Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible malware/spyware - akamai

This is a discussion on Possible malware/spyware - akamai within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi to the Forum Volunteers. I'm using Windows 10 Home, version 1607, 64-bit operating system. My problem seems to be


 
 
Thread Tools Search this Thread
Old 04-26-2017, 03:18 AM   #1
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Hi to the Forum Volunteers. I'm using Windows 10 Home, version 1607, 64-bit operating system.

My problem seems to be mostly with one website ancestry.com. I have a problem loading pages, esp the tree pages on the site. This happens in Firefox, IE and Chrome. I've contacted Ancestry who've been unable to help.

When I try to load a page, it can take up to a minute - last time checking this morning it was taking 40 seconds. While the page is attempting to load, a number of messages flash by at the bottom of the page. The most persistent is "connecting to a248.e.akamai.net" - that can last 30 seconds or more. I also get a number of others including "transferring data from bam.nr-data.net".

This is so frustrating as I typically spend a lot of time on the site, but time spent is no longer so productive with this problem. Please help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.121.2
Run by Mary at 10:58:01 on 2017-04-26
Microsoft Windows 10 Home 10.0.14393.0.1252.44.1033.18.12249.8198 [GMT 1:00]
.
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dashost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Mary\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Mary\AppData\Local\FlickrUploadrWindows\app-1.0.1.292\Flickr.exe
C:\Users\Mary\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeApp.exe
C:\Windows\System32\PickerHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\AUDIODG.EXE
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = Dell Official Site | Dell United States
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre1.8.0_121\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre1.8.0_121\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [GoogleChromeAutoLaunch_F1202FEEC9EAEB77B053C1DC4089370E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [OneDrive] "C:\Users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Google Update] C:\Users\Mary\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe
uRun: [FlickrUploadr] "C:\Users\Mary\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
uRun: [Spotify Web Helper] "C:\Users\Mary\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Mary\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
uRun: [Amazon Music] "C:\Users\Mary\AppData\Local\Amazon Music\Amazon Music Helper.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Mary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Mary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONEDRI~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
StartupFolder: C:\Users\Mary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Mary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEA~1.LNK - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{9fcd9ffe-77fe-4937-ba0d-29a434869822} : NameServer = 54.72.70.84,212.71.249.225
TCP: Interfaces\{9fcd9ffe-77fe-4937-ba0d-29a434869822} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{9fcd9ffe-77fe-4937-ba0d-29a434869822}\35B4953443136473 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9fcd9ffe-77fe-4937-ba0d-29a434869822}\E4F4B4941402C457D6961602633303F523631373 : NameServer = 54.72.70.84,212.71.249.225
TCP: Interfaces\{9fcd9ffe-77fe-4937-ba0d-29a434869822}\E4F4B4941402C457D6961602633303F523631373 : DHCPNameServer = 192.168.137.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\gnnrkk7f.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ie/?gws_rd=cr&ei=eBO0WM6MNsaLgAaDjaiYDQ
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Glance29\npglance.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\java\jre1.8.0_121\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Mary\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Mary\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mary\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-10-27 651832]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-25 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-27 227328]
R1 avgtp;avgtp;C:\WINDOWS\System32\drivers\avgtpx64.sys [2013-10-24 46368]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2013-10-17 44488]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2013-8-23 92536]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 glancedrv;glancedrv;C:\WINDOWS\System32\drivers\glancedrv.sys [2015-2-18 36384]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-10-25 744640]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-3-3 2227312]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-10-17 487432]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-10-17 487432]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2013-10-17 161824]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2017-3-9 349560]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2013-10-17 88488]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_37a5d263;CDPUserSvc_37a5d263;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-5-6 3294920]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2017-4-17 48944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2015-2-28 135824]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [2012-9-26 14760]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-1-26 186304]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-1-26 4355024]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-2-8 458176]
R2 OneSyncSvc_37a5d263;Sync Host_37a5d263;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2015-4-17 494592]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-1-4 312056]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-29 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-7-13 610336]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-9-29 168448]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2016-7-16 37376]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-9-29 249856]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-8-23 342528]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-1-26 111544]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-1-26 43968]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-6-30 251832]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-1-26 92096]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_37a5d263;Contact Data_37a5d263;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_37a5d263;User Data Storage_37a5d263;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_37a5d263;User Data Access_37a5d263;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2015-4-1 1115552]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/08/22 19:12:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-13 236144]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-5-29 143144]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-1-16 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-8-23 36520]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [2013-7-3 263168]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2016-3-31 266240]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\WINDOWS\System32\drivers\btath_bus.sys [2013-8-23 33944]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\WINDOWS\System32\drivers\btath_hcrp.sys [2013-8-23 178840]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\WINDOWS\System32\drivers\btath_rcp.sys [2013-8-23 135832]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-27 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-5-29 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\WINDOWS\System32\drivers\leath_hid.sys [2013-8-23 39704]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [2017-3-20 404376]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_37a5d263;MessagingService_37a5d263;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\WINDOWS\System32\drivers\nvstusb.sys [2013-8-23 445288]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 qca_shb;Qualcomm Atheros UART Bus Driver;C:\WINDOWS\System32\drivers\qca_shb.sys [2013-8-23 99328]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-29 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2013-10-24 16152]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-4-11 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_37a5d263;Windows Push Notifications User Service_37a5d263;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-25 43520]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-10-17 1519136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2017-04-26 08:34:29 -------- d--h--w- C:\OneDriveTemp
2017-04-25 10:43:11 52168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozAF8B.tmp
2017-04-25 10:43:11 517064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozAF9B.tmp
2017-04-25 10:43:10 52526536 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozAE8C.tmp
2017-04-25 10:43:10 321480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozAF67.tmp
2017-04-25 10:43:10 1340360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozAF79.tmp
2017-04-25 10:43:10 122312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozAF8A.tmp
2017-04-23 22:14:49 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsigne7990f0510b6c960
2017-04-23 22:14:39 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign1ee33b7731b3f00d
2017-04-22 22:02:35 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign1784313674279535
2017-04-22 22:02:32 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsignd3702ffceca17e7f
2017-04-22 22:00:48 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsignbaec54c41210fe33
2017-04-22 22:00:44 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign8dc7ea75161d5f51
2017-04-20 23:41:36 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign233c1ea52a9a97bd
2017-04-20 23:41:30 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign1a71aff0d83998bc
2017-04-18 00:26:02 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign7238e83cb1164258
2017-04-18 00:25:59 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign773db3347baa9a8c
2017-04-17 15:14:04 48944 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2017-04-16 14:11:32 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign0cbd8a463c5dd354
2017-04-16 14:11:26 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsign3d1ba100efd1f7b7
2017-04-12 14:47:59 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsignf4f6ddbc52f674d3
2017-04-12 14:47:55 -------- d-----w- C:\Users\Mary\AppData\Local\Tempzxpsignfdcbae0aaa7cd4c3
2017-04-11 19:50:58 3612672 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-04-02 05:19:12 388384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-04-02 05:14:28 29432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-04-02 05:04:36 209104 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
==================== Find3M ====================
.
2017-04-26 09:10:31 92096 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-04-14 14:58:48 111544 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-04-14 14:58:47 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-04-14 14:58:45 251832 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-04-14 14:58:17 77440 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-04-11 21:07:22 150264 ------w- C:\WINDOWS\System32\drivers\rikvm_38F51D56.sys
2017-04-08 00:05:44 97856 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2017-04-07 23:28:37 186304 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-04-01 18:52:38 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-01 18:52:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-03-28 07:10:34 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2017-03-28 07:10:28 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-03-28 06:36:11 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-03-28 06:36:08 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-03-28 06:36:05 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-03-28 06:36:05 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-03-28 06:36:05 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-03-28 06:35:59 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-03-28 06:32:26 198856 ----a-w- C:\WINDOWS\System32\wscapi.dll
2017-03-28 06:29:11 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-03-28 06:28:05 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-03-28 06:28:03 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-03-28 06:26:21 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-03-28 06:26:11 218520 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2017-03-28 06:22:07 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-28 06:21:27 167848 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2017-03-28 06:20:43 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-03-28 06:20:11 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-03-28 06:20:04 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-03-28 06:19:26 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-03-28 06:18:07 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-03-28 06:15:53 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-03-28 06:12:54 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-03-28 06:11:30 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2017-03-28 06:11:30 2187616 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-03-28 06:11:14 1860288 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2017-03-28 06:11:11 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2017-03-28 06:11:09 402784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-03-28 06:10:53 178528 ----a-w- C:\WINDOWS\System32\CloudExperienceHostUser.dll
2017-03-28 06:10:44 1157008 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2017-03-28 06:10:42 146776 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2017-03-28 06:10:41 7220184 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2017-03-28 06:10:29 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2017-03-28 06:09:48 97128 ----a-w- C:\WINDOWS\System32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-03-28 06:09:40 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-03-28 06:09:22 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-03-28 06:09:18 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2017-03-28 06:08:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-03-28 06:08:43 1267504 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-03-28 06:08:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-03-28 06:07:35 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-03-28 0647 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-03-28 06:05:31 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-03-28 06:05:29 8168512 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-03-28 06:05:17 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-03-28 06:05:15 1848584 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
2017-03-28 06:05:14 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-03-28 06:05:14 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-03-28 06:05:11 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-03-28 06:05:07 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-03-28 06:04:59 277344 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
2017-03-28 06:04:58 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-03-28 06:04:54 1276760 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-03-28 06:04:53 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
2017-03-28 06:04:39 116568 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-03-28 06:04:38 5721808 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-03-28 06:04:32 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-03-28 06:04:31 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-03-28 06:04:31 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-03-28 06:04:30 160088 ----a-w- C:\WINDOWS\System32\CloudExperienceHostBroker.dll
2017-03-28 06:04:17 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-03-28 06:02:55 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-03-28 06:02:48 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-03-28 06:02:01 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-03-28 06:00:09 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-03-28 06:00:05 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-03-28 05:59:11 6667520 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-03-28 05:59:05 2533728 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-03-28 05:59:01 4023008 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2017-03-28 05:58:59 1851688 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2017-03-28 05:58:53 981888 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2017-03-28 05:58:53 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2017-03-28 05:58:53 1344448 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-03-28 05:58:52 1277856 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2017-03-28 05:58:50 1202936 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2017-03-28 05:58:45 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-28 05:58:44 372440 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
2017-03-28 05:58:27 961192 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-03-28 05:53:54 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-03-28 05:53:54 1414728 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-03-28 05:52:00 306800 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll
2017-03-28 05:48:07 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-03-28 05:44:50 7216640 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-03-28 05:42:28 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-03-28 05:42:06 51712 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2017-03-28 05:41:51 372736 ----a-w- C:\WINDOWS\System32\RDXTaskFactory.dll
2017-03-28 05:41:51 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-03-28 05:40:58 49664 ----a-w- C:\WINDOWS\SysWow64\XblAuthManagerProxy.dll
2017-03-28 05:40:53 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-03-28 05:40:19 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
.
============= FINISH: 10:59:19.06 ===============




I've been having problems for a number of weeks
Attached Files
File Type: txt attach.txt (18.9 KB, 17 views)
leckavrea is offline  
Sponsored Links
Advertisement
 
Old 04-28-2017, 01:09 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the below steps

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

========================================================

Things I need to see in your next post:

1- AdwCleaner[C#].txt
2-
Addition.txt
3-
FRST.txt
__________________
tekir06 is offline  
Old 04-28-2017, 05:41 AM   #3
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Thank you Tolga for the clear instructions.

I've completed those steps:

1- AdwCleaner[C#].txt is copied and pasted into this reply
2- Addition.txt - attached
3- FRST.txt - attached

When starting AdwCleaner, I got a prompt saying it was an outdated version. But I proceeded with it anyway, rather then getting a newer version from a different source.


# AdwCleaner v6.045 - Logfile created 28/04/2017 at 13:11:41
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-25.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Mary - WINDOWS-QPK086H
# Running from : C:\Users\Mary\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Mary\AppData\Local\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\Mary\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\Mary\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\Mary\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Mary\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\ProgramData\AVG SafeGuard toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG SafeGuard toolbar
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder deleted: C:\Program Files (x86)\Coupons
[-] Folder deleted: C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpaiibklhaneknloaoccoidbaffjjlnb


***** [ Files ] *****

[-] File deleted: C:\Users\Mary\AppData\Local\Microsoft\Internet Explorer\Services\Search_ask.com.xml
[-] File deleted: C:\WINDOWS\SysNative\drivers\swdumon.sys
[-] File deleted: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\gnnrkk7f.default\invalidprefs.js
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r394-n-bf.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-698676636-3033671949-1600325578-1002\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282017095337907\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5457401-D56A-43F2-9524-78E54A7FC07A}
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\1047545AA65D2F345942875EA4F70CA7
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\1047545AA65D2F345942875EA4F70CA7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1047545AA65D2F345942875EA4F70CA7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1047545AA65D2F345942875EA4F70CA7
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\1047545AA65D2F345942875EA4F70CA7
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\1047545AA65D2F345942875EA4F70CA7
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Value deleted: HKU\S-1-5-21-698676636-3033671949-1600325578-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [browsersafeguard]
[-] Value deleted: HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282017095337907\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [browsersafeguard]
[-] Value deleted: HKU\S-1-5-21-698676636-3033671949-1600325578-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [iLivid]
[-] Value deleted: HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282017095337907\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [iLivid]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
[-] Value deleted: HKLM\SOFTWARE\Classes\.torrent [iLivid.torrent_backup]


***** [ Web browsers ] *****

[-] [C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8807 Bytes] - [28/04/2017 13:11:41]
C:\AdwCleaner\AdwCleaner[R0].txt - [6990 Bytes] - [21/11/2013 07:29:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [6910 Bytes] - [21/11/2013 07:31:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [8738 Bytes] - [28/04/2017 12:42:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9099 Bytes] ##########
Attached Files
File Type: txt Addition.txt (62.2 KB, 18 views)
File Type: txt FRST.txt (106.1 KB, 18 views)
leckavrea is offline  
Sponsored Links
Advertisement
 
Old 04-30-2017, 04:08 PM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

Thanks for the logs. Please do following.

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

ScorpionSaver >>>>>>
Please read


==============================================


Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
Task: {0A6AF99E-9FAD-496C-8A46-31AC3ABDFA38} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {20ED8DB2-345A-4056-9F07-46C091C2EEB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {38C1E8BE-6AC6-47A7-81FC-97E7A4C19139} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6340F362-B287-4E1A-96CD-B363BF1BB460} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {71DD7E26-4484-43A1-BD8B-CA2E8EB010CF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8EE93CAF-9421-48D0-A8ED-CB785CA0DA3E} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {96C83F51-FAAB-449E-BFC6-B5A633797E2F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9919E375-0FBA-46FE-8D8E-1FB034A1CB6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ACF9ECC8-4CEC-44F6-985D-5963709A826A} - no filepath
Task: {C6866BEF-FBC8-4C5D-9882-5B3BDCE7EA39} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C70B45AD-9B4E-41B6-AE68-3278E2FE2A6E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C7A4233D-5DFC-47E0-8565-55970B1E7B40} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D30CC589-5400-49BA-A4ED-6226AA94B16C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E1DC418F-558C-4A7F-9FC7-F354CFFEF643} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F9364FE3-6297-47BF-8C0D-7F36105170C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FB21959B-16E0-40F5-88DD-2C7320F95FB6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FEECF807-FB7C-403C-BF9C-741839315854} - \PCDEventLauncher -> No File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = 
2013-08-23 01:12 - 2013-08-23 01:13 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-08-23 01:09 - 2013-08-23 01:09 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-08-23 01:09 - 2013-08-23 01:10 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-08-23 01:08 - 2013-08-23 01:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-08-23 01:11 - 2013-08-23 01:12 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 05-01-2017, 01:52 PM   #5
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Hi Tolga:

I'm unable to uninstall ScorpionSaver. I right-click and get
Are you sure you want to uninstall ScorpionSaver? I click YES, but then get "The feature that you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'ScorpionSaver.msi' in the box below."

I've tried searching C: for ScorpionSaver but didn't find it. Also checked under Add/Remove Programs. I see ScorpionSaver listed, but clicking Uninstall brings me to the same message as above.

I didn't follow the rest of your instructions as I think the result would depend on removing ScorpionSaver first.
leckavrea is offline  
Old 05-02-2017, 12:19 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

Thanks for information. Please do the FRST step. We will deal with ScorpionSaver later.
__________________
tekir06 is offline  
Old 05-02-2017, 04:54 AM   #7
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Fix result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017
Ran by Mary (02-05-2017 10:41:16) Run:1
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary & (Available Profiles: Mary & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {0A6AF99E-9FAD-496C-8A46-31AC3ABDFA38} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {20ED8DB2-345A-4056-9F07-46C091C2EEB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {38C1E8BE-6AC6-47A7-81FC-97E7A4C19139} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6340F362-B287-4E1A-96CD-B363BF1BB460} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {71DD7E26-4484-43A1-BD8B-CA2E8EB010CF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8EE93CAF-9421-48D0-A8ED-CB785CA0DA3E} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {96C83F51-FAAB-449E-BFC6-B5A633797E2F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9919E375-0FBA-46FE-8D8E-1FB034A1CB6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ACF9ECC8-4CEC-44F6-985D-5963709A826A} - no filepath
Task: {C6866BEF-FBC8-4C5D-9882-5B3BDCE7EA39} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C70B45AD-9B4E-41B6-AE68-3278E2FE2A6E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C7A4233D-5DFC-47E0-8565-55970B1E7B40} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D30CC589-5400-49BA-A4ED-6226AA94B16C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E1DC418F-558C-4A7F-9FC7-F354CFFEF643} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F9364FE3-6297-47BF-8C0D-7F36105170C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FB21959B-16E0-40F5-88DD-2C7320F95FB6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FEECF807-FB7C-403C-BF9C-741839315854} - \PCDEventLauncher -> No File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
2013-08-23 01:12 - 2013-08-23 01:13 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-08-23 01:09 - 2013-08-23 01:09 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-08-23 01:09 - 2013-08-23 01:10 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-08-23 01:08 - 2013-08-23 01:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-08-23 01:11 - 2013-08-23 01:12 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A6AF99E-9FAD-496C-8A46-31AC3ABDFA38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A6AF99E-9FAD-496C-8A46-31AC3ABDFA38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20ED8DB2-345A-4056-9F07-46C091C2EEB2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20ED8DB2-345A-4056-9F07-46C091C2EEB2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38C1E8BE-6AC6-47A7-81FC-97E7A4C19139} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C1E8BE-6AC6-47A7-81FC-97E7A4C19139} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6340F362-B287-4E1A-96CD-B363BF1BB460} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6340F362-B287-4E1A-96CD-B363BF1BB460} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71DD7E26-4484-43A1-BD8B-CA2E8EB010CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71DD7E26-4484-43A1-BD8B-CA2E8EB010CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EE93CAF-9421-48D0-A8ED-CB785CA0DA3E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EE93CAF-9421-48D0-A8ED-CB785CA0DA3E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96C83F51-FAAB-449E-BFC6-B5A633797E2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96C83F51-FAAB-449E-BFC6-B5A633797E2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9919E375-0FBA-46FE-8D8E-1FB034A1CB6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9919E375-0FBA-46FE-8D8E-1FB034A1CB6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF9ECC8-4CEC-44F6-985D-5963709A826A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6866BEF-FBC8-4C5D-9882-5B3BDCE7EA39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6866BEF-FBC8-4C5D-9882-5B3BDCE7EA39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C70B45AD-9B4E-41B6-AE68-3278E2FE2A6E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C70B45AD-9B4E-41B6-AE68-3278E2FE2A6E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A4233D-5DFC-47E0-8565-55970B1E7B40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A4233D-5DFC-47E0-8565-55970B1E7B40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D30CC589-5400-49BA-A4ED-6226AA94B16C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D30CC589-5400-49BA-A4ED-6226AA94B16C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1DC418F-558C-4A7F-9FC7-F354CFFEF643} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1DC418F-558C-4A7F-9FC7-F354CFFEF643} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9364FE3-6297-47BF-8C0D-7F36105170C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9364FE3-6297-47BF-8C0D-7F36105170C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB21959B-16E0-40F5-88DD-2C7320F95FB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB21959B-16E0-40F5-88DD-2C7320F95FB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEECF807-FB7C-403C-BF9C-741839315854} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEECF807-FB7C-403C-BF9C-741839315854} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04292017104802153\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04292017104802153\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04302017103547384\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04302017103547384\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05012017202927335\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05012017202927335\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017035750010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017035750010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0BD3FFAC-44FC-4B6D-8DE0-58EA3C7CC154}.
{CF67796F-024C-4C7B-B08A-90A771FE20C5} canceled.
{0EEA9A71-FDB0-4215-85A7-72FDDBAB4625} canceled.
2 out of 3 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1109669581 B
Java, Flash, Steam htmlcache => 2343 B
Windows/system/drivers => 137373654 B
Edge => 20802634 B
Chrome => 535054623 B
Firefox => 462305879 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 6207619 B
NetworkService => 63123 B
Mary => 3382153708 B
UpdatusUser => 0 B
Administrator => 0 B

RecycleBin => 124 B
EmptyTemp: => 5.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:57:52 ====
leckavrea is offline  
Old 05-08-2017, 06:21 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

Sorry for delay. How is the machine behaving now? What problems do you still have?

Please do teh following.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
Copy/paste the contents of the following codebox into the main textfield:

Code:
:folderfind 
ScorpionSaver  
:regfind 
ScorpionSaver
Click the Look button to start the scan.
Please be patient, as it may take a while.
:aarowr: When finished, a Notepad file will open with the results of the scan.
Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________
tekir06 is offline  
Old 05-08-2017, 03:58 PM   #9
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Hi Tolga:

I'm still having the same problem with Ancestry webpages loading extremely slowly and it still goes to akamai for a long time before the page resolves itself. Result of SystemLook scan below.

SystemLook 30.07.11 by jpshortstuff
Log created at 23:26 on 08/05/2017 by Mary
Administrator - Elevation successful

========== folderfind ==========

Searching for "ScorpionSaver "
No folders found.

========== regfind ==========

Searching for "ScorpionSaver"
[HKEY_CURRENT_USER\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 20
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA\SourceList]
"PackageName"="scorpionsaver_20131010.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A1F1E372A1B7C6347A384A8A9CA70D63]
"ProductName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A1F1E372A1B7C6347A384A8A9CA70D63\SourceList]
"PackageName"="ScorpionSaver.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\ScorpionSaver\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73]
"8BA5CD9129705784F8B198C6A5C96EEA"="01:\Software\AppDataLow\Software\ScorpionSaver\key"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1F1E372A1B7C6347A384A8A9CA70D63\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}]
"DisplayName"="ScorpionSaver"
[HKEY_USERS\S-1-5-21-698676636-3033671949-1600325578-1002\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x8
[HKEY_USERS\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05032017102955874\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redist
[HKEY_USERS\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05042017094428154\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redist
[HKEY_USERS\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05052017105918681\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redist
[HKEY_USERS\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062017193816700\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redist
[HKEY_USERS\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072017123504021\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redist
[HKEY_USERS\S-1-5-21-698676636-3033671949-1600325578-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05082017112734924\SOFTWARE\Innovative Solutions\Advanced Uninstaller PRO\11\Settings]
"file_installed"="Recently installed
Advanced Uninstaller PRO - Version 11
AVG SafeGuard toolbar
CCleaner
SlimDrivers

Other applications
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3.2 64-bit
Avira Free Antivirus
BrowserSafeguard
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Classic Shell
CyberLink Media Suite Essentials
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Family Tree Maker 2012
Google Chrome
InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
iSEEK AnswerWorks English Runtime
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Home and Student 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redist

-= EOF =-
leckavrea is offline  
Old 05-11-2017, 01:02 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 05-12-2017, 06:17 PM   #11
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Tolga:
I did that. No threats found so wasn't prompted to restart computer. Scan log attached.
Attached Files
File Type: txt MBAM scan 13May2017.txt (1.1 KB, 14 views)
leckavrea is offline  
Old 05-16-2017, 12:14 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

Please do the following.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.

You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
Tick the option Enable detection of potentially unwanted applications
Click on Advanced settings
Make sure that the option Clean threats automatically is unticked.
Ensure these options are ticked:
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology

Click Scan
Wait for the scan to finish.
When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Please copy/paste the contents of the log in your next reply.
To close ESET Online Scanner, select Do not clean then Finish
__________________
tekir06 is offline  
Old 05-16-2017, 07:31 PM   #13
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Tolga:

Here are the results of the ESET scan...

C:\AdwCleaner\Quarantine\files\robqzpmqzikqcibhcrcruafaufwueedc\uninstall.exe a variant of Win32/Adware.Coupons.AA application
C:\My Documents\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\My Documents\Downloads\avira_free_antivirus_en.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\My Documents\Downloads\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\My Documents\Downloads\CouponPrinter(1).exe a variant of Win32/Adware.Coupons.AA application
C:\My Documents\Downloads\CouponPrinter(5).exe a variant of Win32/Adware.Coupons.AA application
C:\My Documents\Downloads\CouponPrinter.exe a variant of Win32/Adware.Coupons.AA application
C:\My Documents\Downloads\mp3mymp3installiq2.exe a variant of Win32/InstallIQ potentially unwanted application
C:\My Documents\Downloads\Avira2\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\My Documents\Downloads\Avira2\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\My Documents\Downloads\Avira2\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\Family Tree Maker 2014\FTM2014SfxPatch64.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files\Family Tree Maker 2014\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files\Family Tree Maker 2014\hstartRt.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Backup\DBRUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\ProgramData\{D2044A97-3875-40E7-8161-DA975C6BA7CF}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\All Users\{D2044A97-3875-40E7-8161-DA975C6BA7CF}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Mary\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Mary\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mary\Downloads\couponprinter.exe a variant of Win32/Adware.Coupons.AA application
C:\Users\Mary\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\CouponPrinter.ocx a variant of Win32/Adware.Coupons.AA application
C:\Windows\Installer\d2d538.msi a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
leckavrea is offline  
Old 05-22-2017, 12:32 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

Please re-run ESET Online Scanner and this time Make sure that the option Clean threats automatically is ticked. Please copy/paste the contents of the log in your next reply.
__________________
tekir06 is offline  
Old 05-24-2017, 06:24 PM   #15
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Tolga:
I just ran ESET Online Scanner again. I checked "Clean threats automatically." 31 threats/infected files were found after scan completed. At the end I clicked Finish but no log file was produced. I tried looking for log.txt but not found.
Scan took over two hours. Will do again tomorrow. But what did I miss?
leckavrea is offline  
Old 05-30-2017, 05:08 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

How is the machine behaving now? What problems do you still have?
__________________
tekir06 is offline  
Old 05-30-2017, 07:12 AM   #17
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Tolga, I'm still having the same problem. When I try to load ancestry.com "connecting to a248.e.akamai.net" takes ages. What is akamai?
leckavrea is offline  
Old 06-05-2017, 01:30 AM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello leckavrea,

Please re-run FRST tool and attach logs.
__________________
tekir06 is offline  
Old 06-06-2017, 04:11 PM   #19
Registered Member
 
Join Date: May 2009
Posts: 51
OS: Windows XP Pro, SP3



Tolga:
Results of rerunning FRST tool attached.
Attached Files
File Type: txt FRST.txt (163.1 KB, 9 views)
File Type: txt Addition.txt (90.3 KB, 15 views)
leckavrea is offline  
Old 06-15-2017, 12:22 AM   #20
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Sorry for delay. Please do the following.

Clear your Chrome cache and cookies

Here

=====================================================================

For Firefox

Here

========================================================================



__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
DDoS attacks almost doubled in year: Akamai State of the Internet Security Report
DDoS attacks almost doubled in year: Akamai State of the Internet Security Report | Network World
JMH3143 Computer Security News 0 02-02-2015 03:21 PM
Need help with unknown malware/spyware :S
Hi guys, first of all I would like to try to get straight to the point and explain the problem that I am having when trying to fix my friend's laptop, since last week. He has already told me that it doesn't have any sort of antivirus software installed. Okay so I turn the laptop on and...
incrediblehulk Inactive Malware Help Topics 4 03-06-2013 12:55 PM
Checking for Malware/Spyware using ComboFix
I run MS Essentials as my AV and use MBAM all the time.Both of them tell me i have nothing but my Lenovo PC seems slower.On Sunday morning MS detected Exploit Java but quarantined it.I then deleted it and ran a full scan with MS Essentials and then to be sure MBAM and both came clean.Again i ran...
bigalster Virus/Trojan/Spyware Help 0 03-04-2013 05:49 PM
Strange files
Hello everyone, I recently started receiving some weird log-like files when i was browsing the internet. They appear similar to some sort of files opened in google windows with url of about:blank. I am not sure if these are even dangerous but i never seen anything like it before so i figured i...
guy240 Virus/Trojan/Spyware Help 28 08-03-2012 04:56 AM
Suspected Malware/Spyware, ran GMER...
Hello, I have been having problems with my laptop. Windows 7 64-bit Srvc pack 1, 6 gb RAM, Core 2 DUO P8700 @ 2.53 ghz. My laptop is freezing under normal startups, working fine in selective startup safe mode. Please help! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer:...
nastel23 Virus/Trojan/Spyware Help 1 09-14-2011 08:24 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:37 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts