341f76c672} -
x64-TB: Yahoo Toolbar: {10EE7BCD-5A88-4922-82AD-957FEAE222BA} -
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.comÂ*-Â*This website is for sale!Â*-Â*spywareinfo Resources and Information.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\WINDOWS\System32\drivers\gfibto.sys [2013-8-22 14456]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-10-27 651832]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2015-7-23 31376]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2016-5-30 35488]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-21 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-5-30 470600]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-5-30 470600]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-9-2 77104]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2016-5-30 144664]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-8-19 324304]
R2 AviraUpdaterService;Avira Updater Service;C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [2016-9-12 26760]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2016-5-30 78208]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-5-25 1364096]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-5-25 1687680]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-7-2 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-7-2 131072]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\Epson\EpsonCustomerParticipation\EPCP.exe [2012-5-10 674800]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2013-7-6 135824]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-6-15 2451456]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;C:\Program Files\Intel\BCA\pabeSvc64.exe [2016-7-28 3036312]
R2 internethelper_antiphishing;internethelper_antiphishing Service;C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe -- --> C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe -- [?]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-19 21055432]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-5-30 2102496]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-5-31 224712]
R2 SpeedupService;Avira System Speedup;C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [2016-8-12 27632]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-17 5341536]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 TrueKey;Intel Security True Key;C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2016-8-10 920616]
R2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\drivers\TurboB.sys [2012-5-30 16168]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2012-9-13 162344]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2015-7-1 79632]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-5-7 442368]
R3 internethelper_antiphishingd;internethelper_antiphishingd driver;C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingd.sys [2014-5-9 51912]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2015-10-30 3343872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-5 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-6-5 40392]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-8-13 896744]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-30 24576]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-5-30 989696]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-5-30 1454720]
S2 AviraPhantomVPN;Avira Phantom VPN;C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [2016-7-29 234352]
S2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-27 173192]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 InstallerService;Service Installer TrueKey;"C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" --> C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-5-30 1750712]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S2 TrueKeyScheduler;Intel Security True Key Scheduler;C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-6-26 16248]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-12-25 448384]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-13 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-12-27 20872]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 gfiark;gfiark;C:\WINDOWS\System32\drivers\gfiark.sys [2013-8-27 41032]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-6-14 169752]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [2016-7-19 327944]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-3-1 1997168]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2013-6-15 315536]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 TrueKeyServiceHelper;Intel Security True Key Helper Service;C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2016-8-10 86864]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-21 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-5-21 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-21 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-5-21 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-5-21 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-5-21 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2016-07-26 11:42:35 144664 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
.
============= FINISH: 14:32:21.59 ===============


attach.txt attached as requested. Please advise next steps.

Thanks, Jeff
Attached Files
File Type: txt attach.txt (14.2 KB, 25 views)
JoshandDad is offline  
Sponsored Links
Advertisement
 
Old 09-19-2016, 12:25 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Why do you have only 1 system restore point?

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if they still exist:

Itibiti RTC<<Please read this

Please delete the following Folder if it still exists:

C:\Program Files (x86)\Itibiti Soft Phone

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "%userprofile%\AppData\Roaming\Itibiti Soft Phone"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c rd /s /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR"

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-19-2016, 01:45 PM   #3
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



I manually created a restore point. Is there a way to schedule creation of restore points at regular intervals, or should I be creating manually periodically?

AdwCleaner log:

# AdwCleaner v6.020 - Logfile created 19/09/2016 at 16:25:44
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-19.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Dell Inspiron - DELL_I17
# Running from : C:\Users\Dell Inspiron\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\AskPartnerNetwork
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\LocalLow\searchresultstb
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Roaming\GoldenGate
[-] Folder deleted: C:\Users\gamin_000\AppData\Local\AskPartnerNetwork
[-] Folder deleted: C:\Users\gamin_000\AppData\Local\jZip
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\adawaretb
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\Smartbar
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\AskPartnerNetwork
[-] Folder deleted: C:\ProgramData\torchcrashhandler
[#] Folder deleted on reboot: C:\ProgramData\Internet Helper Anti-phishing
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AskPartnerNetwork
[#] Folder deleted on reboot: C:\ProgramData\Application Data\torchcrashhandler
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Internet Helper Anti-phishing
[-] Folder deleted: C:\Program Files (x86)\AskPartnerNetwork
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_klibnahbojhkanfgaglnlalfkgpcppfi_0
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klibnahbojhkanfgaglnlalfkgpcppfi
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mogmppbjfkngfoaecoialclfiabnpndg_0
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mogmppbjfkngfoaecoialclfiabnpndg
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhjjdgbhohaallcimgcmakfiobacimkm
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jpcjbheblohnpcdodnjihpempmbineea
[-] Folder deleted: C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jpcjbheblohnpcdodnjihpempmbineea


***** [ Files ] *****

[-] File deleted: C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
[-] File deleted: C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] File deleted: C:\Users\Dell Inspiron\Desktop\gameo.lnk
[-] File deleted: C:\Users\Dell Inspiron\Desktop\Play Games Online.url
[-] File deleted: C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\extensions\[email protected]
[-] File deleted: C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\searchplugins\ask-search.xml
[-] File deleted: C:\Users\gamin_000\AppData\Roaming\Mozilla\Firefox\Profiles\5nnjt4we.default\searchplugins\ask-search.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
[-] File deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_epikbiglahnndfidencpcjhnefnmooeg_0.localstorage
[-] File deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mogmppbjfkngfoaecoialclfiabnpndg_0.localstorage
[-] File deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpcjbheblohnpcdodnjihpempmbineea_0.localstorage
[-] File deleted: C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpcjbheblohnpcdodnjihpempmbineea_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\gamin_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\gamin_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\gamin_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\gamin_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\ff8264c3-dfe7-efbd-89b1-f857a380d366
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r390-n-bc (1).exe
[-] Key deleted: HKLM\SOFTWARE\Classes\BrowserHTM
[-] Key deleted: HKLM\SOFTWARE\Classes\RebateI.CoRebateJS
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\BrowserHTM
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\RebateI.CoRebateJS
[-] Key deleted: HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
[-] Key deleted: HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{88D8ECB7-204F-4EFD-8134-F6341F76C672}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88D8ECB7-204F-4EFD-8134-F6341F76C672}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D8ECB7-204F-4EFD-8134-F6341F76C672}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88D8ECB7-204F-4EFD-8134-F6341F76C672}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88D8ECB7-204F-4EFD-8134-F6341F76C672}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88D8ECB7-204F-4EFD-8134-F6341F76C672}]
[-] Key deleted: HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\APNDTX
[-] Key deleted: HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\Browser
[-] Key deleted: HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\GoldenGate
[-] Key deleted: HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\SoftSuma
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\BuzzSearch
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\mysearchdial
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\SweetIM
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\WebConnect
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\wecarereminder
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKCU\Software\APNDTX
[#] Key deleted on reboot: HKCU\Software\Browser
[#] Key deleted on reboot: HKCU\Software\GoldenGate
[#] Key deleted on reboot: HKCU\Software\SoftSuma
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1D00}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\imeshjzipmusictoolbarIE
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\BuzzSearch
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\mysearchdial
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\WebConnect
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4145260611-1649676698-564753963-1001\Software\wecarereminder
[#] Key deleted on reboot: [x64] HKCU\Software\APNDTX
[#] Key deleted on reboot: [x64] HKCU\Software\Browser
[#] Key deleted on reboot: [x64] HKCU\Software\GoldenGate
[#] Key deleted on reboot: [x64] HKCU\Software\SoftSuma
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC0D100
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC0D100
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Data restored: HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
[-] Value deleted: HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Itibiti.exe]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Search Protection]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]
[-] Value deleted: HKLM\SOFTWARE\Classes\.htm\OpenWithProgIDs [BrowserHTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.html\OpenWithProgIDs [BrowserHTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [BrowserHTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [BrowserHTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [BrowserHTM]
[-] Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\speed browser
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
[#] Value deleted on reboot: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [wb.exe]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.search.hiddenOneOffs" - "Ask Search"
[-] Chrome preferences cleaned: "extensions.ORJ-SPE.domain" - "\"www.search.ask.com\""
[-] Chrome preferences cleaned: "extensions.ORJ-SPE.hpr_ff" - "\"hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11408&pf=V7&trgb=FF&p2=%5EBBG%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_35.0.1.5500&apn_uid=B563B313-09D8-4CF4-83A0-C9F2BC4F0896&itbv=12.24.1.51&doi=2015-02-20&psv=&pt=tb\""
[-] Chrome preferences cleaned: "extensions.ORJ-SPE.newTabSearchURL" - "\"hxxp://www.search.ask.com/web?o=APN11408&p2=%5EBBG%5EOSJ000%5EYY%5EUS&tpid=ORJ-SPE&gct=tab&apn_uid=B563B313-09D8-4CF4-83A0-C9F2BC4F0896&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_35.0.1.5500&itbv=12.24.1.51&doi=2015-02-20&trgb=FF&tbv=12.29.0.197&crxv=127.6&pf=V7&pt=tb&psv=&q=%7Bquery%7D\""
[-] Chrome preferences cleaned: "extensions.ORJ-SPE.searchURL" - "\"hxxp://www.search.ask.com/web?o=APN11408&p2=%5EBBG%5EOSJ000%5EYY%5EUS&tpid=ORJ-SPE&gct=bar&apn_uid=B563B313-09D8-4CF4-83A0-C9F2BC4F0896&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_35.0.1.5500&itbv=12.24.1.51&doi=2015-02-20&trgb=FF&tbv=12.29.0.197&crxv=127.6&pf=V7&pt=tb&psv=&q=%7Bquery%7D\""
[-] Chrome preferences cleaned: "extensions.enabledAddons" - "toolbar_ORJ-SPE%40apn.ask.com:127.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:48.0.2"
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "extensions.xpiState" - "{\"app-profile\":{\"@Maps\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\extensions\\\\@Maps.xpi\",\"e\":true,\"v\":\"3.1.2\",\"st\":1462646970730},\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\extensions\\\\[email protected]\",\"e\":true,\"v\":\"1.12.0.9060\",\"st\":1473353442277,\"mt\":1473353438578},\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\extensions\\\\[email protected]\",\"e\":true,\"v\":\"20160826.01\",\"st\":1473439858117},\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\extensions\\\\[email protected]\",\"e\":true,\"v\":\"1.4.1.371\",\"st\":1471055683760,\"mt\":1464709438000},\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\extensions\\\\[email protected]\",\"e\":true,\"v\":\"127.6\",\"st\":1452307989517}},\"app-system-addons\":{\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\features\\\\{600a1431-257f-4f79-8a8f-69a1772ee831}\\\\[email protected]\",\"e\":true,\"v\":\"1.2\",\"st\":1473871833030},\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\features\\\\{600a1431-257f-4f79-8a8f-69a1772ee831}\\\\[email protected]\",\"e\":true,\"v\":\"1.0.4\",\"st\":1473871832853},\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Dell Inspiron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oougxt8p.default\\\\features\\\\{600a1431-257f-4f79-8a8f-69a1772ee831}\\\\[email protected]\",\"e\":true,\"v\":\"1.4.4\",\"st\":1473871833022}},\"app-system-defaults\":{\"[email protected]\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\[email protected]\",\"e\":false,\"v\":\"1.1\",\"st\":1472079843313},\"[email protected]\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\[email protected]\",\"e\":false,\"v\":\"1.0.4\",\"st\":1472079843311},\"[email protected]\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\[email protected]\",\"e\":false,\"v\":\"1.4.4\",\"st\":1472079843190}},\"app-global\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi\",\"e\":true,\"v\":\"8.3.0.9150\",\"st\":1464183460000},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"48.0.2\",\"st\":1472079843353}},\"winreg-app-global\":{\"[email protected]\":{\"d\":\"C:\\\\Program Files (x86)\\\\Epson Software\\\\E-Web Print\\\\Firefox Add-on\",\"e\":false,\"v\":\"1.23.00\",\"st\":1397320227779,\"mt\":1432729826000}}}"
[-] Chrome preferences cleaned: "browser.newtab.url" - "hxxp://www.safesear.ch/?type=20150526-155-ff-nt"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://www.safesear.ch/?type=20150526-155-ff"
[-] Chrome preferences cleaned: "keyword.url" - "hxxp://www.safesear.ch/web/?type=ss-ff-kw&q="
[-] [C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ippkomaaonokjnfjoikaemidanojkfmm
[-] [C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jpcjbheblohnpcdodnjihpempmbineea
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearchdial.com_
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: start.mysearchdial.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearchdial.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: Search
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\the6o_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\the6o_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\the6o_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: Search


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [22595 Bytes] - [19/09/2016 16:25:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [19556 Bytes] - [19/09/2016 16:08:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [22743 Bytes] ##########

Farbar log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
Ran by Dell Inspiron (administrator) on DELL_I17 (19-09-2016 16:32:43)
Running from C:\Users\Dell Inspiron\Downloads
Loaded Profiles: Dell Inspiron (Available Profiles: Dell Inspiron & gamin_000 & the6o_000)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson\EpsonCustomerParticipation\EPCP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dell) C:\Users\Dell Inspiron\AppData\Local\Apps\2.0\DCNPLHJ2.DB3\ZP4G69W5.9WX\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Farbar) C:\Users\Dell Inspiron\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [717688 2015-11-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Internet Helper Anti-phishing] => "C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [17000 2016-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [cdloader] => C:\Users\Dell Inspiron\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77248 2016-06-24] (Intuit Inc.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [DellSystemDetect] => C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [EPSON Artisan 725] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\RunOnce: [Uninstall C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\RunOnce: [Uninstall C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\gamin_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk [2013-06-14]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\the6o_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk [2013-06-14]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.233.217.2 64.233.217.3
Tcpip\..\Interfaces\{839a14cb-e4fa-4c2b-9890-97338570ccca}: [DhcpNameServer] 64.233.217.2 64.233.217.3
Tcpip\..\Interfaces\{c49f85b0-4b0d-42a0-bce6-d03c89396128}: [DhcpNameServer] 64.233.217.2 64.233.217.3

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=0003295F&OHP=about%3Ablank&OSP=
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4145260611-1649676698-564753963-1001 -> DefaultScope {FF47A76A-350C-44DF-AC75-5C1D0FB27176} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4145260611-1649676698-564753963-1001 -> {4E95B672-94DC-4767-B9FD-B92F6732A566} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11193
SearchScopes: HKU\S-1-5-21-4145260611-1649676698-564753963-1001 -> {FF47A76A-350C-44DF-AC75-5C1D0FB27176} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Music Search App (Dist. by Bandoo Media, Inc.) -> {88d8ecb7-204f-4efd-8134-f6341f76c672} -> C:\Program Files (x86)\imeshjzipmusictoolbar\IE\searchresultsDx64.dll => No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09] (Intel Security)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-20] (Oracle Corporation)
BHO-x32: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-20] (Oracle Corporation)
Toolbar: HKLM - Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - C:\Program Files (x86)\imeshjzipmusictoolbar\IE\searchresultsDx64.dll No File
Toolbar: HKLM - Yahoo Toolbar - {10EE7BCD-5A88-4922-82AD-957FEAE222BA} - C:\Program Files (x86)\TNT2\2.0.0.1950\IEToolbar64.dll No File
Toolbar: HKLM-x32 - Yahoo Toolbar - {10EE7BCD-5A88-4922-82AD-957FEAE222BA} - C:\Program Files (x86)\TNT2\2.0.0.1950\ietoolbar.dll No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09] (Intel Security)
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default
FF Homepage: hxxp://www.cbssports.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (No Name) - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\extensions\[email protected] [not found]
FF Extension: (Maps) - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\Extensions\@Maps.xpi [2016-05-07]
FF Extension: (Avira Browser Safety) - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\Extensions\[email protected] [2016-09-08]
FF Extension: (Firefox Hotfix) - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\Extensions\[email protected] [2016-09-09]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\Extensions\[email protected] [2016-08-12]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - C:\Users\gamin_000\AppData\Roaming\Mozilla\Firefox\Profiles\5nnjt4we.default\extensions\{[email protected]} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - C:\Users\gamin_000\AppData\Roaming\Mozilla\Firefox\Profiles\5nnjt4we.default\extensions\{[email protected]} => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-10-16] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.cbssports.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default [2016-09-19]
CHR Extension: (Google Docs) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18]
CHR Extension: (YouTube) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18]
CHR Extension: (Google Search) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Avira Browser Safety) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-18]
CHR Extension: (Tab) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2015-06-02]
CHR Extension: (Google Docs Offline) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-26]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-08-16]
CHR Extension: (GamingTreasure) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcmmdegbeiialhkbkpnpmjmkbikhdane [2016-08-27]
CHR Extension: (Skype) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-26]
CHR Extension: (Gmail) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-09-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1454720 2016-09-06] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [234352 2016-07-29] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [26760 2016-09-12] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-25] ()
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel(R) Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-23] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2015-04-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [27632 2016-08-04] (Avira Operations GmbH & Co. KG)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [920616 2016-08-08] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-08] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-08] (McAfee, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S2 internethelper_antiphishing; C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe -- [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-05] (GFI Software)
S3 internethelper_antiphishingd; C:\ProgramData\Internet Helper Anti-phishing\internethelper_antiphishingd.sys [51912 2014-05-09] (Green search security)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 16:31 - 2016-09-19 16:31 - 02400256 _____ (Farbar) C:\Users\Dell Inspiron\Downloads\FRST64 (1).exe
2016-09-19 16:02 - 2016-09-19 16:25 - 00000000 ____D C:\AdwCleaner
2016-09-19 16:02 - 2016-09-19 16:02 - 03861056 _____ C:\Users\Dell Inspiron\Downloads\AdwCleaner.exe
2016-09-19 14:32 - 2016-09-19 14:32 - 00034832 _____ C:\Users\Dell Inspiron\Desktop\dds.txt
2016-09-19 14:32 - 2016-09-19 14:32 - 00014579 _____ C:\Users\Dell Inspiron\Desktop\attach.txt
2016-09-19 14:30 - 2016-09-19 14:30 - 00688992 ____R (Swearware) C:\Users\Dell Inspiron\Downloads\dds (1).scr
2016-09-19 13:31 - 2016-09-19 13:31 - 00148839 _____ C:\Users\Dell Inspiron\Downloads\PGRInsuranceIDCard.pdf
2016-09-19 13:05 - 2016-09-19 13:05 - 00192140 _____ C:\Users\Dell Inspiron\Downloads\EligibilityNotice (5).pdf
2016-09-19 12:49 - 2016-09-19 12:49 - 00192732 _____ C:\Users\Dell Inspiron\Downloads\EligibilityNotice (4).pdf
2016-09-19 12:11 - 2016-09-19 12:11 - 00197939 _____ C:\Users\Dell Inspiron\Downloads\EligibilityNotice (3).pdf
2016-09-15 16:44 - 2016-09-15 16:44 - 00001207 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-09-12 18:08 - 2016-09-12 18:08 - 00155106 _____ C:\Users\Dell Inspiron\Downloads\ESDCustomNotice (2).pdf
2016-09-09 14:41 - 2016-09-09 14:41 - 00197732 _____ C:\Users\Dell Inspiron\Downloads\EligibilityNotice (2).pdf
2016-09-09 14:38 - 2016-09-09 14:38 - 00128684 _____ C:\Users\Dell Inspiron\Documents\Mozal 2016 Annual Income002.pdf
2016-09-09 14:36 - 2016-09-09 14:36 - 00095341 _____ C:\Users\Dell Inspiron\Documents\Mozal 2016 Annual Income001.pdf
2016-09-09 14:04 - 2016-09-09 14:04 - 00198842 _____ C:\Users\Dell Inspiron\Downloads\EligibilityNotice (1).pdf
2016-09-09 14:04 - 2016-09-09 14:04 - 00153350 _____ C:\Users\Dell Inspiron\Downloads\ESDCustomNotice (1).pdf
2016-09-09 13:49 - 2016-09-09 13:49 - 00154499 _____ C:\Users\Dell Inspiron\Documents\Mozal Lease Extension001.pdf
2016-09-04 18:35 - 2016-09-04 18:35 - 00435532 _____ C:\Users\Dell Inspiron\Downloads\facebook-album-172637249523938 (4).zip
2016-09-04 18:35 - 2016-09-04 18:35 - 00435532 _____ C:\Users\Dell Inspiron\Downloads\facebook-album-172637249523938 (3).zip
2016-09-04 11:27 - 2016-09-04 11:27 - 00435532 _____ C:\Users\Dell Inspiron\Downloads\facebook-album-172637249523938 (2).zip
2016-09-04 11:27 - 2016-09-04 11:27 - 00435532 _____ C:\Users\Dell Inspiron\Downloads\facebook-album-172637249523938 (1).zip
2016-09-04 10:50 - 2016-09-04 10:50 - 00435532 _____ C:\Users\Dell Inspiron\Downloads\facebook-album-172637249523938.zip
2016-08-29 05:26 - 2016-08-29 05:26 - 01142643 _____ C:\Users\Dell Inspiron\Downloads\2 (3).mpg
2016-08-29 05:26 - 2016-08-29 05:26 - 01138048 _____ C:\Users\Dell Inspiron\Downloads\1 (1).mpg
2016-08-24 19:03 - 2016-09-19 07:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 18:10 - 2016-08-23 18:10 - 00005892 _____ C:\Users\Dell Inspiron\Desktop\CONNLOG.TXT
2016-08-23 18:09 - 2016-08-23 18:09 - 02635339 _____ C:\Users\Dell Inspiron\Desktop\OFXLOG.txt
2016-08-23 17:10 - 2016-09-16 17:27 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-23 17:03 - 2016-08-23 17:03 - 00009663 _____ C:\Users\Dell Inspiron\Downloads\Your_Social_Security_Statement_Data (1).xml
2016-08-23 17:01 - 2016-08-23 17:02 - 00009663 _____ C:\Users\Dell Inspiron\Downloads\Your_Social_Security_Statement_Data.xml
2016-08-22 13:44 - 2016-08-22 13:44 - 01353240 _____ C:\Users\Dell Inspiron\Downloads\3.mpg
2016-08-22 13:43 - 2016-08-22 13:43 - 01377461 _____ C:\Users\Dell Inspiron\Downloads\2 (2).mpg
2016-08-22 13:43 - 2016-08-22 13:43 - 01138125 _____ C:\Users\Dell Inspiron\Downloads\1.mpg
2016-08-22 13:42 - 2016-08-22 13:43 - 01421312 _____ C:\Users\Dell Inspiron\Downloads\2 (1).mpg
2016-08-22 13:42 - 2016-08-22 13:42 - 01421312 _____ C:\Users\Dell Inspiron\Downloads\2.mpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 16:33 - 2016-05-21 00:25 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-19 16:33 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-19 16:33 - 2014-12-30 02:32 - 00031249 _____ C:\Users\Dell Inspiron\Downloads\FRST.txt
2016-09-19 16:32 - 2014-12-30 02:32 - 00000000 ____D C:\FRST
2016-09-19 16:29 - 2016-08-12 22:34 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-09-19 16:29 - 2016-05-21 01:03 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Local\Deployment
2016-09-19 16:29 - 2014-08-22 12:00 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Roaming\Skype
2016-09-19 16:28 - 2016-05-21 00:56 - 00000000 __SHD C:\Users\Dell Inspiron\IntelGraphicsProfiles
2016-09-19 16:27 - 2016-02-13 09:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-19 16:26 - 2016-05-20 23:59 - 00000000 ____D C:\Users\Dell Inspiron
2016-09-19 16:26 - 2015-10-30 02:28 - 03932160 ___SH C:\WINDOWS\system32\config\BBI
2016-09-19 16:24 - 2014-12-27 00:47 - 00000000 ____D C:\ProgramData\Internet Helper Anti-phishing
2016-09-19 15:15 - 2014-12-27 00:47 - 00000000 ____D C:\ProgramData\internethelper_antiphishing
2016-09-19 07:46 - 2016-08-12 22:34 - 00002151 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2016-09-19 07:46 - 2016-05-30 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-19 07:14 - 2013-11-19 00:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-19 07:09 - 2013-06-17 18:40 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-19 00:25 - 2013-06-17 18:40 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 17:27 - 2013-06-17 18:41 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-15 16:42 - 2014-01-19 04:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-08 15:46 - 2015-10-30 16:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-07 19:06 - 2014-08-25 16:16 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Local\Adobe
2016-08-23 15:58 - 2016-05-20 23:59 - 00000000 ____D C:\Users\the6o_000
2016-08-23 15:58 - 2016-05-20 23:59 - 00000000 ____D C:\Users\gamin_000

==================== Files in the root of some directories =======

2013-07-30 01:33 - 2013-11-20 00:38 - 0003708 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-11 21:37 - 2013-11-20 23:44 - 0264488 _____ () C:\Users\Dell Inspiron\AppData\Roaming\h
2013-12-19 01:20 - 2015-01-07 22:46 - 0000055 _____ () C:\Users\Dell Inspiron\AppData\Roaming\WB.CFG
2013-07-02 22:29 - 2013-07-02 22:29 - 0000005 _____ () C:\Users\Dell Inspiron\AppData\Roaming\WBPU-TTL.DAT
2014-07-24 12:54 - 2014-07-24 12:54 - 0004096 ____H () C:\Users\Dell Inspiron\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
C:\Users\Dell Inspiron\AppData\Local\Temp\avgnt.exe
C:\Users\Dell Inspiron\AppData\Local\Temp\libeay32.dll
C:\Users\Dell Inspiron\AppData\Local\Temp\msvcr120.dll
C:\Users\Dell Inspiron\AppData\Local\Temp\sqlite3.dll
C:\Users\gamin_000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-29 12:18

==================== End of FRST.txt ============================

Attach file attached. Please advise next steps. Thanks.
Attached Files
File Type: txt Addition.txt (73.9 KB, 40 views)
JoshandDad is offline  
Sponsored Links
Advertisement
 
Old 09-19-2016, 08:48 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Jeff. System Restore should create about one a day on average.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-4145260611-1649676698-564753963-1001_Classes\CLSID\{10EE7BCD-5A88-4922-82AD-957FEAE222BA}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.1950\IEToolbar64.dll => No File
    Task: {018A3E97-4AC7-4D98-AFE2-475DE2DEFCE0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    "{01C7C80F-DA6A-4698-BA70-4DA27991C5A9}" task was unlocked. <===== ATTENTION
    "{08629A58-75ED-46AA-8646-8C7015698215}" task was unlocked. <===== ATTENTION
    "{0A493256-4ADB-4CF2-8AB5-8CCBEFDFC5FE}" task was unlocked. <===== ATTENTION
    "{0C20E8DB-DCF0-4C48-B9B9-482E02BD9F1F}" task was unlocked. <===== ATTENTION
    "{0CFE2E40-6A97-48C5-9F38-DE82315CF1B0}" task was unlocked. <===== ATTENTION
    Task: {0EA4B23B-C95E-4878-A303-A7F321FA8264} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0FF70B38-1981-4ACE-88D6-5941E330784E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    "{11406457-2C26-401D-B271-B7393CAD7F85}" task was unlocked. <===== ATTENTION
    "{181EF958-CF2C-45C1-BFE2-0048458E3EFC}" task was unlocked. <===== ATTENTION
    "{1A289232-BCB9-4599-A894-898D820255F8}" task was unlocked. <===== ATTENTION
    "{1A438DBA-6F47-44D6-8207-124A92E1597E}" task was unlocked. <===== ATTENTION
    "{1A8A1750-6B60-430B-A914-E01C395D222E}" task was unlocked. <===== ATTENTION
    "{1D453F5E-124F-4C7E-B652-958F1A40ED1E}" task was unlocked. <===== ATTENTION
    "{1F0B1B6D-6FB8-495E-8D1D-0B6BA27883EB}" task was unlocked. <===== ATTENTION
    "{216D44FB-2DD3-4478-8395-49C0E0D2D767}" task was unlocked. <===== ATTENTION
    Task: {218B170F-1792-442B-9A06-835A769CAAA3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    "{22DF95EE-A3BC-4A00-8468-0FF46BF970FC}" task was unlocked. <===== ATTENTION
    "{2300B6D1-D409-499E-92DF-030662B73A6B}" task was unlocked. <===== ATTENTION
    Task: {2546DF8E-65ED-4468-BA26-211D857401E1} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    "{27A7ABEB-AF7C-40F4-BAD4-95630EB0C1FA}" task was unlocked. <===== ATTENTION
    Task: {2A781900-B164-4AE3-B738-DE55F29DE3BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    "{2B307AD0-33EA-4DB6-81B3-05FEADBE1140}" task was unlocked. <===== ATTENTION
    "{2C389306-244A-4110-97CB-594D5A467287}" task was unlocked. <===== ATTENTION
    "{2CCA2563-023C-4159-8011-59C6C9E1973A}" task was unlocked. <===== ATTENTION
    "{317107BF-13F6-48B4-AA5A-BA0B03A02F4B}" task was unlocked. <===== ATTENTION
    "{33046BDC-2974-457F-A198-055760713D46}" task was unlocked. <===== ATTENTION
    "{330DDC8E-A32D-4363-9C85-527F2673DDF7}" task was unlocked. <===== ATTENTION
    "{3627755F-6629-4D94-850A-FBE43D28BEB8}" task was unlocked. <===== ATTENTION
    "{37307B43-41DC-4BBE-BF3B-9B1631BEE311}" task was unlocked. <===== ATTENTION
    "{3788B008-08AE-42A1-AECB-404EE0EFEAA5}" task was unlocked. <===== ATTENTION
    Task: {397E652A-10DE-4555-9575-5F93524DD617} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    "{4208A7BF-D622-476E-A1A3-F9EB2719ECD4}" task was unlocked. <===== ATTENTION
    "{43744BF4-03F7-4B73-87FC-2BA232F6D655}" task was unlocked. <===== ATTENTION
    "{44AF46C9-4AA6-4851-959E-023D755ED880}" task was unlocked. <===== ATTENTION
    "{44EA678F-7E08-4531-92E2-587CA13B5D2C}" task was unlocked. <===== ATTENTION
    "{45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF}" task was unlocked. <===== ATTENTION
    "{48A98229-5C8E-4DDD-8139-CF35F7262A95}" task was unlocked. <===== ATTENTION
    "{48E4EF46-2962-499E-B496-FD87DEFA9D4D}" task was unlocked. <===== ATTENTION
    "{4A944005-EAD7-4E3D-A0CB-E36A03948234}" task was unlocked. <===== ATTENTION
    "{4ADD02F8-8A80-4037-93AF-01F0D391A8D4}" task was unlocked. <===== ATTENTION
    "{4BC5D02D-368A-405A-B471-F9CAB6666731}" task was unlocked. <===== ATTENTION
    "{4C5A8A03-2384-464F-AEAA-F58928D854D8}" task was unlocked. <===== ATTENTION
    "{4E3CB8C2-8A0C-4570-A32E-7319C6E8E432}" task was unlocked. <===== ATTENTION
    "{4E4954A6-C22F-4537-87FE-9A696B7BF9C4}" task was unlocked. <===== ATTENTION
    "{511CB694-F6BB-49BA-AC20-E2916B05BD90}" task was unlocked. <===== ATTENTION
    "{52362630-34B3-46AA-8508-9857D8B13B4F}" task was unlocked. <===== ATTENTION
    "{5587F1DC-15D0-4331-A673-6EF75E5CD9C0}" task was unlocked. <===== ATTENTION
    "{57ED60D2-6B0B-4069-90B4-50B067491212}" task was unlocked. <===== ATTENTION
    "{59CBDFB9-8D90-4443-9AF8-5C3B45220F5E}" task was unlocked. <===== ATTENTION
    "{59CE74C9-886F-4121-8052-508A4B829DC6}" task was unlocked. <===== ATTENTION
    "{5B4C02FF-5C7C-42FB-877E-4F57C6198A71}" task was unlocked. <===== ATTENTION
    Task: {5F5C393D-C609-48B7-B4AA-CF93BC54623F} - \NSManager_1432719407 -> No File <==== ATTENTION
    "{61E97BCB-528E-4B3C-A43A-CDFC978E48E7}" task was unlocked. <===== ATTENTION
    "{62C6204C-B449-4C2C-B915-D8E513C8D2DC}" task was unlocked. <===== ATTENTION
    "{64EFDCE4-067E-45AD-80B7-9ACADBA7145A}" task was unlocked. <===== ATTENTION
    "{669B944E-926D-4382-AB83-710022AE3EA2}" task was unlocked. <===== ATTENTION
    "{66FE0026-8E27-493D-BED2-EF4ACF50814C}" task was unlocked. <===== ATTENTION
    "{679EB820-C80C-4B8C-81EB-D3B5A83C3BF3}" task was unlocked. <===== ATTENTION
    "{697E18DD-943C-470A-B9E3-6E5DDCB42D05}" task was unlocked. <===== ATTENTION
    Task: {6AF98DB4-ED79-4990-890F-AA2D351AF336} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    "{6B0D6754-588A-4B5C-95F7-7F39A9780F7E}" task was unlocked. <===== ATTENTION
    "{6B696BCF-C866-41CA-B4E4-3D19FB1E9250}" task was unlocked. <===== ATTENTION
    "{6CBA2464-1DAD-4F1D-919F-4E6DFC499277}" task was unlocked. <===== ATTENTION
    "{6D88DE84-0813-4C51-99FC-12A9A98DD1D9}" task was unlocked. <===== ATTENTION
    "{70CF17D8-ACB3-4DBF-B283-6A71C9BF3D0E}" task was unlocked. <===== ATTENTION
    Task: {7158DDEE-BA53-421F-89A2-29BD40365E07} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    "{71E53243-3A2D-47EE-9DAB-6D71B2366657}" task was unlocked. <===== ATTENTION
    "{73F84A2E-E267-44CD-AE43-26F5FADC07BC}" task was unlocked. <===== ATTENTION
    "{7464E64D-F916-44C4-8B4D-8285C95325A1}" task was unlocked. <===== ATTENTION
    "{7506EE3F-10D4-4FCF-9DDD-77B8FF1182D4}" task was unlocked. <===== ATTENTION
    "{75336275-E3E0-4BC0-B373-3CFB8C1E4130}" task was unlocked. <===== ATTENTION
    "{75EEC801-5298-41FE-BD51-F07E4178CA3E}" task was unlocked. <===== ATTENTION
    Task: {79528026-9B7F-4C01-8280-D8BF249F6F52} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    "{7A6FA6EC-ED66-42B8-B9D7-06523FB6E039}" task was unlocked. <===== ATTENTION
    "{7AE1BCAC-061D-4672-BACB-88BC74CE1D7A}" task was unlocked. <===== ATTENTION
    "{7BC12C89-A012-46EA-B9EB-052EB5CD4326}" task was unlocked. <===== ATTENTION
    "{7BD8F44E-530D-41CF-B1D0-B9BB0B0C1C73}" task was unlocked. <===== ATTENTION
    "{7F64EAF9-FFE6-49DB-90DD-80D2B8774614}" task was unlocked. <===== ATTENTION
    "{7FAF6FA5-8557-4C4D-9206-7460555EAB06}" task was unlocked. <===== ATTENTION
    "{830038A6-9046-42E5-B03C-1455E6BDFBAF}" task was unlocked. <===== ATTENTION
    "{84E4A8CF-CE13-47C4-ABC1-BC5DD42C6C83}" task was unlocked. <===== ATTENTION
    "{860F596C-A1D8-4651-B747-D134041D80AD}" task was unlocked. <===== ATTENTION
    "{8865CC07-3C24-475C-896D-8ABA96F2471A}" task was unlocked. <===== ATTENTION
    "{90D79106-3D12-40AF-A9BA-231F2327770C}" task was unlocked. <===== ATTENTION
    "{94582C27-CA52-4593-9A48-A317C4D361E3}" task was unlocked. <===== ATTENTION
    "{955E8D5B-0718-411A-9D8F-83454788272B}" task was unlocked. <===== ATTENTION
    "{97601E9E-9C9C-415D-B81D-9F86ACA7CDC5}" task was unlocked. <===== ATTENTION
    "{9A58602B-2D48-4E55-BA94-672A29521C76}" task was unlocked. <===== ATTENTION
    "{9B3A6CD7-4CDE-4432-BE99-B316D2296C86}" task was unlocked. <===== ATTENTION
    "{9FFB29C5-38ED-47CB-B89B-EA84708EBA65}" task was unlocked. <===== ATTENTION
    "{A483A62A-BEE2-43EF-B43D-C4B6555D6F1E}" task was unlocked. <===== ATTENTION
    Task: {A4BCC110-7996-4DE9-AFA2-D2A308762B1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    "{A4D1B478-9D9D-489F-98BF-846F21D1EA6C}" task was unlocked. <===== ATTENTION
    "{A6D9FF76-0705-4B3D-9D8E-0BB183A7D3E9}" task was unlocked. <===== ATTENTION
    "{AA16BF37-4FF5-40A7-9EA1-AB56C8AF1CCE}" task was unlocked. <===== ATTENTION
    "{AE229047-6634-45F4-A0F4-6A9522659F2D}" task was unlocked. <===== ATTENTION
    "{AF8621E4-DD0A-4E22-AEBD-D252114A7D89}" task was unlocked. <===== ATTENTION
    "{AFD4A8A3-508B-4785-8271-CDEBAEED3F46}" task was unlocked. <===== ATTENTION
    "{B3DD4C81-C4AC-4263-806F-E5B540C1B26A}" task was unlocked. <===== ATTENTION
    "{B4A5B97B-E0F1-4984-ADA4-432088751E1B}" task was unlocked. <===== ATTENTION
    "{BA3388B9-C9D3-47A9-A9B5-E79B50DD0270}" task was unlocked. <===== ATTENTION
    "{BB94B31D-4FE5-42FB-A144-A393F6C54A6F}" task was unlocked. <===== ATTENTION
    "{BD62F7BB-7242-4904-A8A8-4E358ED75D6B}" task was unlocked. <===== ATTENTION
    "{BF589992-F6BB-4FFC-8766-FB138C7DE18D}" task was unlocked. <===== ATTENTION
    "{C0A4DF9B-B00D-4626-8994-BF17C88860B0}" task was unlocked. <===== ATTENTION
    "{C1E1F555-5EEC-4D6B-98FB-9934616F00E9}" task was unlocked. <===== ATTENTION
    "{C349BB67-3672-4975-AE02-517BAD9318EE}" task was unlocked. <===== ATTENTION
    "{C4E89737-E6D8-4D86-B15E-50A93654BBC1}" task was unlocked. <===== ATTENTION
    "{C7752DC6-148D-4AB0-93E1-D84AEB7AA014}" task was unlocked. <===== ATTENTION
    "{C881A742-1A15-4EAC-96B9-9C6EA38AC7FA}" task was unlocked. <===== ATTENTION
    "{C8DB9D2B-AB0A-4D3F-8409-427C806748D6}" task was unlocked. <===== ATTENTION
    "{CA1E905A-B064-48AF-9F06-68C7E71498B9}" task was unlocked. <===== ATTENTION
    "{CA4BE44E-107E-4B2D-91AF-FC3B077B02FC}" task was unlocked. <===== ATTENTION
    "{CC8236FF-A055-4083-A37E-D0F85E135DE3}" task was unlocked. <===== ATTENTION
    "{CFC77F13-E27C-4C44-8D9B-CB2163D27C89}" task was unlocked. <===== ATTENTION
    "{D7F0F250-0978-4FFA-BA28-A14C0AB462FF}" task was unlocked. <===== ATTENTION
    "{DAAFAEC3-BC03-44D7-A77D-05760FE578AD}" task was unlocked. <===== ATTENTION
    "{DB458018-DEBA-4577-AB8B-EA1506110FB8}" task was unlocked. <===== ATTENTION
    "{DE9EF05D-D131-41FC-87C9-ABF449872934}" task was unlocked. <===== ATTENTION
    "{E03596C8-B2A4-4553-B379-B678F0EBCA95}" task was unlocked. <===== ATTENTION
    "{E15B0834-C96C-40E1-8995-12FE38D52648}" task was unlocked. <===== ATTENTION
    "{E506F4C9-20BB-40AE-AD65-2304E5EF9B80}" task was unlocked. <===== ATTENTION
    "{E5217668-D921-4907-8CE1-276EABA44515}" task was unlocked. <===== ATTENTION
    "{E7D61507-58B7-44DC-8D1E-932F96FC2D62}" task was unlocked. <===== ATTENTION
    Task: {E94EAF05-8D32-4AD1-9DD6-06E33A02E73E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    "{EA5D5FA7-79F4-4BC8-8C91-CA1A24F86527}" task was unlocked. <===== ATTENTION
    "{EC59CC4E-A8CB-476D-8421-92558446E9A3}" task was unlocked. <===== ATTENTION
    Task: {ECE7B165-CF64-4DFC-986C-5DB68DC31BFB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    "{EF3EC7C4-1CB5-43F1-A074-D1D74BB07D7A}" task was unlocked. <===== ATTENTION
    "{EFB2C913-BFA0-4FB9-8130-48BEE6BD1B12}" task was unlocked. <===== ATTENTION
    "{F120A436-C215-4927-87AA-934387AF5782}" task was unlocked. <===== ATTENTION
    "{F2341244-5F02-41C5-BA40-4FBADCD67206}" task was unlocked. <===== ATTENTION
    "{F35162BA-CDE7-4746-A368-D590640A3FA9}" task was unlocked. <===== ATTENTION
    "{F4BF89A9-8488-4988-B163-F7F0341D521B}" task was unlocked. <===== ATTENTION
    "{F6734075-627C-47CE-918F-B51866D629BB}" task was unlocked. <===== ATTENTION
    Task: {F6F08EB7-324D-4750-AAA3-EB969B1F0BF0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    "{F775C69D-FE09-4105-8F98-5DC6D956FA4E}" task was unlocked. <===== ATTENTION
    "{F98BB314-575B-453F-A9F9-A13B9D088426}" task was unlocked. <===== ATTENTION
    "{F98C81FF-D786-4067-AAFB-D67F2BA8542A}" task was unlocked. <===== ATTENTION
    "{FA625267-66E0-464A-AE95-8754007E78AD}" task was unlocked. <===== ATTENTION
    "{FB1868EE-5CA8-4DE9-A8B1-6171EB0EDB5A}" task was unlocked. <===== ATTENTION
    "{FC52F032-45F0-4B04-99DA-5A5F43CB0392}" task was unlocked. <===== ATTENTION
    "{FC5681F1-C930-414C-8049-16F7B32D0FEF}" task was unlocked. <===== ATTENTION
    "{FEF85651-4DD3-461C-AB7B-44FC3276E219}" task was unlocked. <===== ATTENTION
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ihiuetqv.sys:changelist [26674]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\qamsebbu.sys:changelist [1858]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Music Search App (Dist. by Bandoo Media, Inc.) -> {88d8ecb7-204f-4efd-8134-f6341f76c672} -> C:\Program Files (x86)\imeshjzipmusictoolbar\IE\searchresultsDx64.dll => No File
    Toolbar: HKLM - Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - C:\Program Files (x86)\imeshjzipmusictoolbar\IE\searchresultsDx64.dll No File
    Toolbar: HKLM - Yahoo Toolbar - {10EE7BCD-5A88-4922-82AD-957FEAE222BA} - C:\Program Files (x86)\TNT2\2.0.0.1950\IEToolbar64.dll No File
    Toolbar: HKLM-x32 - Yahoo Toolbar - {10EE7BCD-5A88-4922-82AD-957FEAE222BA} - C:\Program Files (x86)\TNT2\2.0.0.1950\ietoolbar.dll No File
    FF Extension: (No Name) - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\extensions\[email protected] [not found]
    FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - C:\Users\gamin_000\AppData\Roaming\Mozilla\Firefox\Profiles\5nnjt4we.default\extensions\{[email protected]} => not found
    FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - C:\Users\gamin_000\AppData\Roaming\Mozilla\Firefox\Profiles\5nnjt4we.default\extensions\{[email protected]} => not found
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2016, 05:31 AM   #5
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by Dell Inspiron (20-09-2016 08:12:36) Run:1
Running from C:\Users\Dell Inspiron\Desktop
Loaded Profiles: Dell Inspiron (Available Profiles: Dell Inspiron & gamin_000 & the6o_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-4145260611-1649676698-564753963-1001_Classes\CLSID\{10EE7BCD-5A88-4922-82AD-957FEAE222BA}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.1950\IEToolbar64.dll => No File
Task: {018A3E97-4AC7-4D98-AFE2-475DE2DEFCE0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
"{01C7C80F-DA6A-4698-BA70-4DA27991C5A9}" task was unlocked. <===== ATTENTION
"{08629A58-75ED-46AA-8646-8C7015698215}" task was unlocked. <===== ATTENTION
"{0A493256-4ADB-4CF2-8AB5-8CCBEFDFC5FE}" task was unlocked. <===== ATTENTION
"{0C20E8DB-DCF0-4C48-B9B9-482E02BD9F1F}" task was unlocked. <===== ATTENTION
"{0CFE2E40-6A97-48C5-9F38-DE82315CF1B0}" task was unlocked. <===== ATTENTION
Task: {0EA4B23B-C95E-4878-A303-A7F321FA8264} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0FF70B38-1981-4ACE-88D6-5941E330784E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
"{11406457-2C26-401D-B271-B7393CAD7F85}" task was unlocked. <===== ATTENTION
"{181EF958-CF2C-45C1-BFE2-0048458E3EFC}" task was unlocked. <===== ATTENTION
"{1A289232-BCB9-4599-A894-898D820255F8}" task was unlocked. <===== ATTENTION
"{1A438DBA-6F47-44D6-8207-124A92E1597E}" task was unlocked. <===== ATTENTION
"{1A8A1750-6B60-430B-A914-E01C395D222E}" task was unlocked. <===== ATTENTION
"{1D453F5E-124F-4C7E-B652-958F1A40ED1E}" task was unlocked. <===== ATTENTION
"{1F0B1B6D-6FB8-495E-8D1D-0B6BA27883EB}" task was unlocked. <===== ATTENTION
"{216D44FB-2DD3-4478-8395-49C0E0D2D767}" task was unlocked. <===== ATTENTION
Task: {218B170F-1792-442B-9A06-835A769CAAA3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
"{22DF95EE-A3BC-4A00-8468-0FF46BF970FC}" task was unlocked. <===== ATTENTION
"{2300B6D1-D409-499E-92DF-030662B73A6B}" task was unlocked. <===== ATTENTION
Task: {2546DF8E-65ED-4468-BA26-211D857401E1} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
"{27A7ABEB-AF7C-40F4-BAD4-95630EB0C1FA}" task was unlocked. <===== ATTENTION
Task: {2A781900-B164-4AE3-B738-DE55F29DE3BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
"{2B307AD0-33EA-4DB6-81B3-05FEADBE1140}" task was unlocked. <===== ATTENTION
"{2C389306-244A-4110-97CB-594D5A467287}" task was unlocked. <===== ATTENTION
"{2CCA2563-023C-4159-8011-59C6C9E1973A}" task was unlocked. <===== ATTENTION
"{317107BF-13F6-48B4-AA5A-BA0B03A02F4B}" task was unlocked. <===== ATTENTION
"{33046BDC-2974-457F-A198-055760713D46}" task was unlocked. <===== ATTENTION
"{330DDC8E-A32D-4363-9C85-527F2673DDF7}" task was unlocked. <===== ATTENTION
"{3627755F-6629-4D94-850A-FBE43D28BEB8}" task was unlocked. <===== ATTENTION
"{37307B43-41DC-4BBE-BF3B-9B1631BEE311}" task was unlocked. <===== ATTENTION
"{3788B008-08AE-42A1-AECB-404EE0EFEAA5}" task was unlocked. <===== ATTENTION
Task: {397E652A-10DE-4555-9575-5F93524DD617} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
"{4208A7BF-D622-476E-A1A3-F9EB2719ECD4}" task was unlocked. <===== ATTENTION
"{43744BF4-03F7-4B73-87FC-2BA232F6D655}" task was unlocked. <===== ATTENTION
"{44AF46C9-4AA6-4851-959E-023D755ED880}" task was unlocked. <===== ATTENTION
"{44EA678F-7E08-4531-92E2-587CA13B5D2C}" task was unlocked. <===== ATTENTION
"{45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF}" task was unlocked. <===== ATTENTION
"{48A98229-5C8E-4DDD-8139-CF35F7262A95}" task was unlocked. <===== ATTENTION
"{48E4EF46-2962-499E-B496-FD87DEFA9D4D}" task was unlocked. <===== ATTENTION
"{4A944005-EAD7-4E3D-A0CB-E36A03948234}" task was unlocked. <===== ATTENTION
"{4ADD02F8-8A80-4037-93AF-01F0D391A8D4}" task was unlocked. <===== ATTENTION
"{4BC5D02D-368A-405A-B471-F9CAB6666731}" task was unlocked. <===== ATTENTION
"{4C5A8A03-2384-464F-AEAA-F58928D854D8}" task was unlocked. <===== ATTENTION
"{4E3CB8C2-8A0C-4570-A32E-7319C6E8E432}" task was unlocked. <===== ATTENTION
"{4E4954A6-C22F-4537-87FE-9A696B7BF9C4}" task was unlocked. <===== ATTENTION
"{511CB694-F6BB-49BA-AC20-E2916B05BD90}" task was unlocked. <===== ATTENTION
"{52362630-34B3-46AA-8508-9857D8B13B4F}" task was unlocked. <===== ATTENTION
"{5587F1DC-15D0-4331-A673-6EF75E5CD9C0}" task was unlocked. <===== ATTENTION
"{57ED60D2-6B0B-4069-90B4-50B067491212}" task was unlocked. <===== ATTENTION
"{59CBDFB9-8D90-4443-9AF8-5C3B45220F5E}" task was unlocked. <===== ATTENTION
"{59CE74C9-886F-4121-8052-508A4B829DC6}" task was unlocked. <===== ATTENTION
"{5B4C02FF-5C7C-42FB-877E-4F57C6198A71}" task was unlocked. <===== ATTENTION
Task: {5F5C393D-C609-48B7-B4AA-CF93BC54623F} - \NSManager_1432719407 -> No File <==== ATTENTION
"{61E97BCB-528E-4B3C-A43A-CDFC978E48E7}" task was unlocked. <===== ATTENTION
"{62C6204C-B449-4C2C-B915-D8E513C8D2DC}" task was unlocked. <===== ATTENTION
"{64EFDCE4-067E-45AD-80B7-9ACADBA7145A}" task was unlocked. <===== ATTENTION
"{669B944E-926D-4382-AB83-710022AE3EA2}" task was unlocked. <===== ATTENTION
"{66FE0026-8E27-493D-BED2-EF4ACF50814C}" task was unlocked. <===== ATTENTION
"{679EB820-C80C-4B8C-81EB-D3B5A83C3BF3}" task was unlocked. <===== ATTENTION
"{697E18DD-943C-470A-B9E3-6E5DDCB42D05}" task was unlocked. <===== ATTENTION
Task: {6AF98DB4-ED79-4990-890F-AA2D351AF336} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
"{6B0D6754-588A-4B5C-95F7-7F39A9780F7E}" task was unlocked. <===== ATTENTION
"{6B696BCF-C866-41CA-B4E4-3D19FB1E9250}" task was unlocked. <===== ATTENTION
"{6CBA2464-1DAD-4F1D-919F-4E6DFC499277}" task was unlocked. <===== ATTENTION
"{6D88DE84-0813-4C51-99FC-12A9A98DD1D9}" task was unlocked. <===== ATTENTION
"{70CF17D8-ACB3-4DBF-B283-6A71C9BF3D0E}" task was unlocked. <===== ATTENTION
Task: {7158DDEE-BA53-421F-89A2-29BD40365E07} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
"{71E53243-3A2D-47EE-9DAB-6D71B2366657}" task was unlocked. <===== ATTENTION
"{73F84A2E-E267-44CD-AE43-26F5FADC07BC}" task was unlocked. <===== ATTENTION
"{7464E64D-F916-44C4-8B4D-8285C95325A1}" task was unlocked. <===== ATTENTION
"{7506EE3F-10D4-4FCF-9DDD-77B8FF1182D4}" task was unlocked. <===== ATTENTION
"{75336275-E3E0-4BC0-B373-3CFB8C1E4130}" task was unlocked. <===== ATTENTION
"{75EEC801-5298-41FE-BD51-F07E4178CA3E}" task was unlocked. <===== ATTENTION
Task: {79528026-9B7F-4C01-8280-D8BF249F6F52} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
"{7A6FA6EC-ED66-42B8-B9D7-06523FB6E039}" task was unlocked. <===== ATTENTION
"{7AE1BCAC-061D-4672-BACB-88BC74CE1D7A}" task was unlocked. <===== ATTENTION
"{7BC12C89-A012-46EA-B9EB-052EB5CD4326}" task was unlocked. <===== ATTENTION
"{7BD8F44E-530D-41CF-B1D0-B9BB0B0C1C73}" task was unlocked. <===== ATTENTION
"{7F64EAF9-FFE6-49DB-90DD-80D2B8774614}" task was unlocked. <===== ATTENTION
"{7FAF6FA5-8557-4C4D-9206-7460555EAB06}" task was unlocked. <===== ATTENTION
"{830038A6-9046-42E5-B03C-1455E6BDFBAF}" task was unlocked. <===== ATTENTION
"{84E4A8CF-CE13-47C4-ABC1-BC5DD42C6C83}" task was unlocked. <===== ATTENTION
"{860F596C-A1D8-4651-B747-D134041D80AD}" task was unlocked. <===== ATTENTION
"{8865CC07-3C24-475C-896D-8ABA96F2471A}" task was unlocked. <===== ATTENTION
"{90D79106-3D12-40AF-A9BA-231F2327770C}" task was unlocked. <===== ATTENTION
"{94582C27-CA52-4593-9A48-A317C4D361E3}" task was unlocked. <===== ATTENTION
"{955E8D5B-0718-411A-9D8F-83454788272B}" task was unlocked. <===== ATTENTION
"{97601E9E-9C9C-415D-B81D-9F86ACA7CDC5}" task was unlocked. <===== ATTENTION
"{9A58602B-2D48-4E55-BA94-672A29521C76}" task was unlocked. <===== ATTENTION
"{9B3A6CD7-4CDE-4432-BE99-B316D2296C86}" task was unlocked. <===== ATTENTION
"{9FFB29C5-38ED-47CB-B89B-EA84708EBA65}" task was unlocked. <===== ATTENTION
"{A483A62A-BEE2-43EF-B43D-C4B6555D6F1E}" task was unlocked. <===== ATTENTION
Task: {A4BCC110-7996-4DE9-AFA2-D2A308762B1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
"{A4D1B478-9D9D-489F-98BF-846F21D1EA6C}" task was unlocked. <===== ATTENTION
"{A6D9FF76-0705-4B3D-9D8E-0BB183A7D3E9}" task was unlocked. <===== ATTENTION
"{AA16BF37-4FF5-40A7-9EA1-AB56C8AF1CCE}" task was unlocked. <===== ATTENTION
"{AE229047-6634-45F4-A0F4-6A9522659F2D}" task was unlocked. <===== ATTENTION
"{AF8621E4-DD0A-4E22-AEBD-D252114A7D89}" task was unlocked. <===== ATTENTION
"{AFD4A8A3-508B-4785-8271-CDEBAEED3F46}" task was unlocked. <===== ATTENTION
"{B3DD4C81-C4AC-4263-806F-E5B540C1B26A}" task was unlocked. <===== ATTENTION
"{B4A5B97B-E0F1-4984-ADA4-432088751E1B}" task was unlocked. <===== ATTENTION
"{BA3388B9-C9D3-47A9-A9B5-E79B50DD0270}" task was unlocked. <===== ATTENTION
"{BB94B31D-4FE5-42FB-A144-A393F6C54A6F}" task was unlocked. <===== ATTENTION
"{BD62F7BB-7242-4904-A8A8-4E358ED75D6B}" task was unlocked. <===== ATTENTION
"{BF589992-F6BB-4FFC-8766-FB138C7DE18D}" task was unlocked. <===== ATTENTION
"{C0A4DF9B-B00D-4626-8994-BF17C88860B0}" task was unlocked. <===== ATTENTION
"{C1E1F555-5EEC-4D6B-98FB-9934616F00E9}" task was unlocked. <===== ATTENTION
"{C349BB67-3672-4975-AE02-517BAD9318EE}" task was unlocked. <===== ATTENTION
"{C4E89737-E6D8-4D86-B15E-50A93654BBC1}" task was unlocked. <===== ATTENTION
"{C7752DC6-148D-4AB0-93E1-D84AEB7AA014}" task was unlocked. <===== ATTENTION
"{C881A742-1A15-4EAC-96B9-9C6EA38AC7FA}" task was unlocked. <===== ATTENTION
"{C8DB9D2B-AB0A-4D3F-8409-427C806748D6}" task was unlocked. <===== ATTENTION
"{CA1E905A-B064-48AF-9F06-68C7E71498B9}" task was unlocked. <===== ATTENTION
"{CA4BE44E-107E-4B2D-91AF-FC3B077B02FC}" task was unlocked. <===== ATTENTION
"{CC8236FF-A055-4083-A37E-D0F85E135DE3}" task was unlocked. <===== ATTENTION
"{CFC77F13-E27C-4C44-8D9B-CB2163D27C89}" task was unlocked. <===== ATTENTION
"{D7F0F250-0978-4FFA-BA28-A14C0AB462FF}" task was unlocked. <===== ATTENTION
"{DAAFAEC3-BC03-44D7-A77D-05760FE578AD}" task was unlocked. <===== ATTENTION
"{DB458018-DEBA-4577-AB8B-EA1506110FB8}" task was unlocked. <===== ATTENTION
"{DE9EF05D-D131-41FC-87C9-ABF449872934}" task was unlocked. <===== ATTENTION
"{E03596C8-B2A4-4553-B379-B678F0EBCA95}" task was unlocked. <===== ATTENTION
"{E15B0834-C96C-40E1-8995-12FE38D52648}" task was unlocked. <===== ATTENTION
"{E506F4C9-20BB-40AE-AD65-2304E5EF9B80}" task was unlocked. <===== ATTENTION
"{E5217668-D921-4907-8CE1-276EABA44515}" task was unlocked. <===== ATTENTION
"{E7D61507-58B7-44DC-8D1E-932F96FC2D62}" task was unlocked. <===== ATTENTION
Task: {E94EAF05-8D32-4AD1-9DD6-06E33A02E73E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
"{EA5D5FA7-79F4-4BC8-8C91-CA1A24F86527}" task was unlocked. <===== ATTENTION
"{EC59CC4E-A8CB-476D-8421-92558446E9A3}" task was unlocked. <===== ATTENTION
Task: {ECE7B165-CF64-4DFC-986C-5DB68DC31BFB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
"{EF3EC7C4-1CB5-43F1-A074-D1D74BB07D7A}" task was unlocked. <===== ATTENTION
"{EFB2C913-BFA0-4FB9-8130-48BEE6BD1B12}" task was unlocked. <===== ATTENTION
"{F120A436-C215-4927-87AA-934387AF5782}" task was unlocked. <===== ATTENTION
"{F2341244-5F02-41C5-BA40-4FBADCD67206}" task was unlocked. <===== ATTENTION
"{F35162BA-CDE7-4746-A368-D590640A3FA9}" task was unlocked. <===== ATTENTION
"{F4BF89A9-8488-4988-B163-F7F0341D521B}" task was unlocked. <===== ATTENTION
"{F6734075-627C-47CE-918F-B51866D629BB}" task was unlocked. <===== ATTENTION
Task: {F6F08EB7-324D-4750-AAA3-EB969B1F0BF0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
"{F775C69D-FE09-4105-8F98-5DC6D956FA4E}" task was unlocked. <===== ATTENTION
"{F98BB314-575B-453F-A9F9-A13B9D088426}" task was unlocked. <===== ATTENTION
"{F98C81FF-D786-4067-AAFB-D67F2BA8542A}" task was unlocked. <===== ATTENTION
"{FA625267-66E0-464A-AE95-8754007E78AD}" task was unlocked. <===== ATTENTION
"{FB1868EE-5CA8-4DE9-A8B1-6171EB0EDB5A}" task was unlocked. <===== ATTENTION
"{FC52F032-45F0-4B04-99DA-5A5F43CB0392}" task was unlocked. <===== ATTENTION
"{FC5681F1-C930-414C-8049-16F7B32D0FEF}" task was unlocked. <===== ATTENTION
"{FEF85651-4DD3-461C-AB7B-44FC3276E219}" task was unlocked. <===== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ihiuetqv.sys:changelist [26674]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qamsebbu.sys:changelist [1858]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Music Search App (Dist. by Bandoo Media, Inc.) -> {88d8ecb7-204f-4efd-8134-f6341f76c672} -> C:\Program Files (x86)\imeshjzipmusictoolbar\IE\searchresultsDx64.dll => No File
Toolbar: HKLM - Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - C:\Program Files (x86)\imeshjzipmusictoolbar\IE\searchresultsDx64.dll No File
Toolbar: HKLM - Yahoo Toolbar - {10EE7BCD-5A88-4922-82AD-957FEAE222BA} - C:\Program Files (x86)\TNT2\2.0.0.1950\IEToolbar64.dll No File
Toolbar: HKLM-x32 - Yahoo Toolbar - {10EE7BCD-5A88-4922-82AD-957FEAE222BA} - C:\Program Files (x86)\TNT2\2.0.0.1950\ietoolbar.dll No File
FF Extension: (No Name) - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - C:\Users\gamin_000\AppData\Roaming\Mozilla\Firefox\Profiles\5nnjt4we.default\extensions\{[email protected]} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - C:\Users\gamin_000\AppData\Roaming\Mozilla\Firefox\Profiles\5nnjt4we.default\extensions\{[email protected]} => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-4145260611-1649676698-564753963-1001_Classes\CLSID\{10EE7BCD-5A88-4922-82AD-957FEAE222BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{018A3E97-4AC7-4D98-AFE2-475DE2DEFCE0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{018A3E97-4AC7-4D98-AFE2-475DE2DEFCE0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"{01C7C80F-DA6A-4698-BA70-4DA27991C5A9}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{08629A58-75ED-46AA-8646-8C7015698215}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{0A493256-4ADB-4CF2-8AB5-8CCBEFDFC5FE}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{0C20E8DB-DCF0-4C48-B9B9-482E02BD9F1F}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{0CFE2E40-6A97-48C5-9F38-DE82315CF1B0}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EA4B23B-C95E-4878-A303-A7F321FA8264}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EA4B23B-C95E-4878-A303-A7F321FA8264}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FF70B38-1981-4ACE-88D6-5941E330784E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FF70B38-1981-4ACE-88D6-5941E330784E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"{11406457-2C26-401D-B271-B7393CAD7F85}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{181EF958-CF2C-45C1-BFE2-0048458E3EFC}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{1A289232-BCB9-4599-A894-898D820255F8}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{1A438DBA-6F47-44D6-8207-124A92E1597E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{1A8A1750-6B60-430B-A914-E01C395D222E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{1D453F5E-124F-4C7E-B652-958F1A40ED1E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{1F0B1B6D-6FB8-495E-8D1D-0B6BA27883EB}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{216D44FB-2DD3-4478-8395-49C0E0D2D767}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{218B170F-1792-442B-9A06-835A769CAAA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{218B170F-1792-442B-9A06-835A769CAAA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"{22DF95EE-A3BC-4A00-8468-0FF46BF970FC}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{2300B6D1-D409-499E-92DF-030662B73A6B}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2546DF8E-65ED-4468-BA26-211D857401E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2546DF8E-65ED-4468-BA26-211D857401E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"{27A7ABEB-AF7C-40F4-BAD4-95630EB0C1FA}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A781900-B164-4AE3-B738-DE55F29DE3BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A781900-B164-4AE3-B738-DE55F29DE3BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"{2B307AD0-33EA-4DB6-81B3-05FEADBE1140}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{2C389306-244A-4110-97CB-594D5A467287}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{2CCA2563-023C-4159-8011-59C6C9E1973A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{317107BF-13F6-48B4-AA5A-BA0B03A02F4B}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{33046BDC-2974-457F-A198-055760713D46}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{330DDC8E-A32D-4363-9C85-527F2673DDF7}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{3627755F-6629-4D94-850A-FBE43D28BEB8}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{37307B43-41DC-4BBE-BF3B-9B1631BEE311}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{3788B008-08AE-42A1-AECB-404EE0EFEAA5}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{397E652A-10DE-4555-9575-5F93524DD617}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{397E652A-10DE-4555-9575-5F93524DD617}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"{4208A7BF-D622-476E-A1A3-F9EB2719ECD4}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{43744BF4-03F7-4B73-87FC-2BA232F6D655}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{44AF46C9-4AA6-4851-959E-023D755ED880}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{44EA678F-7E08-4531-92E2-587CA13B5D2C}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{48A98229-5C8E-4DDD-8139-CF35F7262A95}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{48E4EF46-2962-499E-B496-FD87DEFA9D4D}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{4A944005-EAD7-4E3D-A0CB-E36A03948234}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{4ADD02F8-8A80-4037-93AF-01F0D391A8D4}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{4BC5D02D-368A-405A-B471-F9CAB6666731}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{4C5A8A03-2384-464F-AEAA-F58928D854D8}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{4E3CB8C2-8A0C-4570-A32E-7319C6E8E432}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{4E4954A6-C22F-4537-87FE-9A696B7BF9C4}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{511CB694-F6BB-49BA-AC20-E2916B05BD90}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{52362630-34B3-46AA-8508-9857D8B13B4F}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{5587F1DC-15D0-4331-A673-6EF75E5CD9C0}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{57ED60D2-6B0B-4069-90B4-50B067491212}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{59CBDFB9-8D90-4443-9AF8-5C3B45220F5E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{59CE74C9-886F-4121-8052-508A4B829DC6}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{5B4C02FF-5C7C-42FB-877E-4F57C6198A71}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F5C393D-C609-48B7-B4AA-CF93BC54623F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5C393D-C609-48B7-B4AA-CF93BC54623F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NSManager_1432719407" => key removed successfully
"{61E97BCB-528E-4B3C-A43A-CDFC978E48E7}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{62C6204C-B449-4C2C-B915-D8E513C8D2DC}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{64EFDCE4-067E-45AD-80B7-9ACADBA7145A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{669B944E-926D-4382-AB83-710022AE3EA2}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{66FE0026-8E27-493D-BED2-EF4ACF50814C}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{679EB820-C80C-4B8C-81EB-D3B5A83C3BF3}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{697E18DD-943C-470A-B9E3-6E5DDCB42D05}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6AF98DB4-ED79-4990-890F-AA2D351AF336}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AF98DB4-ED79-4990-890F-AA2D351AF336}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"{6B0D6754-588A-4B5C-95F7-7F39A9780F7E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{6B696BCF-C866-41CA-B4E4-3D19FB1E9250}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{6CBA2464-1DAD-4F1D-919F-4E6DFC499277}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{6D88DE84-0813-4C51-99FC-12A9A98DD1D9}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{70CF17D8-ACB3-4DBF-B283-6A71C9BF3D0E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7158DDEE-BA53-421F-89A2-29BD40365E07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7158DDEE-BA53-421F-89A2-29BD40365E07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"{71E53243-3A2D-47EE-9DAB-6D71B2366657}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{73F84A2E-E267-44CD-AE43-26F5FADC07BC}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{7464E64D-F916-44C4-8B4D-8285C95325A1}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{7506EE3F-10D4-4FCF-9DDD-77B8FF1182D4}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{75336275-E3E0-4BC0-B373-3CFB8C1E4130}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{75EEC801-5298-41FE-BD51-F07E4178CA3E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79528026-9B7F-4C01-8280-D8BF249F6F52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79528026-9B7F-4C01-8280-D8BF249F6F52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"{7A6FA6EC-ED66-42B8-B9D7-06523FB6E039}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{7AE1BCAC-061D-4672-BACB-88BC74CE1D7A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{7BC12C89-A012-46EA-B9EB-052EB5CD4326}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{7BD8F44E-530D-41CF-B1D0-B9BB0B0C1C73}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{7F64EAF9-FFE6-49DB-90DD-80D2B8774614}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{7FAF6FA5-8557-4C4D-9206-7460555EAB06}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{830038A6-9046-42E5-B03C-1455E6BDFBAF}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{84E4A8CF-CE13-47C4-ABC1-BC5DD42C6C83}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{860F596C-A1D8-4651-B747-D134041D80AD}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{8865CC07-3C24-475C-896D-8ABA96F2471A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{90D79106-3D12-40AF-A9BA-231F2327770C}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{94582C27-CA52-4593-9A48-A317C4D361E3}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{955E8D5B-0718-411A-9D8F-83454788272B}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{97601E9E-9C9C-415D-B81D-9F86ACA7CDC5}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{9A58602B-2D48-4E55-BA94-672A29521C76}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{9B3A6CD7-4CDE-4432-BE99-B316D2296C86}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{9FFB29C5-38ED-47CB-B89B-EA84708EBA65}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{A483A62A-BEE2-43EF-B43D-C4B6555D6F1E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4BCC110-7996-4DE9-AFA2-D2A308762B1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4BCC110-7996-4DE9-AFA2-D2A308762B1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"{A4D1B478-9D9D-489F-98BF-846F21D1EA6C}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{A6D9FF76-0705-4B3D-9D8E-0BB183A7D3E9}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{AA16BF37-4FF5-40A7-9EA1-AB56C8AF1CCE}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{AE229047-6634-45F4-A0F4-6A9522659F2D}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{AF8621E4-DD0A-4E22-AEBD-D252114A7D89}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{AFD4A8A3-508B-4785-8271-CDEBAEED3F46}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{B3DD4C81-C4AC-4263-806F-E5B540C1B26A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{B4A5B97B-E0F1-4984-ADA4-432088751E1B}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{BA3388B9-C9D3-47A9-A9B5-E79B50DD0270}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{BB94B31D-4FE5-42FB-A144-A393F6C54A6F}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{BD62F7BB-7242-4904-A8A8-4E358ED75D6B}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{BF589992-F6BB-4FFC-8766-FB138C7DE18D}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{C0A4DF9B-B00D-4626-8994-BF17C88860B0}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{C1E1F555-5EEC-4D6B-98FB-9934616F00E9}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{C349BB67-3672-4975-AE02-517BAD9318EE}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{C4E89737-E6D8-4D86-B15E-50A93654BBC1}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{C7752DC6-148D-4AB0-93E1-D84AEB7AA014}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{C881A742-1A15-4EAC-96B9-9C6EA38AC7FA}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{C8DB9D2B-AB0A-4D3F-8409-427C806748D6}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{CA1E905A-B064-48AF-9F06-68C7E71498B9}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{CA4BE44E-107E-4B2D-91AF-FC3B077B02FC}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{CC8236FF-A055-4083-A37E-D0F85E135DE3}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{CFC77F13-E27C-4C44-8D9B-CB2163D27C89}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{D7F0F250-0978-4FFA-BA28-A14C0AB462FF}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{DAAFAEC3-BC03-44D7-A77D-05760FE578AD}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{DB458018-DEBA-4577-AB8B-EA1506110FB8}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{DE9EF05D-D131-41FC-87C9-ABF449872934}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{E03596C8-B2A4-4553-B379-B678F0EBCA95}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{E15B0834-C96C-40E1-8995-12FE38D52648}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{E506F4C9-20BB-40AE-AD65-2304E5EF9B80}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{E5217668-D921-4907-8CE1-276EABA44515}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{E7D61507-58B7-44DC-8D1E-932F96FC2D62}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E94EAF05-8D32-4AD1-9DD6-06E33A02E73E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E94EAF05-8D32-4AD1-9DD6-06E33A02E73E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"{EA5D5FA7-79F4-4BC8-8C91-CA1A24F86527}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{EC59CC4E-A8CB-476D-8421-92558446E9A3}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECE7B165-CF64-4DFC-986C-5DB68DC31BFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECE7B165-CF64-4DFC-986C-5DB68DC31BFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"{EF3EC7C4-1CB5-43F1-A074-D1D74BB07D7A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{EFB2C913-BFA0-4FB9-8130-48BEE6BD1B12}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{F120A436-C215-4927-87AA-934387AF5782}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{F2341244-5F02-41C5-BA40-4FBADCD67206}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{F35162BA-CDE7-4746-A368-D590640A3FA9}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{F4BF89A9-8488-4988-B163-F7F0341D521B}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{F6734075-627C-47CE-918F-B51866D629BB}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6F08EB7-324D-4750-AAA3-EB969B1F0BF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6F08EB7-324D-4750-AAA3-EB969B1F0BF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"{F775C69D-FE09-4105-8F98-5DC6D956FA4E}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{F98BB314-575B-453F-A9F9-A13B9D088426}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{F98C81FF-D786-4067-AAFB-D67F2BA8542A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{FA625267-66E0-464A-AE95-8754007E78AD}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{FB1868EE-5CA8-4DE9-A8B1-6171EB0EDB5A}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{FC52F032-45F0-4B04-99DA-5A5F43CB0392}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{FC5681F1-C930-414C-8049-16F7B32D0FEF}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"{FEF85651-4DD3-461C-AB7B-44FC3276E219}" task was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\Drivers\ihiuetqv.sys => ":changelist" ADS removed successfully.
C:\WINDOWS\system32\Drivers\qamsebbu.sys => ":changelist" ADS removed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88d8ecb7-204f-4efd-8134-f6341f76c672}" => key removed successfully
"HKCR\CLSID\{88d8ecb7-204f-4efd-8134-f6341f76c672}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{88d8ecb7-204f-4efd-8134-f6341f76c672} => value removed successfully
HKCR\CLSID\{88d8ecb7-204f-4efd-8134-f6341f76c672} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{10EE7BCD-5A88-4922-82AD-957FEAE222BA} => value removed successfully
HKCR\CLSID\{10EE7BCD-5A88-4922-82AD-957FEAE222BA} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{10EE7BCD-5A88-4922-82AD-957FEAE222BA} => value removed successfully
"HKCR\Wow6432Node\CLSID\{10EE7BCD-5A88-4922-82AD-957FEAE222BA}" => key removed successfully
C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\oougxt8p.default\extensions\[email protected] => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{[email protected]} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{[email protected]} => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18832390 B
Java, Flash, Steam htmlcache => 5593 B
Windows/system/drivers => 20524649 B
Edge => 948376 B
Chrome => 811844763 B
Firefox => 279745112 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 33249904 B
NetworkService => 98118 B
Dell Inspiron => 175041859 B
gamin_000 => 48228577 B
the6o_000 => 16838 B

RecycleBin => 55691 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:16:35 ====
JoshandDad is offline  
Old 09-20-2016, 07:44 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jeff. Are you still seeing arcadepatriot.com in Chrome?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 31 can be updated from the Java Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > > (Programs) ) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2016, 01:29 PM   #7
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



The arcadepatriot malware seems to have been eliminated, but I am still having the same problems with other websites. On some webpages, random words are hyperlinked and double underlined. If you click on those, you get pop up ads. Other than that, when clicking on legitimate hyperlinks, that problem appears to have been corrected.

The ESET scan ran for more than an hour and is now stuck on a screen asking to accept a 30 day trial period. It doesn't seems as if the scan completed, as no log appears. Please advise if I should re-run.

Here are the latest logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/20/2016
Scan Time: 1:32 PM
Logfile: MBAM Scan log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.20.07
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Dell Inspiron

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 451007
Time Elapsed: 1 hr, 16 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
JoshandDad is offline  
Old 09-21-2016, 03:31 AM   #8
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



I tried running the ESET scan again and had the same problem. The application froze and never completed.
JoshandDad is offline  
Old 09-21-2016, 06:47 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jeff. Are you sure the Online Scanner was scanning, and not initializing(downloading virus signature updates)?

There was no way to opt out of the trial and continue the scan?

You didn't mention other browser problems. What sites give you those double-underlined links?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-22-2016, 11:06 AM   #10
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Hi, yes, I am sure the online scanner was scanning, then got stuck halfway through. I tried 3 times, same result.

As for the problem with the double underlined links, that seems to be corrected, so that is no longer an issue.

Please advise what to do next.
JoshandDad is offline  
Old 09-23-2016, 08:36 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jeff. I was going to give you this link as to why those links appear:

Answers to common security questions - Best Practices - Anti-Virus, Anti-Malware, and Privacy Software

------------------------------------------------------

For some reason, as of yet unknown, ESET Online Scanner doesn't compete on some Win10 machines. I don't think it's anything to worry about.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-24-2016, 11:55 AM   #12
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Thank you very much for your assistance. I appreciate the help!
JoshandDad is offline  
Old 09-24-2016, 09:30 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help removing search engines from Chrome launch
Every time I launch Chrome in Windows 8 I am greeted with two AVG search tabs and one MSN tab. I want none of those and I can't find where they are set in Chrome. Is this some sort of trojan that installed them? How do I get rid of them so I just launch with a blank tab?
bauhsoj Resolved HJT Threads 10 07-14-2014 08:31 PM
Chrome browser will block malware downloads
Chrome browser will block malware downloads | Security - InfoWorld
JMH3143 Computer Security News 1 11-02-2013 05:22 PM
Need assistance removing the Windows Recovery Virus
I am helping my brother's friend who's PC has been infected with the Windows Recovery Virus. I ran Malwarebytes numerous times. Each time it finds the virus and "removes" it but yet after every restart the virus is still there. I would have tried Combofix, but apparently it doesn't like the version...
tigerfansince84 Resolved HJT Threads 8 06-23-2011 06:23 AM
Google patches critical Chrome browser vulnerabilities
Google patched several vulnerabilities in Chrome, including two a French security company said could be used to bypass the browser's anti-exploit technology. But Chrome 11.0.696.71, which Google rolled out yesterday to users via its automatic update mechanism, does not patch the flaw that Vupen...
Glaswegian Computer Security News 0 05-26-2011 01:03 PM
Google issues patches for 27 Chrome bugs
Google today patched 27 vulnerabilities in Chrome as it boosted the "stable" build of the browser to version 11 on Windows, Mac and Linux. The company paid out a record $16,500 (£9,900) in bounties to researchers who reported a majority of the bugs, beating the previous biggest payday by several...
Glaswegian Computer Security News 0 04-28-2011 08:39 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:58 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts