Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Ransomware popup and redirect

This is a discussion on Ransomware popup and redirect within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I have an HP TPN-126 with Windows 10 OS. From Mozilla Firefox browser I clicked on a link that


 
 
Thread Tools Search this Thread
Old 02-23-2017, 09:04 PM   #1
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 10



Hello,

I have an HP TPN-126 with Windows 10 OS. From Mozilla Firefox browser I clicked on a link that redirected me to a fake Microsoft site, which led to a popup window with audio alert advising that porn had been downloaded to my computer and advising that if I didn't provide credit information this porn activity would be reported to authorities.

I have used Malwarebytes in the past, so I did run it, and it uncovered a threat that is quarantined. It was not the problem, as reopening Mozilla resulted in the same behavior as prior.

I can't close the Mozilla windows and have to resort to shutting down my computer. I used Edge to get to your website, and I see no strange behavior from this browser.

I am not well versed in computer lingo, so I am hoping for little patience with questions I might have; but I sincerely want to thank you in advance for any assistance you can provide.

Cheer,
Amanogawa

_____________________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Pat at 12:41:25 on 2017-02-24
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.7113.4269 [GMT 8:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\windows\system32\mfevtps.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\EscSvc64.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\windows\system32\mfevtps.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\AMD\CNext\CNext\cnext.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Pat\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [OneDrive] "C:\Users\Pat\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series"
mRun: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
mRun: [HPRadioMgr] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
mRun: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
dRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.188.1
TCP: Interfaces\{f2c7b628-a719-4b1c-b47c-8d291840eb9e} : DHCPNameServer = 192.168.188.1
TCP: Interfaces\{f2c7b628-a719-4b1c-b47c-8d291840eb9e}\64F6E60275966496 : DHCPNameServer = 192.168.182.100 192.168.182.200
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [StartCN] "c:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\idozv06u.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2016-9-20 73976]
R0 amdpsp;AMD PSP Service;C:\WINDOWS\System32\drivers\amdpsp.sys [2016-9-20 277240]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2017-1-19 48992]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2016-9-20 916432]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2016-9-20 254800]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-1-19 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-1-19 227328]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2017-2-24 309784]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2017-2-24 32088]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2017-2-24 991496]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2017-2-24 547904]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-2-24 77416]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2016-3-27 138752]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-9-20 249344]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2017-2-24 126088]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2017-2-24 162528]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-2-24 262736]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_ccd2a;CDPUserSvc_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-4-16 3699904]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-1-4 144560]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-12-22 349728]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-21 31776]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [2016-1-12 606224]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-2-24 176584]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-2-24 4355024]
R2 McAPExe;McAfee AP Service;C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe [2017-2-12 989632]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2016-9-20 383032]
R2 OneSyncSvc_ccd2a;Sync Host_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2016-9-20 389896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-9-20 310016]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-8-19 266872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-1-19 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2016-8-4 3732896]
R3 AmdAS4;AmdAS4 service;C:\WINDOWS\System32\drivers\AmdAS4.sys [2016-9-20 27384]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-2-24 7142136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2016-9-20 111120]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-10-15 250624]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-2-24 110536]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-2-24 43968]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-2-24 251848]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-2-24 91584]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2016-9-20 484576]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2016-9-20 366320]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2016-9-20 241040]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2016-9-20 518184]
R3 mfeplk;McAfee Inc. mfeplk;C:\WINDOWS\System32\drivers\mfeplk.sys [2016-9-9 110248]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2016-9-20 342768]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2016-9-13 7308560]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-9-20 935168]
R3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2016-9-20 68728]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-1-19 719360]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2015-8-13 30544]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2016-9-20 85048]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-4-16 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 HomeNetSvc;McAfee Home Network;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S2 mccspsvc;McAfee CSP Service;"C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe" --> C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [?]
S2 mcpltsvc;McAfee Platform Services;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S2 tbaseprovisioning;tbaseprovisioning;C:\Windows\SysWOW64\tbaseprovisioning.exe [2016-9-20 54808]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 amdkmcsp;AMD Kernel Mode CSP Service;C:\WINDOWS\System32\drivers\amdkmcsp.sys [2016-9-20 101112]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2017-2-24 38296]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-1-19 249856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-1-19 118272]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2016-9-20 88456]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClientAnalyticsService;ClientAnalyticsService;"C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" --> C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [?]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-4-16 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2015-12-22 209952]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 McAWFwk;McAfee Activation Service;C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe --> C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [?]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-1-19 64352]
S3 MessagingService_ccd2a;MessagingService_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-8-4 268704]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_ccd2a;Contact Data_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-9-20 413912]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-1-19 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-9-20 62568]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-1-19 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_ccd2a;User Data Storage_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_ccd2a;User Data Access_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_ccd2a;Windows Push Notifications User Service_ccd2a;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-1-19 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-1-19 43520]
S4 McOobeSv2;McAfee OOBE Service2;"C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [?]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-02-24 03:33:19 176584 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-02-24 03:33:16 91584 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-02-24 03:33:16 110536 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-02-24 03:33:08 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-02-24 03:33:00 251848 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-02-24 03:32:47 77416 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-02-24 03:32:40 -------- d-----w- C:\ProgramData\Malwarebytes
2017-02-24 03:32:40 -------- d-----w- C:\Program Files\Malwarebytes
2017-02-24 03:32:00 -------- d-----w- C:\Users\Pat\AppData\Local\Programs
2017-02-24 02:52:18 -------- d-----w- C:\Users\Pat\AppData\Local\Google
2017-02-24 02:50:01 32088 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2017-02-24 02:48:48 -------- d-----w- C:\ProgramData\SWCUTemp
2017-02-24 02:48:36 -------- d-----w- C:\Users\Pat\AppData\Roaming\AVAST Software
2017-02-24 02:48:07 -------- d-----w- C:\Program Files (x86)\Common Files\AV
2017-02-24 02:44:28 -------- d-----w- C:\Program Files\AVAST Software
2017-02-24 02:44:01 -------- d-----w- C:\ProgramData\AVAST Software
2017-02-16 03:12:31 -------- d-----w- C:\Users\Pat\AppData\Roaming\OpenOffice
2017-02-16 03:11:03 -------- d---a-w- C:\Program Files (x86)\OpenOffice 4
2017-01-31 02:31:01 -------- d-----w- C:\ProgramData\AMD
2017-01-25 08:01:25 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 08:01:25 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
.
==================== Find3M ====================
.
2017-02-24 02:48:10 337080 ----a-w- C:\WINDOWS\System32\drivers\aswvmm.sys
2017-02-24 02:47:01 74680 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2017-02-24 02:47:01 38296 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2017-02-24 02:47:01 162528 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2017-02-24 02:47:01 126088 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2017-02-24 02:47:00 100640 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2017-02-24 02:46:03 991496 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2017-02-24 02:45:35 48528 ----a-w- C:\WINDOWS\System32\drivers\aswbuniva.sys
2017-02-24 02:45:34 334600 ----a-w- C:\WINDOWS\System32\drivers\aswbloga.sys
2017-02-24 02:45:34 309784 ----a-w- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys
2017-02-24 02:45:34 189768 ----a-w- C:\WINDOWS\System32\drivers\aswbidsha.sys
2017-02-15 03:13:29 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2017-02-06 19:48:07 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-01-19 08:40:58 983040 ----a-w- C:\WINDOWS\System32\RemoteNaturalLanguage.dll
2017-01-19 08:20:24 55296 ----a-w- C:\WINDOWS\System32\admwprox.dll
2017-01-19 08:20:24 53248 ----a-w- C:\WINDOWS\System32\ahadmin.dll
2017-01-19 08:20:24 203776 ----a-w- C:\WINDOWS\System32\iisRtl.dll
2017-01-19 08:20:24 19456 ----a-w- C:\WINDOWS\System32\iisreset.exe
2017-01-19 08:20:24 15360 ----a-w- C:\WINDOWS\System32\wamregps.dll
2017-01-19 08:20:24 13312 ----a-w- C:\WINDOWS\System32\iisrstap.dll
2017-01-19 08:20:22 50688 ----a-w- C:\WINDOWS\SysWow64\admwprox.dll
2017-01-19 08:20:22 26112 ----a-w- C:\WINDOWS\SysWow64\ahadmin.dll
2017-01-19 08:20:22 17408 ----a-w- C:\WINDOWS\SysWow64\iisreset.exe
2017-01-19 08:20:22 172032 ----a-w- C:\WINDOWS\SysWow64\iisRtl.dll
2017-01-19 08:20:22 11264 ----a-w- C:\WINDOWS\SysWow64\wamregps.dll
2017-01-19 08:20:22 10240 ----a-w- C:\WINDOWS\SysWow64\iisrstap.dll
2017-01-19 08:19:18 3753984 ----a-w- C:\WINDOWS\System32\bootux.dll
2017-01-19 08:19:17 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2017-01-18 16:59:06 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2017-01-18 16:58:41 96286 ----a-w- C:\WINDOWS\System32\drivers\rtkhdasetting.zip
2017-01-01 03:41:30 635904 ------w- C:\WINDOWS\SysWow64\mqsnap.dll
2017-01-01 03:41:30 14848 ------w- C:\WINDOWS\SysWow64\mqcertui.dll
.
============= FINISH: 12:43:50.47 ===============
Attached Files
File Type: txt attach.txt (7.3 KB, 18 views)
amanogawa is offline  
Sponsored Links
Advertisement
 
Old 02-24-2017, 10:43 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Avast and MBAM 3.0.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep, and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

You have remnants of McAfee on your system. Was McAfee a previous install?

Please download the McAfee Removal Tool MCPR.exe and Save it to your Desktop.
  • Close all programs and double-click MCPR.exe then click Run
  • Follow the on-screen instructions.
  • When finished, it will say 'CLEANUP SUCCESSFUL'.
  • Click 'Yes' to restart your computer.
  • Then delete MCPR.exe from your desktop.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-24-2017, 09:02 PM   #3
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 10



Hi Chemist,

Many, many thanks for your assistance. I've followed all steps in your advice. Below are the two text logs generated by: (1) Adware and (2) Farbar. Also attached is the Addition.txt file generated by FRST exe.

Very much appreciated.

Amanogawa

(1) Adware log

# AdwCleaner v6.043 - Logfile created 25/02/2017 at 12:30:01
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Pat - LAPTOP-7PTC14NK
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

(2) Farbar log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by Pat (administrator) on LAPTOP-7PTC14NK (25-02-2017 12:45:21)
Running from C:\Users\Pat\Desktop
Loaded Profiles: Pat (Available Profiles: Pat)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-26] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-12] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-24] (AVAST Software)
HKU\S-1-5-21-1088478279-1569145527-2312827182-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-24] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{f2c7b628-a719-4b1c-b47c-8d291840eb9e}: [DhcpNameServer] 192.168.188.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1088478279-1569145527-2312827182-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1088478279-1569145527-2312827182-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:
========
FF DefaultProfile: idozv06u.default
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\idozv06u.default [2017-02-25]
FF Extension: (ADB Helper) - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\idozv06u.default\Extensions\[email protected] [2017-02-19]
FF Extension: (Valence) - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\idozv06u.default\Extensions\[email protected] [2017-02-19]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\idozv06u.default\features\{9fe48cd8-b04b-4636-8875-ca51ec6312a1}\[email protected] [2017-02-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197.dll [2017-02-20] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-24] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Google Slides) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-24]
CHR Extension: (Google Docs) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-24]
CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-24]
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-24]
CHR Extension: (Google Sheets) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-24]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-27] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-24] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-24] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-01] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-12] (HP Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-26] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [54808 2016-04-03] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27384 2016-04-03] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101112 2016-04-03] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-04-03] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2016-04-03] (Advanced Micro Devices, Inc. )
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-24] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-24] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-24] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-24] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-24] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-24] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-24] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-24] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-04-03] (Advanced Micro Devices)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-07] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-26] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-02-26] (Realsil Semiconductor Corporation)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [68728 2016-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U1 aswbdisk; no ImagePath
S3 mfeplk; system32\drivers\mfeplk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 12:45 - 2017-02-25 12:45 - 00016923 _____ C:\Users\Pat\Desktop\FRST.txt
2017-02-25 12:45 - 2017-02-25 12:45 - 00000000 ____D C:\FRST
2017-02-25 12:43 - 2017-02-25 12:44 - 02423296 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2017-02-25 12:32 - 2017-02-25 12:32 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-25 12:26 - 2017-02-25 12:30 - 00000000 ____D C:\AdwCleaner
2017-02-25 12:25 - 2017-02-25 12:26 - 04015056 _____ C:\Users\Pat\Desktop\AdwCleaner.exe
2017-02-24 12:44 - 2017-02-24 12:44 - 00007515 _____ C:\Users\Pat\Desktop\attach.txt
2017-02-24 12:44 - 2017-02-24 12:43 - 00036865 _____ C:\Users\Pat\Desktop\dds.txt
2017-02-24 12:37 - 2017-02-24 12:38 - 00688992 ____R (Swearware) C:\Users\Pat\Desktop\dds.scr
2017-02-24 11:30 - 2017-02-24 11:31 - 55566792 _____ (Malwarebytes ) C:\Users\Pat\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-24 10:52 - 2017-02-24 11:41 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1487904726
2017-02-24 10:52 - 2017-02-24 11:41 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-24 10:52 - 2017-02-24 10:58 - 00000000 ____D C:\Users\Pat\AppData\Local\Google
2017-02-24 10:52 - 2017-02-24 10:52 - 00001095 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-24 10:51 - 2017-02-24 10:51 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-24 10:51 - 2017-02-24 10:51 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-24 10:50 - 2017-02-24 10:55 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-24 10:50 - 2017-02-24 10:55 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-24 10:50 - 2017-02-24 10:51 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-24 10:50 - 2017-02-24 10:50 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-24 10:48 - 2017-02-24 10:48 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-24 10:48 - 2017-02-24 10:48 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-24 10:48 - 2017-02-24 10:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-24 10:48 - 2017-02-24 10:48 - 00000000 ____D C:\Users\Pat\AppData\Roaming\AVAST Software
2017-02-24 10:47 - 2017-02-24 10:48 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-24 10:47 - 2017-02-24 10:47 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-24 10:47 - 2017-02-24 10:47 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-24 10:47 - 2017-02-24 10:47 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-24 10:47 - 2017-02-24 10:47 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-24 10:47 - 2017-02-24 10:47 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-24 10:47 - 2017-02-24 10:47 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-24 10:47 - 2017-02-24 10:47 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-24 10:47 - 2017-02-24 10:47 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-24 10:47 - 2017-02-24 10:46 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-24 10:47 - 2017-02-24 10:45 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-24 10:47 - 2017-02-24 10:45 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-24 10:47 - 2017-02-24 10:45 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-24 10:47 - 2017-02-24 10:45 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-24 10:44 - 2017-02-24 11:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-24 10:44 - 2017-02-24 10:49 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-24 10:43 - 2017-02-24 10:43 - 06655184 _____ (AVAST Software) C:\Users\Pat\Downloads\avast_free_antivirus_setup_online_e0b.exe
2017-02-23 21:29 - 2017-02-23 21:29 - 00435931 _____ C:\Users\Pat\Downloads\Rousseau_contrat-social(1).pdf
2017-02-23 21:09 - 2017-02-23 21:09 - 00435931 _____ C:\Users\Pat\Downloads\Rousseau_contrat-social.pdf
2017-02-23 15:42 - 2017-02-23 15:42 - 09896461 _____ C:\Users\Pat\Downloads\Hayek - Law, Legislation And Liberty.pdf
2017-02-23 10:51 - 2017-02-23 10:51 - 00116261 _____ C:\Users\Pat\Downloads\wp74.pdf
2017-02-22 21:20 - 2017-02-22 21:20 - 00409272 _____ C:\Users\Pat\Downloads\Is_the_Party_Over_The_Decline_of_Party_Activism_an.pdf
2017-02-22 20:10 - 2017-02-22 20:10 - 00539244 _____ C:\Users\Pat\Downloads\Noel_Forum.PDF
2017-02-22 18:14 - 2017-02-22 18:14 - 00224836 _____ C:\Users\Pat\Downloads\4c06c15b-b216-49c8-a426-efc80e2fed3d.pdf
2017-02-22 18:02 - 2017-02-22 18:02 - 00456267 _____ C:\Users\Pat\Downloads\The_Decline_of_Membership_based_politics_Van_Biezen_Poguntkkhe.pdf
2017-02-22 17:43 - 2017-02-22 17:43 - 00087752 _____ C:\Users\Pat\Downloads\mairbiezen01.pdf
2017-02-22 17:13 - 2017-02-22 17:13 - 26359350 _____ C:\Users\Pat\Downloads\bernard_manin_-_the_principles_of_representative_government_1997_.pdf
2017-02-22 10:20 - 2017-02-22 10:20 - 00225610 _____ C:\Users\Pat\Downloads\Frontmatter-is_democracy_possible.pdf
2017-02-22 10:18 - 2017-02-22 10:18 - 02186026 _____ C:\Users\Pat\Downloads\Hayek, F.A. - The Constitution of Liberty.pdf
2017-02-22 10:15 - 2017-02-22 10:15 - 03005907 _____ C:\Users\Pat\Downloads\Friedrich_Hayek - The_road_to_serfdom.pdf
2017-02-21 16:05 - 2017-02-21 16:05 - 00986453 _____ C:\Users\Pat\Downloads\Paine_Rights_of_Man.pdf
2017-02-21 13:07 - 2017-02-21 13:07 - 03704672 _____ C:\Users\Pat\Desktop\CircleRoute Timetable 200 Routes 998 999.pdf
2017-02-21 13:06 - 2017-02-21 13:06 - 03704343 _____ C:\Users\Pat\Downloads\CircleRoute Timetable 200 20170129.pdf
2017-02-21 13:02 - 2017-02-21 13:02 - 01896885 _____ C:\Users\Pat\Downloads\Bus Timetable 6 20170129.pdf
2017-02-21 13:02 - 2017-02-21 13:02 - 01884142 _____ C:\Users\Pat\Desktop\Bus Timetable 6.pdf
2017-02-21 13:00 - 2017-02-21 13:00 - 01265029 _____ C:\Users\Pat\Desktop\Bus Routes 204 & 205 Timetable.pdf
2017-02-21 12:59 - 2017-02-21 12:59 - 01270802 _____ C:\Users\Pat\Downloads\Bus Timetable 1 20161009.pdf
2017-02-20 16:07 - 2017-02-20 16:07 - 00013881 _____ C:\Users\Pat\Desktop\USA trip #2 for the Piercey's.xlsx
2017-02-20 16:06 - 2017-02-20 16:07 - 00013672 _____ C:\Users\Pat\Downloads\USA trip #2 for the Piercey's.xlsx
2017-02-19 15:32 - 2017-02-19 15:32 - 00118290 _____ C:\Users\Pat\Downloads\eng.pdf
2017-02-19 15:23 - 2017-02-19 15:23 - 00085455 _____ C:\Users\Pat\Downloads\FDR_bill_of_rights_speech.pdf
2017-02-19 14:53 - 2017-02-19 14:53 - 00980921 _____ C:\Users\Pat\Downloads\us_doi.pdf
2017-02-19 14:50 - 2017-02-19 14:50 - 04488706 _____ C:\Users\Pat\Downloads\CDOC-110hdoc50.pdf
2017-02-17 18:51 - 2017-02-17 18:51 - 04156141 _____ C:\Users\Pat\Downloads\Manufacturing Consent [The Political Economy Of The Mass Media].pdf
2017-02-17 17:42 - 2017-02-17 17:42 - 00225751 _____ C:\Users\Pat\Downloads\herman.pdf
2017-02-17 17:37 - 2017-02-17 17:37 - 06056129 _____ C:\Users\Pat\Downloads\Profit Over People; Neoliberalism, Global Order 1888363894.pdf
2017-02-17 17:35 - 2017-02-17 17:35 - 01837879 _____ C:\Users\Pat\Downloads\Di-Leo-Mehan_2014_Capital-at-the-Brink.pdf
2017-02-16 14:17 - 2017-02-16 14:18 - 04839825 _____ C:\Users\Pat\Downloads\Democracy-Index-2016.pdf
2017-02-16 11:12 - 2017-02-16 11:12 - 00000000 ____D C:\Users\Pat\AppData\Roaming\OpenOffice
2017-02-16 11:11 - 2017-02-16 11:11 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-02-16 11:11 - 2017-02-16 11:11 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-02-16 11:11 - 2017-02-16 11:11 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-02-16 11:08 - 2017-02-16 11:08 - 00000000 ____D C:\Users\Pat\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-02-16 10:54 - 2017-02-16 11:07 - 140742472 _____ C:\Users\Pat\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US(1).exe
2017-02-16 10:51 - 2017-02-16 10:58 - 140742472 _____ C:\Users\Pat\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-02-16 08:58 - 2017-02-16 08:59 - 00294667 _____ C:\Users\Pat\Downloads\1-s2.0-S2212567115005067-main.pdf
2017-02-15 20:35 - 2017-02-15 20:35 - 01040477 _____ C:\Users\Pat\Downloads\Piff-et-al-2012-PNAS.pdf
2017-02-15 11:27 - 2017-02-15 11:27 - 19412247 _____ C:\Users\Pat\Desktop\Buzzfeed Trump Dossier Docs.pdf
2017-02-15 11:26 - 2017-02-15 11:26 - 19407074 _____ C:\Users\Pat\Downloads\Trump-Intelligence-Allegations.pdf
2017-02-14 10:10 - 2017-02-14 10:10 - 00910301 _____ C:\Users\Pat\Downloads\WP_47_Tahoun.pdf
2017-02-14 10:06 - 2017-02-14 10:06 - 00226079 _____ C:\Users\Pat\Downloads\87ec664d09c3bd8572_bdm6b5rqx.pdf
2017-02-14 09:57 - 2017-02-14 09:57 - 01944658 _____ C:\Users\Pat\Downloads\WP_49_Hopkins_Lazonick_August_29.pdf
2017-02-14 09:41 - 2017-02-14 09:41 - 01031833 _____ C:\Users\Pat\Downloads\WP_52-Tahoun_final.pdf
2017-02-14 09:29 - 2017-02-14 09:29 - 02708188 _____ C:\Users\Pat\Downloads\WP_48_Ferguson_et_al.pdf
2017-02-12 19:54 - 2017-02-12 19:54 - 01038437 _____ C:\Users\Pat\Downloads\pluto12.pdf
2017-02-12 19:48 - 2017-02-12 19:48 - 00165711 _____ C:\Users\Pat\Downloads\The-Rise-of-the-New-Global-Elite-Magazine-The-Atlantic.pdf
2017-02-12 19:40 - 2017-02-12 19:40 - 00198281 _____ C:\Users\Pat\Downloads\jep%2E27%2E3%2E21.pdf
2017-02-12 19:30 - 2017-02-12 19:30 - 00071335 _____ C:\Users\Pat\Downloads\krueger_cap_speech_final_remarks.pdf
2017-02-12 18:57 - 2017-02-12 18:57 - 00427252 _____ C:\Users\Pat\Downloads\Nathalie Giger_Presentation.pdf
2017-02-12 18:40 - 2017-02-12 18:40 - 03828709 _____ C:\Users\Pat\Downloads\Barabas_DemDenom_March2015.pdf
2017-02-12 18:35 - 2017-02-12 18:35 - 00842148 _____ C:\Users\Pat\Downloads\milanovic20160509ppt.pdf
2017-02-12 18:15 - 2017-02-12 18:15 - 00157113 _____ C:\Users\Pat\Downloads\20130218_plutocracy_in_america.pdf
2017-02-12 18:08 - 2017-02-12 18:08 - 01817681 _____ C:\Users\Pat\Downloads\when-do-the-rich-win.pdf
2017-02-12 17:57 - 2017-02-12 17:57 - 01625241 _____ C:\Users\Pat\Downloads\Enns.2015.RelativePolicySupport.pdf
2017-02-12 17:54 - 2017-02-12 17:54 - 00856489 _____ C:\Users\Pat\Downloads\howrichrule.pdf
2017-02-12 17:31 - 2017-02-12 17:31 - 03083538 _____ C:\Users\Pat\Downloads\StackedDeck_1.pdf
2017-02-12 17:14 - 2017-02-12 17:14 - 01034658 _____ C:\Users\Pat\Downloads\217730505550.pdf
2017-02-12 17:03 - 2017-02-12 17:03 - 01205225 _____ C:\Users\Pat\Downloads\dp7520.pdf
2017-02-12 17:00 - 2017-02-12 17:00 - 01301420 _____ C:\Users\Pat\Downloads\OECD2013-Inequality-and-Poverty-8p.pdf
2017-02-12 16:51 - 2017-02-12 16:51 - 00370953 _____ C:\Users\Pat\Downloads\2. Henrik Braconier_Policies for a shifting world_31_Jan_2014.pdf
2017-02-12 16:40 - 2017-02-12 16:40 - 01273127 _____ C:\Users\Pat\Downloads\10.1.1.411.8463.pdf
2017-02-12 16:28 - 2017-02-12 16:28 - 02049970 _____ C:\Users\Pat\Downloads\stiglitz_the_price_of_inequality.pdf
2017-02-12 14:49 - 2017-02-12 14:49 - 00402707 _____ C:\Users\Pat\Downloads\berg.pdf
2017-02-11 17:52 - 2017-02-11 17:52 - 01287846 _____ C:\Users\Pat\Downloads\5k9h2975rhhf-en.pdf
2017-02-11 17:50 - 2017-02-11 17:50 - 01231696 _____ C:\Users\Pat\Downloads\Inequality-in-G20-Countries-Causes-Impacts-and-Policy-Responses.pdf
2017-02-11 16:35 - 2017-02-11 16:35 - 00437126 _____ C:\Users\Pat\Downloads\the_future_of_inequality.pdf
2017-02-11 16:29 - 2017-02-11 16:29 - 01414692 _____ C:\Users\Pat\Downloads\s2freeman.pdf
2017-02-11 16:24 - 2017-02-11 16:25 - 03213275 _____ C:\Users\Pat\Downloads\5jz43jhlz87f-en.pdf
2017-02-11 16:13 - 2017-02-11 16:13 - 01272992 _____ C:\Users\Pat\Downloads\5js04v5wjw9p-en.pdf
2017-02-11 16:10 - 2017-02-11 16:10 - 03544468 _____ C:\Users\Pat\Downloads\5js06pbhf28s-en.pdf
2017-02-11 16:07 - 2017-02-11 16:07 - 00344579 _____ C:\Users\Pat\Downloads\work490.pdf
2017-02-11 15:26 - 2017-02-11 15:27 - 02522845 _____ C:\Users\Pat\Downloads\5k9h297wxbnr-en.pdf
2017-02-11 15:24 - 2017-02-11 15:24 - 00322962 _____ C:\Users\Pat\Downloads\picture.pdf
2017-02-11 15:10 - 2017-02-11 15:10 - 10064687 _____ C:\Users\Pat\Downloads\3013081e.pdf
2017-02-11 14:41 - 2017-02-11 14:41 - 03690078 _____ C:\Users\Pat\Downloads\csri-returns-yearbook-2016.pdf
2017-02-11 14:27 - 2017-02-11 14:27 - 05346798 _____ C:\Users\Pat\Downloads\global-wealth-databook-2016.pdf
2017-02-11 14:16 - 2017-02-11 14:16 - 04954396 _____ C:\Users\Pat\Downloads\csri-global-wealth-report-2016-en.pdf
2017-02-11 14:13 - 2017-02-11 14:13 - 04069119 _____ C:\Users\Pat\Downloads\credit-suisse-global-wealth-report-2014.pdf
2017-02-11 12:30 - 2017-02-11 13:22 - 522047862 _____ C:\Users\Pat\Downloads\InstallOpenGeneral.exe
2017-02-09 14:38 - 2017-02-09 14:38 - 00942595 _____ C:\Users\Pat\Downloads\5jz2bxc80xq6-en.pdf
2017-02-09 13:19 - 2017-02-09 13:19 - 06984138 _____ C:\Users\Pat\Downloads\GrowingUnequal_OECD.pdf
2017-02-09 12:38 - 2017-02-09 12:38 - 04781246 _____ C:\Users\Pat\Downloads\dividedwestand2011.pdf
2017-02-09 12:30 - 2017-02-09 12:30 - 00386509 _____ C:\Users\Pat\Downloads\49417295.pdf
2017-02-09 12:29 - 2017-02-09 12:29 - 06975227 _____ C:\Users\Pat\Downloads\9613031e.pdf
2017-02-09 12:27 - 2017-02-09 12:27 - 03730732 _____ C:\Users\Pat\Downloads\8113161e.pdf
2017-02-09 11:56 - 2017-02-09 11:56 - 06013350 _____ C:\Users\Pat\Downloads\3013071e.pdf
2017-02-09 11:52 - 2017-02-09 11:52 - 08280118 _____ C:\Users\Pat\Downloads\hows life 2015.pdf
2017-02-09 11:47 - 2017-02-09 11:47 - 00750316 _____ C:\Users\Pat\Downloads\OECD2014-FocusOnTopIncomes.pdf
2017-02-09 11:42 - 2017-02-09 11:42 - 03363024 _____ C:\Users\Pat\Downloads\8113171e.pdf
2017-02-09 11:35 - 2017-02-09 11:35 - 05124853 _____ C:\Users\Pat\Downloads\in-it-together.pdf
2017-02-09 11:32 - 2017-02-09 11:32 - 01791423 _____ C:\Users\Pat\Downloads\OECD2015-In-It-Together-Chapter1-Overview-Inequality.pdf
2017-02-07 12:21 - 2017-02-07 12:21 - 00619960 _____ C:\Users\Pat\Downloads\Blume Durlauf - Capital Review.pdf
2017-02-07 12:11 - 2017-02-07 12:11 - 00196197 _____ C:\Users\Pat\Downloads\834-Rising-inequality-in-Australia.pdf
2017-02-07 12:08 - 2017-02-07 12:09 - 00282427 _____ C:\Users\Pat\Downloads\Defeating_Piketty’s_Charge_Nov25_2014.pdf
2017-02-07 10:17 - 2017-02-07 10:17 - 00744201 _____ C:\Users\Pat\Downloads\jep%2E29%2E1%2E67.pdf
2017-02-06 17:22 - 2017-02-06 17:22 - 00686414 _____ C:\Users\Pat\Downloads\piketty1.pdf
2017-02-02 08:19 - 2017-02-02 08:19 - 03238670 _____ C:\Users\Pat\Downloads\PikettyZucman2015HID.pdf
2017-02-01 21:56 - 2017-02-01 21:57 - 00199170 _____ C:\Users\Pat\Downloads\20170201130355134.pdf
2017-01-31 19:29 - 2017-01-31 19:29 - 00686694 _____ C:\Users\Pat\Downloads\0305829814557345.pdf
2017-01-31 18:55 - 2017-01-31 18:55 - 01905585 _____ C:\Users\Pat\Downloads\FT23052014c.pdf
2017-01-31 18:55 - 2017-01-31 18:55 - 01905585 _____ C:\Users\Pat\Downloads\FT23052014c(1).pdf
2017-01-31 17:58 - 2017-01-31 17:59 - 00063616 _____ C:\Users\Pat\Downloads\Piketty2014TechnicalAppendixResponsetoFT.pdf
2017-01-31 10:31 - 2017-01-31 10:31 - 00000000 ____D C:\ProgramData\AMD
2017-01-30 12:02 - 2017-01-30 12:02 - 00069238 _____ C:\Users\Pat\Downloads\20170130100041.pdf
2017-01-29 10:51 - 2017-01-29 10:51 - 01109218 _____ C:\Users\Pat\Downloads\wp16160.pdf
2017-01-28 16:01 - 2017-01-28 16:01 - 00216561 _____ C:\Users\Pat\Downloads\ib-data-wealth-having-all-wanting-more-190115-en.xlsx
2017-01-28 16:00 - 2017-01-28 16:00 - 00254161 _____ C:\Users\Pat\Downloads\ib-wealth-having-all-wanting-more-190115-en.pdf
2017-01-28 15:55 - 2017-01-28 15:56 - 01984408 _____ C:\Users\Pat\Downloads\0115391e.pdf
2017-01-28 14:41 - 2017-01-28 14:41 - 00720153 _____ C:\Users\Pat\Downloads\wp14225.pdf
2017-01-28 11:01 - 2017-01-28 11:01 - 00753180 _____ C:\Users\Pat\Downloads\Form-Request-for-Qualification-Advice.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 12:31 - 2017-01-19 01:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 12:31 - 2016-09-20 09:41 - 00676720 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2017-02-25 12:30 - 2017-01-19 00:59 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-25 12:30 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 12:14 - 2016-07-16 19:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-25 11:46 - 2017-01-19 00:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 11:37 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 11:37 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-24 11:43 - 2017-01-19 01:03 - 00000000 ____D C:\Users\Pat
2017-02-24 11:42 - 2017-01-01 01:25 - 00000000 ____D C:\Users\Pat\AppData\LocalLow\Mozilla
2017-02-24 11:21 - 2015-10-30 14:28 - 00000000 ____D C:\Users\Default.migrated
2017-02-24 10:40 - 2016-07-16 14:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-02-24 10:39 - 2017-01-16 17:49 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPat.job
2017-02-23 22:05 - 2017-01-01 00:50 - 00000000 ____D C:\Users\Pat\AppData\Local\Packages
2017-02-23 17:28 - 2017-01-01 12:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 17:26 - 2017-01-01 12:29 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 17:56 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 09:09 - 2017-01-01 14:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-20 17:24 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-20 17:13 - 2017-01-19 01:23 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPat
2017-02-18 14:28 - 2017-01-19 00:55 - 00370888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-16 11:09 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-15 11:23 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-07 03:48 - 2016-07-16 19:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 03:48 - 2016-07-16 19:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-01 22:45 - 2017-01-01 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-01 22:45 - 2017-01-01 01:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-26 11:17 - 2016-09-20 09:37 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-26 11:13 - 2016-04-16 02:57 - 00000000 ____D C:\SWSetup
2017-01-26 11:12 - 2016-09-20 09:43 - 00000000 ____D C:\WINDOWS\HP
2017-01-26 11:11 - 2017-01-19 01:02 - 01034452 _____ C:\WINDOWS\system32\PerfStringBackup.INI

Some files in TEMP:
====================
2017-02-04 12:06 - 2017-02-04 12:06 - 0244264 _____ (McAfee, Inc.) C:\Users\Pat\AppData\Local\Temp\McCSPInstall.dll
2017-02-24 11:23 - 2017-02-04 12:07 - 0209688 _____ (McAfee Inc.) C:\Users\Pat\AppData\Local\Temp\mccspuninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 08:12

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition_25-02-2017 12.47.47.txt (37.6 KB, 16 views)
amanogawa is offline  
Sponsored Links
Advertisement
 
Old 02-25-2017, 03:28 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Amanogawa. You're welcome. Not seeing anything malicious here.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
    FirewallRules: [{2A4FEE4F-C27E-4E8B-80DF-0DC0D5638F50}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    U1 aswbdisk; no ImagePath
    S3 mfeplk; system32\drivers\mfeplk.sys [X]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-25-2017, 07:03 PM   #5
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 10



Hi Chemist,

Have followed your instructions and the fixlog.txt is included.

Thanks again,

Amanogawa

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Pat (26-02-2017 10:53:32) Run:1
Running from C:\Users\Pat\Desktop
Loaded Profiles: Pat (Available Profiles: Pat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FirewallRules: [{2A4FEE4F-C27E-4E8B-80DF-0DC0D5638F50}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
U1 aswbdisk; no ImagePath
S3 mfeplk; system32\drivers\mfeplk.sys [X]
EmptyTemp:
end
*****************

Restore point was successfully created.
HKCR\PROTOCOLS\Filter\application/x-mfe-ipt => key not found.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A4FEE4F-C27E-4E8B-80DF-0DC0D5638F50} => value removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcapexe => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeplk => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => key removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\mfeplk => key removed successfully
mfeplk => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 569801 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20218255 B
Java, Flash, Steam htmlcache => 1150 B
Windows/system/drivers => 82295177 B
Edge => 216011086 B
Chrome => 10563790 B
Firefox => 373279855 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 96836 B
systemprofile32 => 0 B
LocalService => 24554 B
NetworkService => 0 B
Pat => 261679062 B

RecycleBin => 1910972833 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-02-2017 10:58:29)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

==== End of Fixlog 10:58:29 ====
amanogawa is offline  
Old 02-26-2017, 08:51 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Amanogawa. You're very welcome.

How is the machine behaving? Are you still getting redirects in Firefox?

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste Windows Registry Editor Version 5.00):

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
@="Service"
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware 3.0
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the Reports tab
  • Double-click on the Scan Report which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
----------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-26-2017, 09:41 PM   #7
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 10



Hi Chemist,

Thanks for all your help. Looks like the computer is clean. I've had no redirect when using Mozilla Firefox - went out to web fine. Computer seems to be working well in all respects.

Attached is the MBAM scan log; I don't have an ESET scan log as no threats were detected in the 211,454 files scanned (2:11:00 to complete).

It seems we're done - other than need to turn Avast auto-detect back on. Is there anything else I need to do? If not, you again have my very sincere thanks and appreciation; I'm very pleased I used Tech Support Forum.

Patrick (Amanogawa)
Attached Files
File Type: txt MBAM 27 Feb ScanRpt.txt (1.1 KB, 18 views)
amanogawa is offline  
Old 03-04-2017, 06:05 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Patrick. You're very welcome.

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
adnxs redirect in AOL
I am having trouble with an “adnxs” redirect hijacker. The problem occurred while reading mail in AOL 9.7. After opening the first email, (timing varies) I start getting a popup with continuously adding small advertisements within the popup. I can close the popup but it comes back. Basically I...
grasslandman Resolved HJT Threads 14 01-19-2015 05:32 PM
WINDOWS XP - combination of IE popup when IE isn't open and FireFox redirect on searc
Problems: 1) Firefox search redirects over and over 2) internet explorer (when not even open), creates little popup windows taking me to random sites. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13 Run by Pinny at 14:51:30 on 2012-01-01...
PinJo Inactive Malware Help Topics 43 01-21-2012 10:39 AM
WINDOWS XP - combination of IE popup when IE isn't open and FireFox redirect on searc
Hi, IE seems to keep opening popups even when it's closed, and firefox keeps redirecting my search. Overall, the computer seems MUCH slower. Here is my HIJACKTHIS log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:23:24 AM, on 12/29/2011 Platform: Windows XP SP3 (WinNT...
PinJo Resolved HJT Threads 1 12-29-2011 08:05 AM
my computer has blue screen, google redirect, popup, and missing c drive
My c drive is missing from my disk management. I cant complete advast or malewarebyte scan because the computer restarts before it completes. i want to update to windows 7 but the drive does not exist outside of my computer as far as i can see.
ineedalotofhelp Inactive Malware Help Topics 0 06-16-2011 04:58 PM
Redirect and popup problems
I have a Dell laptop running Windows XP. Norton is my antivirus. I continually have popup and redirection problems, primarily from Firefox but less frequently from Internet Explorer. Any google search results that I click on causes a redirect. DDS (Ver_10-03-17.01) - NTFSx86 Run by Frank...
dont_float Resolved HJT Threads 16 04-07-2011 05:07 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:41 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts