User Tag List

Possible Virus?....

This is a discussion on Possible Virus?.... within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I originally went to download a program called iExplorer (load music to Iphone without ITunes) and afterwards whenever I


 
 
Thread Tools Search this Thread
Old 09-11-2016, 04:47 AM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

I originally went to download a program called iExplorer (load music to Iphone without ITunes) and afterwards whenever I opened Firefox, the screen that I attached appears (and not my home page). I hope that you're able to help me fix this

Below is the DDS.txt file...and Attach.txt is attached

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.545 BrowserJavaVersion: 11.91.2
Run by King at 22:17:43 on 2016-09-10
Microsoft Windows 10 Pro 10.0.10586.0.1252.1.1033.18.7888.4736 [GMT -4:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\dashost.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SysWOW64\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\EMSService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
C:\Program Files\NZBDrive\dokanx_mount.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\SecureW2\sw2_service.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\EmsServiceHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\King\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HP\HPENVY~1\Bin\HPNETW~1.EXE
C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
C:\Users\King\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\SecureW2\sw2_tray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD APP MANAGER\PLUGINS\WD BACKUP\App\WDBackupService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\PROGRA~2\MOZILL~1\plugin-container.exe
C:\PROGRA~2\MOZILL~1\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\PROGRA~2\MOZILL~1\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
C:\Windows\explorer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\splwow64.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vcu.edu/
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [Dropbox Update] "C:\Users\King\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [HP ENVY 4520 series (NET)] "C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5A92F0NG0660:NW" -scfn "HP ENVY 4520 series (NET)" -AutoStart 1
uRun: [OneDrive] "C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\King\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\King\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: HideFastUserSwitching = dword:1
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79}\84F4D454D203347363D223E243 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{98bff00c-bb80-4b13-9b96-7b50f97f6435} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [EmsService] EmsServiceHelper.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: HideFastUserSwitching = dword:1
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.vcu.edu/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 10\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 10\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\King\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\WINDOWS\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 CmgPCS;Credant PCS;C:\WINDOWS\System32\drivers\CmgPCS.sys [2013-5-10 144168]
R0 CmgShieldCEF;CmgShieldCEF;C:\WINDOWS\System32\drivers\CMGShCEF.sys [2013-5-10 381224]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\WINDOWS\System32\drivers\iusb3hcs.sys [2013-7-5 16152]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\System32\drivers\ApsHM64.sys [2011-12-29 25416]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-31 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2016-8-10 435032]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2016-6-20 50008]
R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2016-5-31 45488]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2016-6-18 85320]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\WINDOWS\System32\drivers\klwtp.sys [2016-6-2 127896]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2016-6-14 194480]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [2016-6-28 241544]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-3-27 2251992]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 Dokan;Dokan;C:\WINDOWS\System32\drivers\dokanx.sys [2014-8-30 55208]
R2 DokanMounter;DokanMounter;C:\Program Files\NZBDrive\dokanx_mount.exe [2014-8-30 78336]
R2 EMS;EMS;EMSService.exe --> EMSService.exe [?]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-20 26168]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-5 161560]
R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2016-6-28 241544]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-7-5 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-7-5 61296]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-7-5 179568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992]
R2 NitroDriverReadSpool10;NitroPDFDriverCreatorReadSpool10;C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [2016-3-3 327320]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-5-24 216072]
R2 NitroUpdateService;NitroUpdateService;C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [2016-3-3 417944]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2016-3-3 71832]
R2 risdxc;risdxc;C:\WINDOWS\System32\drivers\risdxc64.sys [2013-7-5 101888]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2015-2-13 16216]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2015-4-1 157992]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 SW2SVC;SecureW2 Service;C:\Program Files (x86)\SecureW2\sw2_service.exe [2012-11-2 106920]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-8-7 255608]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-5 363800]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]
R2 vToolbarUpdater19.3.0;vToolbarUpdater19.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe [2016-3-15 1888328]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-12-7 308088]
R3 5U877;5U877;C:\WINDOWS\System32\drivers\5U877.sys [2013-7-5 216704]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-3-27 173312]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-5-31 245760]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-7-5 331264]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2016-8-10 191312]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2016-8-10 182360]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2016-5-19 52136]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 kltap;Kaspersky Security Data Escort Adapter;C:\WINDOWS\System32\drivers\kltap.sys [2016-6-7 52152]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2015-10-30 3343872]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 Tvti2c;Lenovo SM bus driver;C:\WINDOWS\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\WINDOWS\System32\drivers\tvtvcamd.sys [2013-7-5 27432]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-11-12 26880]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-30 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2016-3-31 28792]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [2013-10-20 31920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-3-27 188160]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-13 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-25 130688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-12-10 272864]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [2016-7-19 327944]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-8-7 52912]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-25 164992]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-31 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-14 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-31 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 WD Backup Drive Helper;WD Backup Drive Helper;C:\Windows\SysWOW64\dllhost.exe [2015-10-30 17760]
S3 WD Backup Snapshot;WD Backup Snapshot;C:\Windows\SysWOW64\dllhost.exe [2015-10-30 17760]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-5-31 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-5-31 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-5-31 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2016-09-10 07:47:42 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-09-10 07:47:32 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-09-10 07:47:32 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-09-10 07:47:32 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-09-10 07:47:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-07 02:42:26 820416 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2016-09-07 02:42:18 392136 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-08-24 09:23:27 252560 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_klark.sys
2016-08-24 09:21:45 112336 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys
2016-08-23 09:09:44 223528 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys
2016-08-23 09:09:44 167904 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_mark.sys
.
==================== Find3M ====================
.
2016-09-08 08:44:24 127896 ----a-w- C:\WINDOWS\System32\drivers\klwtp.sys
2016-09-08 08:44:23 50008 ----a-w- C:\WINDOWS\System32\drivers\klim6.sys
2016-09-08 08:44:20 435032 ----a-w- C:\WINDOWS\System32\drivers\klhk.sys
2016-08-03 11:14:47 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-08-03 11:14:47 50368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-08-03 11:14:47 1505984 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-08-03 10:36:39 7469408 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-08-03 10:36:37 99680 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2016-08-03 10:36:30 37744 ----a-w- C:\WINDOWS\System32\wldp.dll
2016-08-03 10:23:43 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-08-03 10:23:42 693600 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-08-03 10:22:59 58408 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.dll
2016-08-03 10:22:53 465248 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2016-08-03 10:22:39 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-08-03 10:22:10 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-08-03 10:22:08 1322760 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-08-03 10:21:07 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-08-03 10:21:01 566112 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-08-03 10:20:08 1540224 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-08-03 10:20:04 692136 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2016-08-03 10:19:37 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-08-03 10:19:36 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-08-03 10:13:17 1988448 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-08-03 10:13:11 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-08-03 10:13:10 393056 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-08-03 10:11:09 422744 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2016-08-03 09:51:14 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-08-03 09:51:00 123392 ----a-w- C:\WINDOWS\System32\tdlrecover.exe
2016-08-03 09:46:24 22384128 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-08-03 09:44:39 63488 ----a-w- C:\WINDOWS\System32\wshbth.dll
2016-08-03 09:44:23 44544 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2016-08-03 09:44:03 189952 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-08-03 09:43:07 16985088 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-08-03 09:41:32 112640 ----a-w- C:\WINDOWS\System32\drivers\bthenum.sys
2016-08-03 09:41:28 128512 ----a-w- C:\WINDOWS\System32\drivers\bthpan.sys
2016-08-03 09:41:27 64000 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-08-03 09:41:25 59904 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-08-03 09:40:54 58880 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2016-08-03 09:40:48 47616 ----a-w- C:\WINDOWS\System32\TpmTasks.dll
2016-08-03 09:40:38 181248 ----a-w- C:\WINDOWS\System32\drivers\rfcomm.sys
2016-08-03 09:40:16 127488 ----a-w- C:\WINDOWS\System32\VEDataLayerHelpers.dll
2016-08-03 09:40:09 91136 ----a-w- C:\WINDOWS\System32\bthserv.dll
2016-08-03 09:39:55 218624 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-08-03 09:39:43 104448 ----a-w- C:\WINDOWS\System32\BluetoothApis.dll
2016-08-03 09:38:23 379392 ----a-w- C:\WINDOWS\System32\usocore.dll
2016-08-03 09:38:22 412160 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-08-03 09:37:22 110080 ----a-w- C:\WINDOWS\System32\IdCtrls.dll
2016-08-03 09:36:49 211456 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2016-08-03 09:36:28 198144 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-08-03 09:35:56 200192 ----a-w- C:\WINDOWS\System32\WUDFPlatform.dll
2016-08-03 09:35:15 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-08-03 09:33:57 339968 ----a-w- C:\WINDOWS\System32\SensorService.dll
2016-08-03 09:33:37 285184 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
2016-08-03 09:31:59 359936 ----a-w- C:\WINDOWS\System32\SensorsApi.dll
2016-08-03 09:31:54 247296 ----a-w- C:\WINDOWS\System32\wevtutil.exe
2016-08-03 09:31:38 506880 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
2016-08-03 09:30:28 515072 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2016-08-03 09:30:09 970752 ----a-w- C:\WINDOWS\System32\kerberos.dll
2016-08-03 09:29:44 954368 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
2016-08-03 09:29:36 2127360 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2016-08-03 09:29:29 84992 ----a-w- C:\WINDOWS\System32\drivers\BTHUSB.SYS
2016-08-03 09:29:15 1500160 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2016-08-03 09:29:09 1387520 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-08-03 09:28:40 529920 ----a-w- C:\WINDOWS\System32\LogonController.dll
2016-08-03 09:28:22 1213440 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2016-08-03 09:27:58 1717760 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2016-08-03 09:27:45 7536640 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-08-03 09:27:29 381952 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2016-08-03 09:18:57 6974464 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-08-03 09:18:20 1388032 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-08-03 09:18:16 2067968 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2016-08-03 09:17:10 2175488 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-08-03 09:16:43 2635776 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-08-03 09:16:30 3589120 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-08-03 09:16:25 5123072 ----a-w- C:\WINDOWS\System32\dbgeng.dll
2016-08-03 09:15:20 7833088 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-08-03 09:14:04 1997824 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2016-08-03 09:14:02 4895232 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-08-03 09:13:59 3025920 ----a-w- C:\WINDOWS\System32\wininet.dll
2016-08-03 09:12:25 2746368 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2016-08-03 09:11:25 4171264 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-08-03 05:52:28 34088 ----a-w- C:\WINDOWS\SysWow64\wldp.dll
2016-08-03 05:34:16 501592 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-08-03 05:34:13 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-08-03 05:33:08 51128 ----a-w- C:\WINDOWS\SysWow64\SensorsNativeApi.dll
2016-08-03 05:31:51 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-08-03 05:31:38 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-08-03 05:30:12 255168 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-08-03 05:30:07 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-08-03 04:57:44 91648 ----a-w- C:\WINDOWS\SysWow64\tdlrecover.exe
2016-08-03 04:48:25 51712 ----a-w- C:\WINDOWS\SysWow64\wshbth.dll
2016-08-03 04:47:48 13018112 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2016-08-03 04:44:46 48128 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryBroker.dll
2016-08-03 04:44:45 48640 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2016-08-03 04:42:54 80896 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2016-08-03 04:40:45 92160 ----a-w- C:\WINDOWS\SysWow64\IdCtrls.dll
2016-08-03 04:37:22 219136 ----a-w- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
2016-08-03 04:35:37 178688 ----a-w- C:\WINDOWS\SysWow64\wevtutil.exe
2016-08-03 04:35:21 286208 ----a-w- C:\WINDOWS\SysWow64\SensorsApi.dll
2016-08-03 04:34:23 400896 ----a-w- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
.
============= FINISH: 22:18:12.87 ===============
Attached Thumbnails
Click image for larger version

Name:	Initial Screen when Firefox comes up.jpg
Views:	107
Size:	141.5 KB
ID:	292074  
Attached Files
File Type: txt attach.txt (12.6 KB, 32 views)
hbkvcu is offline  
Sponsored Links
Advertisement
 
Old 09-11-2016, 12:13 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

I noticed you have AVG Security Toolbar installed.

Please read this and decide if you want to keep it >> SystemLookup - 95b7759c-8c7f-4bf1-b163-73684a933233

You can uninstall it via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if they still exist:

Itibiti RTC<<Please read this

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-11-2016, 04:19 PM   #3
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

Thank you for your reply !!

I first uninstalled utorrent...I haven't used that in over a year...

When I attempted to uninstall the AVG Toolbar...after I went to Program and Features, highlighted the program, clicked uninstall...it didn't do anything...

I didn't even see itibiti.exe...and I followed your steps...

After I ran ADWCleaner, I clicked on "clean"...and my computer screen turned blue and said that "my PC ran into a problem and has to restart"...

I didn't do your last step..until I hear from you...

What do I do next? I look forward from hearing from you !!

Thanks !!
hbkvcu is offline  
Sponsored Links
Advertisement
 
Old 09-12-2016, 10:58 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello hbkvcu. You're welcome. Re-run AdwCleaner, this time just clicking Scan but not Clean.

Please post the log it produces in your next reply. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt

Sorry about the Itibiti RTC. It's hidden until I unhide it with FRST later.

Just continue with FRST instructions after running AdwCleaner.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-12-2016, 06:19 PM   #5
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

Here are the results:

# AdwCleaner v6.010 - Logfile created 12/09/2016 at 18:20:08
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-12.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : King - KING-THINK
# Running from : C:\Users\King\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

Service Found: vToolbarUpdater19.3.0


***** [ Folders ] *****

Folder Found: C:\Program Files (x86)\0914A881-1461007099-11CB-8588-C08BBDD41045
Folder Found: C:\ProgramData\Avg_Update_0215tb
Folder Found: C:\ProgramData\Avg_Update_0615tb
Folder Found: C:\ProgramData\Avg_Update_0814tb
Folder Found: C:\ProgramData\Avg_Update_1114tb
Folder Found: C:\ProgramData\Avg_Update_1214tb
Folder Found: C:\Users\King\AppData\Local\AVG SafeGuard toolbar
Folder Found: C:\Users\King\AppData\Local\NativeMessaging
Folder Found: C:\Users\King\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found: C:\Users\King\AppData\Roaming\dvdvideosoftiehelpers
Folder Found: C:\Users\King\AppData\Roaming\Systweak
Folder Found: C:\Users\King\AppData\Roaming\Yahoo!\Companion
Folder Found: C:\ProgramData\apn
Folder Found: C:\ProgramData\AVG SafeGuard toolbar
Folder Found: C:\ProgramData\AVG Secure Search
Folder Found: C:\ProgramData\Partner
Folder Found: C:\ProgramData\Yahoo! Companion
Folder Found: C:\ProgramData\Application Data\apn
Folder Found: C:\ProgramData\Application Data\AVG SafeGuard toolbar
Folder Found: C:\ProgramData\Application Data\AVG Secure Search
Folder Found: C:\ProgramData\Application Data\Partner
Folder Found: C:\ProgramData\Application Data\Yahoo! Companion
Folder Found: C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found: C:\Program Files (x86)\AVG Security Toolbar
Folder Found: C:\Program Files (x86)\Conduit
Folder Found: C:\Program Files (x86)\Yahoo!\Companion
Folder Found: C:\Program Files (x86)\Common Files\AVG Secure Search


***** [ Files ] *****

File Found: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
File Found: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
Key Found: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
Key Found: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
Key Found: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
Key Found: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
Key Found: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
Key Found: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
Key Found: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.DataStore
Key Found: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
Key Found: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.StringList
Key Found: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
Key Found: HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found: HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found: HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found: HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found: HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found: HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
Key Found: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
Key Found: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
Key Found: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
Key Found: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
Key Found: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
Key Found: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
Key Found: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
Key Found: [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Key Found: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Key Found: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Key Found: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Key Found: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Key Found: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Key Found: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
Key Found: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Key Found: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Key Found: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found: HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
Key Found: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\AVG Security Toolbar
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Conduit
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\DAILYPCCLEAN
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\IM
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Reg\Clean
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Softonic
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Yahoo\Companion
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Yahoo\YFriendsBar
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\systweak
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\INSTALLPATH\STATUS
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\AppDataLow\Software\SpeeditUp
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKCU\Software\AVG Security Toolbar
Key Found: HKCU\Software\Conduit
Key Found: HKCU\Software\DAILYPCCLEAN
Key Found: HKCU\Software\IM
Key Found: HKCU\Software\Reg\Clean
Key Found: HKCU\Software\Softonic
Key Found: HKCU\Software\Yahoo\Companion
Key Found: HKCU\Software\Yahoo\YFriendsBar
Key Found: HKCU\Software\systweak
Key Found: HKCU\Software\INSTALLPATH\STATUS
Key Found: HKCU\Software\AppDataLow\Software\SpeeditUp
Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKLM\SOFTWARE\AVG Security Toolbar
Key Found: HKLM\SOFTWARE\Conduit
Key Found: HKLM\SOFTWARE\Reg\Clean
Key Found: HKLM\SOFTWARE\Yahoo\Companion
Key Found: HKLM\SOFTWARE\systweak
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Value Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found: HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Key Found: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Key Found: HKLM\SOFTWARE\Classes\s
Key Found: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Value Found: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
Value Found: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
Value Found: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
Value Found: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "CT3313051.originalSearchEngine" - "AVG Secure Search"
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "CT3313051.originalSearchEngineName" - "AVG Secure Search"
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "Smartbar.ConduitHomepagesList" - "hxxp://search.conduit.com/?ctid=CT3313051&octid=CT3313051&SearchSource=61&CUI=UN
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "browser.search.defaultthis.engineName" - "KeyBar 2.3 Customized Web Search"
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "browser.search.selectedEngine" - "AVG Secure Search"
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "smartbar.addressBarOwnerCTID" - "CT3313051"
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "smartbar.conduitHomepageList" - "hxxp://search.conduit.com/?ctid=CT3313051&CUI=UN40830202942769147&UM=2&SearchSour
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "smartbar.conduitSearchAddressUrlList" - "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3313051&SearchSource=2&C
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "smartbar.defaultSearchOwnerCTID" - "CT3313051"
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "smartbar.homePageOwnerCTID" - "CT3313051"
Firefox pref Found: [C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\prefs.js] - "smartbar.originalHomepage" - "hxxp://search.conduit.com/?ctid=CT3313051&CUI=UN40830202942769147&UM=2&SearchSource=
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.aol.com
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - Ask.com - What's Your Question?
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search_
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Web data] - mpc safe search
Chrome pref Found: [C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - search.mpc.am

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [27449 Bytes] - [11/09/2016 1933]
C:\AdwCleaner\AdwCleaner[S1].txt - [27523 Bytes] - [11/09/2016 19:11:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [27299 Bytes] - [12/09/2016 18:20:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [27373 Bytes] ##########



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by King (administrator) on KING-THINK (12-09-2016 21:08:42)
Running from C:\Users\King\Desktop
Loaded Profiles: King (Available Profiles: King)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
() C:\Program Files\NZBDrive\dokanx_mount.exe
(CREDANT Technologies, Inc.) C:\Windows\System32\EmsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(CREDANT Technologies, Inc.) C:\Windows\System32\EmsServiceHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\King\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\King\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Users\King\Desktop\AdwCleaner.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [EmsService] => C:\WINDOWS\system32\EmsServiceHelper.exe [1451072 2013-05-10] (CREDANT Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2016-05-30] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-03-15] ()
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [211880 2012-11-02] (SecureW2 B.V.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Dropbox Update] => C:\Users\King\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\MountPoints2: {a6bbdb33-f616-11e4-a130-3c970eac0205} - "D:\VZW_Software_upgrade_assistant.exe"
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\King\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\King\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\King\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\King\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\King\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\King\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\King\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-09-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-10]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\King\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{98bff00c-bb80-4b13-9b96-7b50f97f6435}: [DhcpNameServer] 75.75.75.75 75.75.76.76
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vcu.edu/
URLSearchHook: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 -> DefaultScope {2BD53C34-BD3F-4F12-8093-FDE6785BCD06} URL =
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS556
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1B4ECF73-9BAC-40B8-BBF6-79DE00D3EE25}&mid=df1ea1156fdf47d3ae35693f794a25c4-466240adece26322b00316ef50fbcc29471beada&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-02-05 10:34:18&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-12-30] (DVDVideoSoft Ltd.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll [2016-03-15] (AVG Secure Search)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-04-14] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-08-07] (DVDVideoSoft Ltd.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll [2016-03-15] (AVG Secure Search)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-15] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://www.vcu.edu/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-03-03] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\King\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-07-14] (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-01-26]
FF Extension: (Firefox Hotfix) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\Extensions\[email protected] [2016-09-08]
FF Extension: (Video DownloadHelper) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\4sjaa6d3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2014-09-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-01-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwe[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: (Free Download Manager plugin) - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-04-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://vcu.edu/
CHR StartupUrls: Default -> "search.mpc.am"
CHR Profile: C:\Users\King\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 DokanMounter; C:\Program Files\NZBDrive\dokanx_mount.exe [78336 2014-01-10] () [File not signed]
R2 EMS; C:\WINDOWS\system32\EMSService.exe [1947200 2013-05-10] (CREDANT Technologies, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-03-03] (Nitro PDF Software)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-03-03] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [106920 2012-11-02] (SecureW2 B.V.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 vToolbarUpdater19.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe [1888328 2016-03-15] (AVG Secure Search)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R0 CmgPCS; C:\Windows\System32\DRIVERS\CmgPCS.sys [144168 2013-05-10] (CREDANT Technologies, Inc.)
R0 CmgShieldCEF; C:\Windows\System32\DRIVERS\CMGShCEF.sys [381224 2013-05-10] (CREDANT Technologies, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R2 Dokan; C:\Windows\system32\drivers\dokanx.sys [55208 2014-01-10] ()
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2016-09-08] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2016-09-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012056 2016-09-08] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [50008 2016-09-08] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
U0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [223528 2016-08-23] (AO Kaspersky Lab)
U3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252560 2016-08-24] (AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112336 2016-08-24] (AO Kaspersky Lab)
U3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [167904 2016-08-23] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [127896 2016-09-08] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-08-07] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\system32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-12 21:08 - 2016-09-12 21:09 - 00036652 _____ C:\Users\King\Desktop\FRST.txt
2016-09-12 21:08 - 2016-09-12 21:08 - 00000000 ____D C:\FRST
2016-09-12 21:04 - 2016-09-12 21:05 - 00000000 ____D C:\WINDOWS\Panther
2016-09-12 21:04 - 2016-09-12 21:04 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-12 18:18 - 2016-09-12 21:07 - 02398720 _____ (Farbar) C:\Users\King\Desktop\FRST64.exe
2016-09-11 19:12 - 2016-09-11 19:12 - 00196444 _____ C:\WINDOWS\Minidump\091116-8406-01.dmp
2016-09-11 19:08 - 2016-09-11 19:08 - 00249012 _____ C:\WINDOWS\Minidump\091116-16671-01.dmp
2016-09-11 19:04 - 2016-09-12 18:20 - 00000000 ____D C:\AdwCleaner
2016-09-11 19:03 - 2016-09-11 19:04 - 03826240 _____ C:\Users\King\Desktop\AdwCleaner.exe
2016-09-10 22:18 - 2016-09-10 22:18 - 00048356 _____ C:\Users\King\Desktop\dds.txt
2016-09-10 22:18 - 2016-09-10 22:18 - 00012881 _____ C:\Users\King\Desktop\attach.txt
2016-09-10 22:14 - 2016-09-10 22:17 - 00688992 ____R (Swearware) C:\Users\King\Desktop\dds.scr
2016-09-10 03:47 - 2016-09-10 14:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-10 03:47 - 2016-09-10 10:33 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-10 03:47 - 2016-09-10 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-10 03:47 - 2016-09-10 03:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-10 03:47 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-10 03:47 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-10 03:47 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-10 03:46 - 2016-09-10 03:47 - 22851472 _____ (Malwarebytes ) C:\Users\King\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-08 03:18 - 2016-09-08 03:18 - 00304732 _____ C:\WINDOWS\Minidump\090816-13390-01.dmp
2016-09-06 22:41 - 2016-09-06 22:41 - 00002153 ____R C:\Users\Public\Desktop\Dоwnlоаd iЕхplоrеr 3.9....lnk
2016-09-05 19:20 - 2016-09-11 19:29 - 00003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-09-05 19:03 - 2016-09-05 19:03 - 00300132 _____ C:\WINDOWS\Minidump\090516-10703-01.dmp
2016-09-03 04:44 - 2016-09-11 19:12 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-03 04:44 - 2016-09-03 04:45 - 00307500 _____ C:\WINDOWS\Minidump\090316-9437-01.dmp
2016-09-02 19:21 - 2016-09-02 19:21 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-01 09:21 - 2016-09-01 18:25 - 00000000 ____D C:\Users\King\Desktop\Bonnie's Retirement Party Pictures
2016-08-28 10:32 - 2016-08-28 10:32 - 00013312 _____ C:\Users\King\Desktop\C120 PowerPoint presentation - Ungodly Attitudes.ppt
2016-08-28 08:50 - 2016-08-28 08:50 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-28 08:49 - 2016-08-28 08:49 - 00000000 ____D C:\Users\King\AppData\Roaming\Skype
2016-08-24 21:51 - 2016-09-06 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-24 05:23 - 2016-08-24 05:23 - 00252560 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2016-08-24 05:21 - 2016-08-24 05:21 - 00112336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2016-08-23 05:09 - 2016-08-23 05:09 - 00223528 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2016-08-23 05:09 - 2016-08-23 05:09 - 00167904 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2016-08-15 19:55 - 2016-08-15 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-12 21:04 - 2016-05-30 23:41 - 17301504 ____S C:\WINDOWS\system32\config\SYSTEM.CB1
2016-09-12 20:51 - 2016-05-30 23:41 - 17301504 ____S C:\WINDOWS\system32\config\SYSTEM.CB2
2016-09-12 20:39 - 2016-05-30 23:41 - 17301504 ____S C:\WINDOWS\system32\config\SYSTEM.CB3
2016-09-12 20:23 - 2016-05-10 20:12 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1ab19d340ffd5.job
2016-09-12 19:48 - 2016-08-10 18:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-12 18:23 - 2016-05-10 20:12 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1ab19d322f014.job
2016-09-12 17:19 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-12 17:19 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-11 19:17 - 2016-05-30 23:19 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-11 19:17 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-11 19:15 - 2016-06-11 13:36 - 00000000 ____D C:\Users\King\AppData\Roaming\Nitro
2016-09-11 19:15 - 2013-10-04 07:40 - 00000000 ____D C:\Users\King\AppData\Roaming\Nitro PDF
2016-09-11 19:13 - 2014-05-02 16:47 - 00000000 ___RD C:\Users\King\Dropbox
2016-09-11 19:12 - 2016-05-31 07:49 - 00000000 __SHD C:\Users\King\IntelGraphicsProfiles
2016-09-11 19:12 - 2016-02-13 09:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-11 19:08 - 2016-05-30 23:20 - 00000000 ____D C:\Users\King
2016-09-11 19:01 - 2014-12-26 14:47 - 00000000 ____D C:\Users\King\AppData\Roaming\uTorrent
2016-09-10 22:16 - 2016-06-07 17:31 - 00000000 ___RD C:\Users\King\iCloudDrive
2016-09-10 10:35 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-10 10:34 - 2016-06-11 13:35 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 10.lnk
2016-09-10 10:34 - 2016-05-31 07:52 - 00002410 _____ C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-10 10:34 - 2016-05-30 23:23 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-10 10:34 - 2015-10-30 03:19 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-09-10 10:34 - 2015-10-30 03:19 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-09-10 10:34 - 2015-10-30 03:19 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2016-09-10 10:34 - 2015-10-30 03:18 - 00001590 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-09-10 10:34 - 2015-10-30 03:18 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2016-09-10 10:34 - 2015-10-30 03:17 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-09-10 10:34 - 2014-03-14 15:58 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-10 10:34 - 2014-02-08 18:01 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-09-10 10:34 - 2013-10-11 19:58 - 00000000 ____D C:\Users\King\AppData\Roaming\vlc
2016-09-10 10:34 - 2013-07-05 20:37 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-09-10 10:34 - 2013-07-05 20:35 - 00002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 7.lnk
2016-09-10 10:34 - 2013-07-05 20:35 - 00002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIP Access.lnk
2016-09-10 10:34 - 2013-07-05 20:35 - 00002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Device Experience.lnk
2016-09-10 10:34 - 2013-07-05 20:35 - 00002022 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
2016-09-10 10:34 - 2013-07-05 20:34 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-09-10 10:34 - 2013-07-05 20:34 - 00001469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-09-10 10:34 - 2013-07-05 20:34 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-09-10 10:34 - 2013-07-05 20:34 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-09-10 10:34 - 2013-07-05 20:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-09-10 10:33 - 2016-08-10 18:30 - 00001452 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-09-10 10:33 - 2016-08-10 18:29 - 00002351 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-09-10 10:33 - 2016-08-10 18:29 - 00002327 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-09-10 10:33 - 2016-08-08 18:17 - 00001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-10 10:33 - 2016-07-02 11:36 - 00001250 _____ C:\Users\Public\Desktop\WD Security.lnk
2016-09-10 10:33 - 2016-07-02 11:36 - 00001195 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2016-09-10 10:33 - 2016-07-02 11:35 - 00002231 _____ C:\Users\Public\Desktop\WD Backup.lnk
2016-09-10 10:33 - 2016-06-29 02:14 - 00001442 _____ C:\Users\King\Desktop\CopyTrans Control Center.lnk
2016-09-10 10:33 - 2016-06-11 13:35 - 00002005 _____ C:\Users\Public\Desktop\Nitro Pro 10.lnk
2016-09-10 10:33 - 2016-02-28 09:12 - 00002009 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-09-10 10:33 - 2016-02-13 14:50 - 00001996 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-09-10 10:33 - 2016-01-24 14:31 - 00002181 _____ C:\Users\Public\Desktop\HP ENVY 4520 series.lnk
2016-09-10 10:33 - 2016-01-24 14:31 - 00001996 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-09-10 10:33 - 2016-01-24 14:31 - 00001143 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4520 series.lnk
2016-09-10 10:33 - 2015-04-22 18:41 - 00001078 _____ C:\Users\King\Desktop\Free Download Manager.lnk
2016-09-10 10:33 - 2015-03-12 18:31 - 00002711 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2016-09-10 10:33 - 2015-02-09 03:45 - 00001832 _____ C:\Users\King\Desktop\MagicISO.lnk
2016-09-10 10:33 - 2014-12-15 16:22 - 00001234 _____ C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Free Video Joiner.lnk
2016-09-10 10:33 - 2014-12-15 16:22 - 00001210 _____ C:\Users\King\Desktop\Free Video Joiner.lnk
2016-09-10 10:33 - 2014-11-25 20:22 - 00001078 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 8.5.lnk
2016-09-10 10:33 - 2014-08-30 10:21 - 00000876 _____ C:\Users\Public\Desktop\NZBDrive.lnk
2016-09-10 10:33 - 2014-08-16 13:07 - 00002429 _____ C:\Users\King\Desktop\Adobe Reader X.lnk
2016-09-10 10:33 - 2014-05-02 16:47 - 00001028 _____ C:\Users\King\Desktop\Dropbox.lnk
2016-09-10 10:33 - 2014-03-07 17:39 - 00001210 _____ C:\Users\King\Desktop\Any Video Converter.lnk
2016-09-10 10:33 - 2014-02-08 18:01 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-09-10 10:33 - 2014-02-08 18:01 - 00001320 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2016-09-10 10:33 - 2013-11-08 13:49 - 00001966 _____ C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\PowerZip.lnk
2016-09-10 10:33 - 2013-11-08 13:49 - 00001942 _____ C:\Users\King\Desktop\PowerZip.lnk
2016-09-10 10:33 - 2013-11-06 11:06 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2016-09-10 10:33 - 2013-11-06 11:06 - 00001060 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-09-10 10:33 - 2013-10-31 08:57 - 00001441 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2016-09-10 10:33 - 2013-10-31 08:57 - 00001244 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2016-09-10 10:33 - 2013-10-20 15:49 - 00002058 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-09-10 10:33 - 2013-10-11 19:58 - 00001144 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-10 10:33 - 2013-10-02 01:31 - 00001531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo App Shop.lnk
2016-09-10 10:33 - 2013-07-05 20:35 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo Solutions for Small Business Installer.lnk
2016-09-10 10:33 - 2013-07-05 20:31 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Free Skype voice and video calls.lnk
2016-09-10 10:33 - 2013-07-05 20:31 - 00001430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Splashtop.lnk
2016-09-10 10:24 - 2016-04-18 19:18 - 00000000 ____D C:\Program Files (x86)\0914A881-1461007099-11CB-8588-C08BBDD41045
2016-09-10 10:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Vss
2016-09-10 08:51 - 2014-12-26 14:47 - 00000000 ____D C:\ProgramData\APN
2016-09-10 00:02 - 2016-05-31 07:49 - 00000000 ____D C:\Users\King\AppData\Local\Packages
2016-09-08 04:44 - 2016-08-10 18:29 - 01012056 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-09-08 04:44 - 2016-08-10 18:29 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-09-08 04:44 - 2016-06-20 23:41 - 00050008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-09-08 04:44 - 2016-06-02 22:39 - 00127896 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2016-09-07 23:23 - 2016-05-28 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2016-09-07 23:23 - 2014-10-02 20:49 - 00000000 ____D C:\Program Files (x86)\iExplorer
2016-09-06 22:54 - 2016-06-29 02:14 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2016-09-06 22:43 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-06 22:42 - 2015-03-30 17:02 - 00002290 ____R C:\Users\King\Desktop\Gооglе Сhrоmе.lnk
2016-09-06 22:42 - 2014-12-23 16:25 - 00000000 ____D C:\Users\King\Desktop\Blogs
2016-09-06 22:42 - 2013-10-03 18:53 - 00002039 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-09-06 22:42 - 2013-07-05 20:32 - 00002302 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-09-05 21:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-09-05 19:58 - 2014-11-06 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-09-05 19:20 - 2016-08-10 18:29 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-03 04:44 - 2013-10-03 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 19:21 - 2014-05-02 16:46 - 00000000 ____D C:\Users\King\AppData\Roaming\Dropbox
2016-09-01 18:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 18:52 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-28 08:50 - 2016-05-31 07:52 - 00000000 ___RD C:\Users\King\OneDrive
2016-08-15 19:55 - 2015-12-06 13:55 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== Files in the root of some directories =======

2013-10-20 16:16 - 2014-06-24 18:15 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-07-30 19:30 - 2015-07-30 19:30 - 0003584 _____ () C:\Users\King\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-24 14:25 - 2016-01-24 14:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-08 18:00 - 2014-02-08 18:09 - 0001672 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\King\appnimi-zip-password-unlocker.dat


Some files in TEMP:
====================
C:\Users\King\AppData\Local\Temp\iExplorer_Setup_39110.exe
C:\Users\King\AppData\Local\Temp\libeay32.dll
C:\Users\King\AppData\Local\Temp\msvcr120.dll
C:\Users\King\AppData\Local\Temp\sqlite3.dll
C:\Users\King\AppData\Local\Temp\vlc-2.2.4-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-12 18:26

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (73.5 KB, 35 views)
hbkvcu is offline  
Old 09-13-2016, 12:14 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
    Task: {039F26F9-666A-4C62-86B5-8D6BE53F6CCD} - \PMTask -> No File <==== ATTENTION
    Task: {0BCFE06F-62B6-4027-98F0-E62E97502E4F} - \Lenovo\SimpleTap\Start SimpleTap for King-THINK.King -> No File <==== ATTENTION
    Task: {3ADB85DE-92BE-46EE-8EE2-3BE050B70AD8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {456AC1A5-1CD6-4E60-8F8B-FA839A4C5D03} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {55B71C22-1056-45B8-8744-750FB357D679} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {6E3C48B3-72D4-485B-8AD6-999E4A4C3AC8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {759D8AA0-6AB2-41DE-8B0C-6CE92F767D94} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {7A95B3CE-ADCD-4AB8-BB26-99EDEE92F0DC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {91E79088-C518-4A1E-880B-3F37563A0ACC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {964A1A36-E180-4943-A1CA-B2E163001E14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A6CD0F2D-6270-42F6-B682-D08DEBD6421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B0369DEB-3160-494F-9C4B-2966C2C9055E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {C85BF878-CA58-489D-8722-4F553223B400} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {CD9E50D5-B22B-44F8-B3C9-1B3E93C77C34} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {E5AE0BE9-F46B-44C5-B262-DDC51CE8F9D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EF1877A6-CF62-4E2A-8E67-44850576E6DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {F608FF24-791E-47BA-9B78-758D23A9719D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Shortcut: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-03-15] ()
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\MountPoints2: {a6bbdb33-f616-11e4-a130-3c970eac0205} - "D:\VZW_Software_upgrade_assistant.exe"
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    SearchScopes: HKLM-x32 -> DefaultScope {2BD53C34-BD3F-4F12-8093-FDE6785BCD06} URL =
    SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1B4ECF73-9BAC-40B8-BBF6-79DE00D3EE25}&mid=df1ea1156fdf47d3ae35693f794a25c4-466240adece26322b00316ef50fbcc29471beada&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-02-05 10:34:18&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll [2016-03-15] (AVG Secure Search)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll [2016-03-15] (AVG Secure Search)
    Toolbar: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-15] (AVG Secure Search)
    FF SelectedSearchEngine: AVG Secure Search
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-01-26]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
    CHR StartupUrls: Default -> "search.mpc.am"
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    R2 vToolbarUpdater19.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe [1888328 2016-03-15] (AVG Secure Search)
    U3 idsvc; no ImagePath
    U3 wpcsvc; no ImagePath
    2016-09-11 19:01 - 2014-12-26 14:47 - 00000000 ____D C:\Users\King\AppData\Roaming\uTorrent
    2013-10-20 16:16 - 2014-06-24 18:15 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    C:\Users\King\appnimi-zip-password-unlocker.dat
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-13-2016, 03:53 PM   #7
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

Here are the results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by King (13-09-2016 18:26:38) Run:1
Running from C:\Users\King\Desktop
Loaded Profiles: King (Available Profiles: King)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Task: {039F26F9-666A-4C62-86B5-8D6BE53F6CCD} - \PMTask -> No File <==== ATTENTION
Task: {0BCFE06F-62B6-4027-98F0-E62E97502E4F} - \Lenovo\SimpleTap\Start SimpleTap for King-THINK.King -> No File <==== ATTENTION
Task: {3ADB85DE-92BE-46EE-8EE2-3BE050B70AD8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {456AC1A5-1CD6-4E60-8F8B-FA839A4C5D03} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {55B71C22-1056-45B8-8744-750FB357D679} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6E3C48B3-72D4-485B-8AD6-999E4A4C3AC8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {759D8AA0-6AB2-41DE-8B0C-6CE92F767D94} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7A95B3CE-ADCD-4AB8-BB26-99EDEE92F0DC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {91E79088-C518-4A1E-880B-3F37563A0ACC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {964A1A36-E180-4943-A1CA-B2E163001E14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A6CD0F2D-6270-42F6-B682-D08DEBD6421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B0369DEB-3160-494F-9C4B-2966C2C9055E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C85BF878-CA58-489D-8722-4F553223B400} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CD9E50D5-B22B-44F8-B3C9-1B3E93C77C34} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E5AE0BE9-F46B-44C5-B262-DDC51CE8F9D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EF1877A6-CF62-4E2A-8E67-44850576E6DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F608FF24-791E-47BA-9B78-758D23A9719D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Shortcut: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-03-15] ()
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\MountPoints2: {a6bbdb33-f616-11e4-a130-3c970eac0205} - "D:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {2BD53C34-BD3F-4F12-8093-FDE6785BCD06} URL =
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1B4ECF73-9BAC-40B8-BBF6-79DE00D3EE25}&mid=df1ea1156fdf47d3ae35693f794a25c4-466240adece26322b00316ef50fbcc29471beada&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-02-05 10:34:18&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll [2016-03-15] (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.3.0.491\AVG SafeGuard toolbar_toolbar.dll [2016-03-15] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-15] (AVG Secure Search)
FF SelectedSearchEngine: AVG Secure Search
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
CHR StartupUrls: Default -> "search.mpc.am"
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
R2 vToolbarUpdater19.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe [1888328 2016-03-15] (AVG Secure Search)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2016-09-11 19:01 - 2014-12-26 14:47 - 00000000 ____D C:\Users\King\AppData\Roaming\uTorrent
2013-10-20 16:16 - 2014-06-24 18:15 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
C:\Users\King\appnimi-zip-password-unlocker.dat
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{039F26F9-666A-4C62-86B5-8D6BE53F6CCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{039F26F9-666A-4C62-86B5-8D6BE53F6CCD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PMTask => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BCFE06F-62B6-4027-98F0-E62E97502E4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BCFE06F-62B6-4027-98F0-E62E97502E4F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\SimpleTap\Start SimpleTap for King-THINK.King => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ADB85DE-92BE-46EE-8EE2-3BE050B70AD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ADB85DE-92BE-46EE-8EE2-3BE050B70AD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{456AC1A5-1CD6-4E60-8F8B-FA839A4C5D03}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{456AC1A5-1CD6-4E60-8F8B-FA839A4C5D03}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55B71C22-1056-45B8-8744-750FB357D679}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B71C22-1056-45B8-8744-750FB357D679}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E3C48B3-72D4-485B-8AD6-999E4A4C3AC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E3C48B3-72D4-485B-8AD6-999E4A4C3AC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{759D8AA0-6AB2-41DE-8B0C-6CE92F767D94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{759D8AA0-6AB2-41DE-8B0C-6CE92F767D94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A95B3CE-ADCD-4AB8-BB26-99EDEE92F0DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A95B3CE-ADCD-4AB8-BB26-99EDEE92F0DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91E79088-C518-4A1E-880B-3F37563A0ACC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91E79088-C518-4A1E-880B-3F37563A0ACC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{964A1A36-E180-4943-A1CA-B2E163001E14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{964A1A36-E180-4943-A1CA-B2E163001E14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6CD0F2D-6270-42F6-B682-D08DEBD6421F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6CD0F2D-6270-42F6-B682-D08DEBD6421F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0369DEB-3160-494F-9C4B-2966C2C9055E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0369DEB-3160-494F-9C4B-2966C2C9055E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C85BF878-CA58-489D-8722-4F553223B400}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C85BF878-CA58-489D-8722-4F553223B400}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD9E50D5-B22B-44F8-B3C9-1B3E93C77C34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD9E50D5-B22B-44F8-B3C9-1B3E93C77C34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5AE0BE9-F46B-44C5-B262-DDC51CE8F9D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5AE0BE9-F46B-44C5-B262-DDC51CE8F9D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF1877A6-CF62-4E2A-8E67-44850576E6DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF1877A6-CF62-4E2A-8E67-44850576E6DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F608FF24-791E-47BA-9B78-758D23A9719D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F608FF24-791E-47BA-9B78-758D23A9719D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Could not move.
[3752] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6bbdb33-f616-11e4-a130-3c970eac0205} => key not found.
HKCR\CLSID\{a6bbdb33-f616-11e4-a130-3c970eac0205} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2970618455-2416495435-628044530-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib" => key removed successfully
vToolbarUpdater19.3.0 => service removed successfully
idsvc => service removed successfully
wpcsvc => service not found.
C:\Users\King\AppData\Roaming\uTorrent => moved successfully
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
C:\Users\King\appnimi-zip-password-unlocker.dat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12546004 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 16314969 B
Edge => 8458889 B
Chrome => 101511680 B
Firefox => 26159141 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1153540 B
NetworkService => 0 B
King => 11602536 B

RecycleBin => 0 B
EmptyTemp: => 169.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:27:13 ====
hbkvcu is offline  
Old 09-13-2016, 07:42 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. I'm not seeing why you would get a blue screen after running Clean with AdwCleaner.

Were you been getting blue screens before running AdwCleaner? Try AdwCleaner again running Scan then Clean and see if it completes this time.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-13-2016, 11:07 PM   #9
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

I had not been getting blue screens before. I just ran ADWCleaner and it gave me the same message "Your PC ran into some issues and needs to restart"..

Thanks !!
hbkvcu is offline  
Old 09-14-2016, 07:38 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. You're welcome.

Weird. We'll move on. Any other remaining problems? Is Firefox back to normal?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 91 can be updated from the Java Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > > (Programs) ) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-18-2016, 01:03 AM   #11
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

Answering your questions in the order you sent it...

Before performing your recommendations...Firefox still does not come up with my homepage...

Below are the results of running Malwarebytes...When I ran ESET Online Scanner, it almost came to the end and then I got the message which I have attached as a jpeg....I tried over 3 times and it still gave me the message...I look forward to your next reply...Thanks !!!



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/15/2016
Scan Time: 8:09 PM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.15.11
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: King

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329933
Time Elapsed: 7 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Attached Thumbnails
Click image for larger version

Name:	Image.jpg
Views:	72
Size:	27.3 KB
ID:	292697  
hbkvcu is offline  
Old 09-18-2016, 01:06 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. You're very welcome.

For some reason, ESET Online Scanner isn't finishing on some Win10 machines.

Did ESET detect anything before it stopped working?

------------------------------------------------------

I'm not seeing the cause of the FF issue directly. Virginia Commonwealth University (VCU) is set as your homepage:

Quote:
FF Homepage: hxxp://www.vcu.edu/
What happens if you change your Homepage to google.com? Any joy?

What happens if you change it back to Virginia Commonwealth University (VCU) Any joy?

If not, you could reset FF to default settings, since your preferred browser is Edge:

https://support.mozilla.org/en-US/kb...s-fix-problems

Any joy?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2016, 03:07 PM   #13
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

I believe ESET detected something after the first attempt to scan before it crashed...but after I tried it again, I believe there was nothing detected...

I reset Firefox to default settings..and it looks like it came back up ok...

Look forward to hearing from you !!
hbkvcu is offline  
Old 09-20-2016, 04:00 PM   #14
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



False alarm...

I had to do a restart on my computer...and when I brought back Firefox back up...it gave me that same screen that I originally showed you...

Sorry about that...
hbkvcu is offline  
Old 09-21-2016, 06:31 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. I'm stumped as to why FF is opening its own programfiles folder.

Let's rip the whole thing out and start over. You will lose all bookmarks, passwords, etc.

Download the Firefox installer and save it to your desktop:

https://www.mozilla.org/en-US/firefox/new/?scene=2

Uninstall Firefox via Programs and Features in your Control Panel.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\King\AppData\Local\Mozilla\Firefox"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Reboot your computer. Re-install Firefox using the installer you downloaded earlier.

Is Firefox OK now?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-22-2016, 04:58 PM   #16
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

I performed all the steps and restarted the computer...When I brought up Firefox, it looks fine....

Should I restart the computer a few more times to see if it truly works?

Thanks !!
hbkvcu is offline  
Old 09-23-2016, 08:41 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome. Yes. Let me know and I will give you some final instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-24-2016, 12:17 PM   #18
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist !!

As of today...Firefox works fine !!

Let me know the next steps...

Thanks !!
hbkvcu is offline  
Old 09-24-2016, 09:41 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-25-2016, 07:11 PM   #20
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist,

Everything is back to normal...I have completed all the steps...

Thanks a bunch !! I appreciate it !!
hbkvcu is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:14 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts